By Richard White, PhD
- Increased difficulty in advanced persistent threat (APT) attribution – With APT attacks increasing and bad-actors choosing to keep older campaigns alive while simultaneously searching for new exploitable weaknesses and more sophisticated techniques, it will prove more difficult to attribute specific actions to specific hackers or hacking groups. This will cause solutions to be delivered more slowly due to the increased complexity of related threat intelligence sharing and the increased difficulty with attribution.
- Ransom wear persists – Count on ransomware to continue to plague large and small businesses alike. The ransomware paradigm has proven highly successful and extremely profitable for the bad actors. Given this success it is an easy bet that we have not seen the last of these types of attacks.
- New hook same line – Phishing will continue simply because it is a tried and true technique for luring (duping) the good guys into clicking on or downloading packages that provide a range of services to the bad actor. A brief example of these services could be credential theft, key stroke logger, remote control, back doors, etc.
- Attacks targeting industries – Yes, we can look forward to attacks against entire industries. Very similar to watering hole or NotPetys, which were both easy to deploy, presented very little risk to the bad guys, and were extremely successful regarding their evil objective. Due to the above attributes associated with these types of attacks it is highly probable that we will see similar attacks across 2019. These attacks may take to form of a commonly used website, specific to an industry, containing malicious code or a public repository being injected with bad code targeting software libraries used within or common to a specific industry.
- A now for something completely new: Distributed Denial of Service (DDoS) via Internet of Things — We are starting a new love affair with IoT. We like wearing, seeing, using, holding, anything “ing” IoT – Guiltily as charged. The world of IoT has exploded and we can find these devices virtually everywhere. The unique services they provide, and their ease of use, is a credit to their popularity. But alas the popularity of IoT coupled with their inability to host any type of security or antimalware means a bonanza of exploitable devices that can be used by our cyber adversaries. Expect to see an increase in DDoS attacks fueled by the explosion of the IoT craze.
What should auto dealerships be concerned about?
Auto dealerships need to evaluate what variety of hacker is attracted to their business (a thorough and complete risk analysis works great here). For example, hackers that are driven by ego do not care about the “pay off.” Successfully hacking your dealership is the payment.
Another example is the hacker that is seeking profit and means to breach your perimeter, steal your valuable data and monetize it in the underground. This is more problematic, though less common, than the ego-driven hack. Though they differ in intensity and intent, protecting yourself against different kinds of hackers takes a similar systematic approach.
Begin by assessing the nature of the business and how transactions are conducted. Do you rely on the continued storage of customer data, financial data, or corporate data to run your business? All have various protective elements that should be in place.
The conventional wisdom to defend against hackers is known as defense in depth. Firewalls at the perimeter, anti-malware installed on hosts and servers, encrypting traffic across local and wide area networks, deploying intrusion detection appliances, use of two-factor authentication, are all part of this solution.
However, defense in depth is designed to mitigate an attack, not prevent it entirely. For this reason alone, having the proper backups, authentication, and security controls in place prior to an attack with helps to keep even successful hacks from becoming catastrophic and prolonged.
I recommend that dealerships develop a plan to detect and correct these events in near real-time. By using the term “correct” I mean to mitigate, eradicate, and recover from a breach. Additionally, I recommend using a 4th generation security information and event management (SIEM) tool to help provide real time notification of cyber-attacks.
Richard D. White is an Adjunct Professor at the University of Maryland University College where he is the Course Chair of Cybersecurity Information Assurance. He can be reached at firstname.lastname@example.org.