We live in a never-ending game of cat and mouse pitting security professionals and information technology administrators against bad actors out to steal money, corporate secrets, and personal identifiable information (PII). Methods used by bad actors have evolved over the years as security measures have been put in place. 2016 saw a continued rise in phishing and ransomware attacks. If bad actors can find a way to profit from these tactics, 2017 will continue with this trend and introduce newer threats.
The use of ransomware exploded in 2016. According to Trend Micro’s A Record Year for Enterprise Threats report, there was a 752% increase in ransomware families (types/variations). This is mostly attributed to the rise and successes of open source ransomware code and RaaS (Ransomware as a Service – where malware creators lend malicious code to individuals to spread the infections and in turn take a cut in any profits obtained). Wombat Technologies State of the Phish report identified that only 34% of people surveyed in the United States knew what ransomware was. The same report showed that 34% of surveyed organizations admitted they had experienced a ransomware infection. The January 2017 Beazley Breach Insights and McAfee Labs 2017 Threats Predictions project that ransomware cases will continue to be a significant threat in 2017.
While phishing remains a threat, according to the Wombat Technologies State of the Phish report, it is not growing as quickly and appears to be evolving, using fewer brands for the emails as well as creating fewer phishing URLs. This appears to be attributed to an increase in awareness of phishing tactics by end users. Corporate emails (fake full mailbox notifications, invoices, etc.) still lead the way as the most successful phishing emails.
Still a top avenue for ransomware and phishing, personal email may become a greater threat to the corporate environment due to the continued and, in some cases, increased use of personal email from company-owned devices. In a survey by Wombat Technologies, 50% of U.S. respondents admitted that they check personal email from work computers, while 49% confirmed that they check their work email from a personal mobile phone. Companies must educate their employees and prohibit personal emails from company computers or deny access to personal email sites altogether. Proper security controls and policies should be enforced on smartphones, such as the use of software that will separate personal from company information, passcode and lock requirements, the ability to wipe the devices remotely, and lost or stolen reporting requirements by the device owner to appropriate personnel should the device become lost or stolen.
Other sources of cyber threats will remain much the same. Vulnerability-based attacks will continue at much the same pace for products such as Adobe Flash, Microsoft Internet Explorer and Edge, Java, PDF, Microsoft Office, and Windows Kernel, with Adobe Flash continuing to lead the way. There may be an increase in vulnerability exploits from legacy software (i.e., GHOST and BadTunnel) and virtualization software. Another avenue that is expected to increase is infrastructure software flaws, such as OpenSSL, Glbic, and Linux. Read more on these predicted threats in the McAfee Labs 2017 Threats Predictions report, November 2016.
Increased threats of malware on Internet of Things (IoT) devices are expected. While a vast majority of these devices are used by consumers, there are products such as cameras and thermostats that may work their way into corporate environments. Shared software libraries used across industries to rush these products to market have led to software that is laden with vulnerabilities and, in many cases, embedded malicious code. This code was recently used to create a botnet that performed distributed denial of service attacks against root Internet DNS servers, causing severe slowdowns and outages on the east coast of the United States in October 2016. Although this type of attack may not affect a specific company or smaller institution in general, the code could be used for other nefarious deeds such as spying on the networks on which they are attached. Companies should be cautious when using such devices, segmenting them from the main network and ensuring updates are applied very soon after release.
As you can see, the cyber cat and mouse game continues. Many trends will continue their rise, some will remain the same, and there is always the threat of something new and unforeseen out there as bad actors continue to alter the game in their favor. We must remain persistent in our insistence for tighter security controls, continue to educate end users to help prevent malicious activities, and keep an eye on what future threats may be out there.