Today’s relatively open and interoperable global digital infrastructure is being challenged in the form of cyber attacks, ranging from petty malware to advanced persistent threats. As technology advances, the cyber attack surface will only expand. Let’s see how its panning out today:
- Expert skillset is not a requirement anymore – The technical skill required to commit cyberattacks continues to decrease. Malware and services such as DDoS (distributed denial of service) are easily acquired on the dark web which means the number of individuals capable of launching basic cyberattacks is increasing. Using ‘off the shelf’ malwares and ready to use services, these days technical expertise is bought, not learned. The specialist skills required to accomplish them are being offered as-a-service and consequently becoming available for sale in the wider cybercriminal community.
- Scale and boldness is increasing – The past year has been punctuated by cyber attacks on a scale and boldness not seen before. Recently we saw, the largest recorded cyber heist, the largest DDoS attack and the biggest data breach ever being revealed. Spread of WannCry and Petya displays the massive scale, the attacks on the Bangladesh Bank, Democratic National Party and Ukrainian energy infrastructure, also demonstrated the boldness with which threat actors can operate.
- Cyber extortion has increased – Cybercrime is becoming more aggressive and confrontational, with an increase in the use of extortion, whether it is through DDoS attacks, ransomware or data extortion. Ransomware remains the most common cyber extortion method.
- The ‘Internet of Things’ botnets are growing – We saw the rise of botnets exploiting security flaws in internet-connected webcams, CCTV, digital video recorders (DVRs), smart meters and routers. The threat comes from internet-connected devices, part of the ‘Internet of Things’ (IoT), that are vulnerable to remote code execution or remote takeover. Many connected devices have been shipped with less secure software and default passwords. Insecure connected devices can easily be recruited into a botnet which can then be used to mount DDoS attacks on an overwhelmingly large scale. The Mirai botnet is the most notorious example of this.
- Financial trojans have become more targeted and less visible – One important example of this is the group behind the banking trojan Dridex. The new version of Dridex appears to target the back-office infrastructure of financial companies, with potential targets including a range of payment systems. The volumes of spam in this campaign were much lower than previous Dridex campaigns, suggesting a move towards a more targeted approach. Additionally, other financial trojans have started to come back into prominence.
- The mobile threat is growing – Mobile malware continues to increase in both volume and sophistication. It is more likely that mobile attacks will form part of the attack chain to target consumers and organisations. Malicious apps are increasingly also requesting elevated permissions. Fake apps mimic a brand or organisation to trick users into downloading them and entering credentials which are then stolen. SMS phishing, or SMishing, is often more effective than traditional PC phishing campaigns due to lack of awareness and implicit trust in the personal nature of SMS messages.
- Social media as an attack vector – Malicious actors have followed their victims onto social media, exploiting the environment of trust and familiarity that these sites facilitate. With abuse of trust being the primary mechanism, it is more likely that people could click on links from social media connections, which presents the same risks as opening links in phishing emails. Social media accounts can also be used as command and control (C2) infrastructure.
- The most commonly exploited vulnerabilities could have been patched – The most commonly exploited vulnerabilities in recent past were well known and failing to patch legacy systems is leaving many organisations unnecessarily vulnerable. The range of vulnerabilities being exploited is also increasing as a result of bad security practices in connected devices. Deploying a technology is not sufficient, companies need to work on their process too. The hygiene needs to be maintained on all endpoints and regular audit needs to be done for the assessment of its effectiveness.
By:- Aman Chhikara