One of the problems with threat prevention is that we get too hung up on yesterday’s threats. Security systems are designed for the types of attacks we’ve seen in the past. That’s necessary, of course, because we know bad guys use the methods proven effective.
We also know that cybercriminals don’t rest on their laurels. They are constantly developing new attack vectors meant to avoid our current security systems, putting organizations on the defensive and forcing them to rely on reactive strategies rather than proactive ones. By then, the damage is usually already done.
What’s on the Horizon
While it is difficult to know exactly what the bad guys are planning until we see it, security companies are able to determine the types of threats that are emerging. According to a recent global report from CrowdStrike, the overall level of sophistication across the entire global threat landscape is increasing rapidly, showing how underprepared we are for future threats.
“Many companies have witnessed cyber adversaries launch massive, destructive attacks that render organizations inoperable for days or weeks,” said Scott Taschler, director of Product Marketing at CrowStrike. “Looking ahead, security teams will be under even more pressure to detect, investigate and remediate breaches faster.”
Another issue the report revealed is a blurring of the line between statecraft and tradecraft, in which nation-state adversaries and cybercriminals are learning from one another and gaining ground with legitimate consequences for organizations. Over the last year, hackers are taking advantage of these tactics, techniques and procedures previously seen in use only by very sophisticated attackers, making for some serious threat concerns for 2018.
CrowdStrike listed the top five emerging threats for 2018, the kind of things that keep security teams up at night. They are:
• Malware-free intrusions – In 2017, nearly 39 percent of all incidents were malicious software that went undetected by traditional antivirus. Industry data supports the trend that the use of fileless malware and malware-free attacks made up 66 percent of all attacks. The takeaway is vulnerable legacy antivirus software.
• Software supply chain attacks – Software supply chain attacks associated with nation-state espionage operations is not new, but in 2017, this technique spread to cybercriminals as well. You no longer have to be a highly sophisticated, highly funded bad actor to launch a crippling attack.
• Cybersecurity ‘trickle-down’ effect – Some powerful algorithms in use today by attackers were designed for purposes of protecting sensitive information and systems. This phenomenon is known as the ‘trickle-down’ effect of technologies first developed by governments or the private sector ending up in the arsenal of nation-state attackers and cybercriminals.
• New global attacks emerging from North Korea and Iran – Targeted intrusion activity linked to Iranian actors continued throughout 2017, with an attacked labeled as Charming Kitten consistently conducting credential-stealing operations against domestic political dissidents and international anti-regime targets. In addition, given the geopolitical tension surrounding the North Korean nuclear program, DPRK-based adversaries are likely to continue malicious cyberactivity against entities in South Korea, Japan and the United States.
• Cryptomining and fraud – The rising value of cryptocurrencies has led to increased targeting from cybercriminals and nation-state actors. Attackers are expected to be bullish on cryptocurrency attacks in 2018. Cryptomining has changed from a nuisance to a seriously disruptive threat to businesses.
Themes to Watch
It isn’t just the new tactics used by hackers that we have to watch for. Taschler said the CrowdStrike report also picked up on some emerging themes affect the outlook for 2018. The one that stands at the top of Taschler’s list is breakout time—the time needed by the intruder to move away from the initial penetration point and roam laterally in the network.
“Recent data shows this metric has shrunk to less than two hours, making typical enterprise response programs obsolete and ineffective,” he said. “Public and private sector organizations must rethink their incident preparedness and response protocols in order to act swiftly enough to get in front of modern attackers.”
Another theme to keep an eye on is the continuous growth of non-malware attacks. Because smart attackers understand the standard sets of anti-malware countermeasures in use within most organizations, they adapted their approach to leverage existing trusted software, stolen credentials, memory injection and to hide in your network, mining data.
“A great example of an emerging non-malware threat is business email compromise (BEC),” explained Taschler. “This represents an evolution of the old chestnut, the Nigerian 419 scam. BEC is an email-driven scam where the adversary spends of time conducting reconnaissance against the target, learning who the key players are, understanding the organizational lexicon and developing relationships. The ultimate goal of the campaign is generally to a scam the target into transferring money via a spoofed invoice or other business correspondence. This results in hundreds of millions of dollars of loss each year, and it’s on the rise.”
Finally, Taschler added this one point to keep in mind when thinking about 2018’s emerging threats: It’s not just the threats that are more sophisticated, but the mindset.
“There is a greater maturity in the ways nation-state adversaries and even less sophisticated cybercriminals and hacktivists are thinking about deploying cyberattacks.”