By Richard White, PhD
Cybercrime has grown to be a critical aspect of strategic and political power in the 21st century. While using the digital space is crucial to being competitive in today’s business world, this exposes all data – including that of government and commercial businesses worldwide – to increasingly sophisticated cyber attacks.
If word of a business suffering a cyber breach is on the news, it can have a devastating effect on the reputation of that business. Furthermore, cyber weapons and their capabilities are becoming a primary show of force in military operations. While this may seem arbitrary to the point of this article, it is these very cyber weapons that are being used against many ill-prepared and unaware small- to medium-sized businesses, often with catastrophic consequences.
As we continue through 2018, it is critical to be aware of the evolving cyber risk environment to protect our most valuable assets. These assets can be customer and corporate information, employee information, and the associated systems used to process, store, or transport the information.
The evolution of cyber crime
To anticipate the growing cyber risks in 2018, it is necessary to analyze the evolution of cybercrime and study its evolving capabilities. Some cyber risks will likely continue from 2017 into 2018, affecting most commercial entities, as well as the United States government and some additional public-sector organizations.
Most cyber professionals, including this author, predict the cyber risks to be aware of for 2018 are: (1) the increasing sophistication in destructive ransomware attacks; (2) increased utilization of Artificial Intelligence (AI) to probe and breach commercial business perimeters; (3) the use of social media as a cyber reconnaissance vector increasing the likelihood that a cyber attack will be successful; and (4) the expanding footprint of denial-of-service attacks. All are made possible due to the impacts on vulnerable Internet of Things (IoT) devices.
Ransomware’s destructive capabilities
Ransomware proved to be a lucrative service providing financial support and a wide range of targets around the world to cyber criminals. This malware and its usage will likely continue to evolve in destructive capabilities within the next two to three years.
Although ransomware has been around since at least 1989, the enhancement of worm-like capabilities allowed ransomware to be an emerging threat in the 21st century. Examples of destructive ransomware include WannaCry and NotPetya each of which gained media prominence for their ability to cost individual victims millions of dollars.
In 2018, ransomware sophistication, and ransomware-as-a-service (RaaS) will rapidly spread beyond computers, adding smart phones, tablets, and other smart devices to its growing target list. What is RaaS? Good question! Think of RaaS as similar to other services that can be purchased (e.g., janitorial, construction, accounting, etc.), only this service is the cyber equivalent of a military mercenary.
To evoke a RaaS service the cyber criminal would reach out to a broker who then farms out the RaaS request based on complexity, risk, cost of target, and payment to the most qualified hacker. The broker will then take payment from the entity wishing to benefit from the RaaS and the hacker as a service fee. The broker then pays out the hacker upon successful delivery of expected results.
Distributed Denial of Service attacks
In 2018, distributed denial-of-service (DDoS) attacks prove to be a “tried-and-true” method to gain access to private and sensitive data. Furthermore, DDoS will likely continue be the go-to method to spread malware to botnet devices. Cybercriminals leverage DDoS attacks to stress networks and security systems to identify vulnerabilities for further exploitation. According to many credible research studies DDoS attacks are up 91% Q1 2018 over Q1 2017.
Internet of Things devices and cyber attacks
The vulnerabilities in IoT will likely continue to be a growing risk for at least the next two to three years. In 2020, estimates are that at least 29 to 50 billion devices will be Internet-connected. The majority will have limited to no security measures installed, a major risk if not immediately remediated.
These vulnerabilities only expand the potential footprint and provide substantial opportunities to spread malware (i.e., DDoS, ransomware, viruses, etc.) to other devices, gather sensitive information, and turn these devices into botnets. The need for improved defensive measures to accurately identify and counter cyberattacks will prove useful for the public- and private-sector in the short-term.
Artificial Intelligence as a cybercrime weapon
Artificial Intelligence barriers (cost and scale) have dwindled recently, which allows the technology to be weaponized by bad actors. Digital security firm ZeroFOX, has tracked spearphishing social media networks – a type of cyber attack in which one receives a message from a familiar contact directing the receiver to open a link. ZeroFOX is a commercial company specializing in defensive cyber products and provides insight regarding the parallel between spearphishing and the utilization social media attacks supported by Artificial Intelligence.
SNAP-R, Social Network Automated Phishing with Reconnaissance, is an example of an Artificial Intelligence powered malware / botnet (Robotic Network). This cyber hacking tool profiles a specific user, simultaneously reviewing large data sets to customize the attack for that specific user and identifies the best time to exploit the legitimate user.
This customized spam is more dangerous than spam delivered by email as the content is customized for a specific person. The global attack surface of the major social media outlets is immense, with nearly 3 billion accounts. Artificial Intelligence-backed exploits is poised to rise in 2018.
Social media accounts targeted in these attacks are most likely personal accounts utilized on personally-owned mobile or PC devices. These accounts are often accessed from business systems. Profiling these accounts does not require significant resources. Lists of friend and associates can assembled and utilized by the cybercriminal fairly easily.
With slightly more level of effort IP addresses can reveal locations the end-point system was able to access through the social media site. From there, you can identify known business associates that also accessed social media sites from a similar location. Though the co-workers may not be friends or followers on social media accounts, they can be linked by association and ultimately hacked or forced to unknowingly participate in a cyber-attack against those associations.
In conclusion, cyber will continue to be an important piece in strategic and political power for the future. Cyber weapons and capabilities will be the primary show of force in military operations, but just as dangerous in the commercial marketspaces is the silent weapon of cyber attacks.
What does it mean and what should YOU do? Speak with a trusted cyber partner about where your risks are and what steps are required to mitigate your risk to a level that makes sense to you.
Seek guidance about the threats that are focused within your industry vertical. It is wise to know your enemy, if for no other reason than to ensure that your security plan and infrastructure are ready and able to withstand the types of attacks expected based on a detailed understanding of the threats.
Backup. Backup. BACKUP! Ensure that you have an adequate backup solution and more importantly ensure that it is tested. The generally accepted industry standard for testing is 10 percent of your data volume every 6 months; however, I recommend 10 -15 percent per quarter. The time to troubleshoot a backup issue is not during a critical noncontrolled situation – troubleshooting during these times is nearly 100 percent ineffective.
Monitor your network and know who is accessing your data, how they are using it, and where they are accessing it from. The amount of insight you can gain from monitoring your enterprise is invaluable. Monitoring helps business owners and decision makers be proactive rather than reactive to cyber threats.
Ensure that your policies and procedures are updated and test your employees on their usage. Having a workforce that is familiar with the proper and complete operations prior to any security incident is key to the overall containment and threat mitigation efforts, which immediately equates to significant dollars saved.
Training your workforce is instrumental to your success. All studies indicate that a well-trained workforce equates to less downtime, more accurate and timely cyber responses, better brand and reputation protection, and an overall cost savings and return of investment.
Richard White, PhD is the founder and CEO of Warp2Security and the author of Cybercrime: The Madness Behind the Methods. He is a recognized industry expert in the fields of cybersecurity infrastructure, cybersecurity remediation, and cybersecurity program development. With over 25 years of experience in systems design, security technology implementation and security policy development and enforcement, Dr. White has developed innovative and affordable approaches for the rapid deployment of cyber threat detection and remediation technologies. He can be reached at rwhite@olg.com or www.warp2security.com
11 Comments
Pat Flesher
Excellent article from one of the Cybersecurity leading experts. The threat is out there and it’s time all of us were prepared and this article provides some insight into current and emerging threats.
Lisa Morrow
Excellent article ! Cybersecurity expert…
SDavis
Timely article and something my organization is looking to invest in this coming year. We must ensure client data is adequately protected.
serge saa-lapnet
An excellent and very informative article, a great synthesis of current cyber threats and mitigation strategies from a practical perspective. Interesting references to expand on for a cybersecurity professional.
Pam Austrich
Very timely and insight look at cyber crime. Ransomeware took down the government of Atlanta just last week. Backups will save your company!
Frenshesca Donahue
Very informative article that goes into great detail on emerging threats and mitigation strategies.
Mary
Interesting article, and informative. The threats that you named are true, and I agree. These attacks will continue to grow and become more sophisticated. Cyber-security should be a high priority for any size company. Great Job Dr.
Jonathan Anderson
As cyber threats persist, gaining momentum and sophistication through use of AI and bots under a “fail fast” culture of innovation, individuals and companies must increase their security posture – in many instances as required by law and/or regulatory mandate (GDPR, NY-Cybersecurity). Threats to consumers are leading to increased regulation and growing market pressure to secure digital devices and platforms. Without active engagement to develop sound policies, configure appropriate tools, implement comprehensive monitoring, educate employee base and audit for application and infrastructure vulnerabilities, companies today will be pushed out of digital markets (including social media advertising) or crushed by regulatory fines and reputational damage. Rapidly evolving threats require a combination of in-house talent and qualified third-party support from top-tier security professionals, such as Warp2Security.
Great article highlighting what should be obvious to all of us but is too often neglected by business mangers and leaders.
Steve Davis
Amazing insights from one of the preeminent cybersecurity experts of our time. Dr. White provides a list of very real and very probabilistic threats and we would all be wise to listen to his sage guidance on how to protect ourselves against the risk those threats pose to our organizations (and ourselves)!
Reagan
Thank you for the overview of what cybersecurity attacks I need to be looking out for as I move forward through the year. It is interesting to think about the malicious applications AI can have with regards to cybercrime; it is not something I would have been aware of.
Diana Logan
Very informative article. One interesting attack method is using cyber reconnaissance through social media. The recent story on Cambridge Analytica speaks volumes on what social media data can do for attackers. I don’t see these types of attacks stopping at Facebook.