For enterprises, cyber criminals are poised to deliver an unholy horde of new or more intense cybersecurity threats than in previous years. Some cybersecurity threats, like file less attacks, have increased in frequency while others, like ransomware, have faded. Meanwhile, hijacking an enterprise’s computing resources for covertly mining CPU-intensive cryptocurrencies like Bitcoin is emerging as a financially lucrative avenue of attack.
Here are five particularly troublesome threats that are new and/or significantly growing in popularity among cybercriminals; nation-states like China, Iran, North Korea, and Russia; and other bad actors.
Are you ready for some extortion?
One certainty this year is the European Union’s (EU’s) General Data Protection Regulation (GDPR), for which enforcement goes into effect on May 25. The GDPR requires companies to protect the personal data and privacy of EU citizens. It also regulates the export of personal data of EU citizens outside the EU.
Security experts expect many companies will not meet the GDPR requirements by the enforcement deadline. Not only will noncompliant companies be vulnerable to large fines by the EU, but security companies such as FireEye and Trend Micro expect that cybercriminals will target noncompliant companies with ransomware and extortion campaigns that capitalize on these companies’ fear of EU penalties or of unseemly public exposure that will cause extensive brand damage.
Good bye ransomware, hello crypto-mining!
Ransomware still grabs a lot of media attention, and it has the capacity to at least temporarily paralyze an organization — a case in point is the April 2017 ransomware attack that took a New York medical center more than three months and $10 million to fully recover from — but it’s fading in popularity, largely because it’s not as profitable anymore. As Symantec noted in its 2017 Annual Threat Report, the average ransomware demand dropped to $522 last year, less than half the average of 2016. Moreover, the number of ransomware families has decreased, which is an indication that cybercriminals have shifted their moneymaking efforts elsewhere.
For many cybercriminals, that elsewhere is crypto-mining. Cybercriminals are hijacking computers, mobile phones, and other internet-connected devices and then using these machines’ processing power to mine Bitcoin and other cryptocurrencies, an activity that requires heavy-duty amounts of CPU. For enterprises, this hidden crypto-mining means they are losing computing power, networks are vulnerable to unexpected shutdown, and electrical bills are skyrocketing.
The dawn of fileless attacks
One new breed of cyber-assaults is fileless attacks, which are also known as non-malware attacks or zero-footprint attacks. These attacks don’t install new software files on a computer, but instead take up residence in a computing device’s memory. As a result, fileless attacks are not likely to be detected by antivirus software or whitelisting.
The Ponemon Institute notes that 77 percent of compromised attacks last year involved fileless exploits or techniques. Also, Ponemon estimates that fileless attacks are almost 10 times more likely to succeed than file-based attacks.
Fileless attacks have traditionally been used by sophisticated nation-states, but the recent commercial development of easy-to-use toolkits for fileless attacks means cybercriminals and other bad actors can now readily employ them for ransomware and other nefarious uses.
The continual rise of Internet of Things (IoT) botnets
Many security experts expect enterprises will see a marked increase in IoT botnets in 2018. Ever since the bad actors behind the Mirai botnet demonstrated their ability to use more than 500,000 smart IP cameras to launch a large-scale distributed denial-of-service (DDOS) attack, other threats have followed the Mirai botnet’s lead. In October 2017, for instance, security researchers discovered the Reaper botnet, which is estimated to consist of up to two million IP cameras.
Threat actors are no doubt exploring what other IoT devices can be compromised. Experts expect these IoT-compromised devices will continue to be used for DDoS attacks, but also that the information from these devices can be used as an added tool for criminals to plan and execute traditional (i.e., non-cyber) crimes, such as breaking into a company.
Exploiting a popular device: Mobile phones
Cybercriminals, nation-states, and others are increasingly targeting mobile phones. Naturally, this bodes poorly for enterprises as so many of their employees use their personal phones for work-related issues.
The target of choice is Android phones. One of these phones’ chief vulnerabilities is an older operating system, which lacks the latest security patches. In fact, only one in five Android phones is running the newest operating system, according to Symantec.
In January, for instance, SonicWall security researchers “observed a sudden spike in Android apps with hidden crypto miner functionality. Such apps masquerade themselves as legitimate apps – such as games, music or video apps – but in the background they start mining cryptocurrency using the resources of the infected victim’s hardware.”
More security spending, smarter security thinking
The good news: Many enterprises are increasing their investments in cybersecurity in addition to improving their mindset about how to defend against cyberattacks.
Enterprises’ traditional approach to cybersecurity has been detect-and-respond. Now, businesses are also understanding that they can improve their cyber defenses by adding predict-and-prevent to their cybersecurity arsenal. As a result, these companies are now using artificial intelligence (AI) systems to understand cyberthreats in real time.
These AI systems, aware of cyberthreats occurring in their industry, nation, and globally, can recommend actions to thwart them. Likewise, security-astute enterprises are also using AI to learn the normal state of their IT systems and then monitor them for a deviation from the norm that may indicate a security breach.
However, even with increased security spending and predict-and-prevent AI systems, CIOs, should plan for the worst.