Every year around this time all the security businesses and analysts leap for their crystal ball and attempt to predict what we should be worrying about in the coming 12 months or more. And the sad reality is that not a lot will change as there is not much need for the cybercriminal community to do anything different – it’s already working well now!
The cybercriminal community is all about profit and that means they continue to utilise the same sorts of tactics if they continue to gain the results they are after – mainly money!
That said though, how will the threat landscape look over the next 12 months?
- Supply chain and third party attacks have been a common feature in 2017 and will continue to be a fruitful attack method for cybercriminals in the next year. These tend to be highly focused operations with predetermined targets of interest, rather than cases of mass, indiscriminate targeting. Nevertheless, the Oracle MICROS breach that affected its point of sale customers and NotPetya campaign were outliers in this regard. This is probably due to the differing motives of these campaigns: supply chain attacks are often done for intelligence gathering and reconnaissance purposes, whereas these MICROS and NotPetya attacks were financial or disruptive, so the emphasis would have been on widening the number of targets for maximum effect. Suppliers and third parties are often seen as easier entry points for attackers, especially as many do not have adequate security maturity levels. Moreover, suppliers are often given unnecessary wholesale access to company networks, which is why they are targeted in the first place.
- Wormable malware – Some of the biggest cyber incidents in 2017 revolved around the issue of self-replicating malware that can spread between networks. WannaCry and NotPetya were examples of this. As well as these we’ve seen the Bad rabbit ransomware that reportedly spreads via a combination of Windows Management Instrumentation (WMI) and Server Message Block (SMB) protocol, and a wormable Trickbot banking trojan was also reported in Jul 2017.
I expect malware modified with self-replicating capabilities to continue in 2018, particularly given the disruption caused by WannaCry and NotPetya inspiring similar attacks. Another driver for this is that many organisations around the world will be slow to mitigate against these methods, whether by applying appropriate patches and updates, restricting communication between workstations, and disabling features such as SMB to reduce the capability of malware to propagate within organisation networks.
The bar for cyber-attacks keeps getting lower. The availability of leaked tools from the NSA and HackingTeam, coupled with ‘how to’ manuals, means that threat actors will have access to powerful tools that they can iterate from and leverage to aggressively accomplish their goals.
But whatever happens in 2018 and beyond, what is clear is that cybercrime will continue to be a problem and present governments, businesses and individuals with challenges to protect their data and their intellectual property. It is therefore critical that you take steps to manage your digital footprint and manage the digital risk you present to the world via your business activities in the Internet and via cloud solutions. That way, when something bad does happen, you will know quickly and can deal with it more effectively.