Most dangerous new cyber security threats

If the 2017 Wannacry NHS ransomware attack has taught us anything, it's that malicious activity is very much alive and kicking and that most organisations are either not prepared or their cyber security departments are under funded.

Vendors and malicious actors are permanently joined at the hip with security companies racing to react to the latest emerging threats, and attackers circumventing these defences all the time.

Many of these threats first became apparent in recent years but have recently swelled – with no end in sight. Read on for some of the most dangerous cyber security attacks every organisation faces in 2018.

Read next: Ransomware explained - What is ransomware and how can ransomware be stopped?

State sponsored attacks
iStock

State sponsored attacks

Espionage is the oldest game around. Ever since there were groups of adversaries there have been groups who have attempted to spy on one another.

What is arguably a new development is the creation of hacker groups that tend to be financially or politically motivated, that technically are not part of the state but are allowed to exist within the state. Examples where it's suggested these groups are tolerated include Iran, China, Russia and North Korea.

The White House in 2017 blamed Russia for the NotPetya attack - linked to the eerily named Shadow Brokers - while North Korea's 'Sun Team' is thought to be behind reconnaissance against defectors.

Disinformation

Disinformation

Although the real-world effects of ‘fake news’ or disinformation campaigns are difficult to tangibly calculate there is no doubt that they are out there. Creating an army of Twitter accounts to promote a certain line of messaging or setting up a blog with the intention to deceive is incredibly simple – anyone with the will can do it.

Much of the attention on this has centred on Russia but the fact is there are states in the west that surreptitiously push political messaging as well. Before the Democrat email hack this was generally known as astroturfing, with China, the USA, and Britain all known to participate in massaging discourse online.

The fallout from the collapse of right-wing PR firm Cambridge Analytica is just one example where people were deliberately targeted with scaremongering stories that pandered to their fears.

Countries are pushing back against this but just how effective these efforts will be is anyone’s guess. Spain recently headquartered a new unit in Barcelona for the purpose of countering fake news, and a department is also being created in Britain.

Although these attempts more closely resemble propaganda departments than a genuine salve to the problem.

Ransomware

Ransomware

Ransomware is the act of holding an organisation’s data to ransom for cash, and in 2016 these types of attacks rose at a phenomenal rate. According to a recent report from SonicWall, ransomware attempts swelled from 3.8 million in 2015 to 638 million last year – and as much as $209 million had been paid out in the first quarter of last year alone.

See also: Ransomware explained – how digital extortion turns data into a silent hostage

Ransomware is a worry for any organisation, but in particular, attacks have been ramped up against utilities and hospitals where data is absolutely vital for day-to-day operations. Although far and away most security experts recommend anything but paying the ransom, it’s easy to see why some organisations do it – when the demanded payments are just about affordable enough to justify the cost against downtime. But there’s no guarantee that, once paid, the locked data will be restored.

The most common ransomware type by far is called ‘Locky’ – which often arrives as a word document that asks the user to enable macros. Once this is enabled, the file runs a downloader in the background and installs Locky Ransomware, which then scrambles data on all available drives and typically demands a Bitcoin payment.

See also: Worst 10 ransomware attacks – we name the Internet's nastiest extortion malware

IoT botnets

IoT botnets

Gartner expects 8.4 billion ‘things’ connected to the internet around the world this year, providing opportunity for denial of service attacks at a scale never seen before. In late 2016, an enormous DDoS attack was pointed at DNS provider Dyn using something called the Mirai botnet, which was launched from a huge number of IoT devices, likely at a Dyn customer. The attack on internet infrastructure took down a large number of popular internet services, including parts of Twitter, Github, storage service Box and the Playstation Network. It proved at the time that many service providers were ill-equipped to deal with the scope of the attack, and researchers at the time said they had monitored IoT botnets recruiting other botnets at scale before the attack took place.

Although businesses are starting to wake up to the security threat from IoT devices – which are often built for affordability with security as a secondary consideration – the code for Mirai went public in October last year.

See also: Botnet trafffic - the invisible force that wants to eat the Internet

Spearphishing and whaling attacks

Spearphishing and whaling attacks

Phishing attacks have long been an established threat – but they’re now more targeted and sophisticated than ever before. Spearphishing is the process of sending a fraudulent email from a trusted account to a targeted individual, usually with the intention to scam the recipient out of money. ‘Whaling’ takes this concept one further and involves targeting high-worth individuals, often within an organisation to get them to send money to a fraudulent account. The FBI calls these business email compromise scams – and well-known companies have fallen for them. For example, a finance executive at toymaker Mattel signed off on a $3 million transaction to the Bank of Wenzhou, China, believing it to be a legitimate request.

And according to recent research from security vendor Proofpoint, social media phishing attacks grew 500 percent in volume from the start of 2016 compared to the end. This included what the company calls ‘angler’ phishing, where fraudulent customer service accounts – from PayPal, for instance – intrude on interactions between customers and businesses.

Business Process Compromise attacks

Business Process Compromise attacks

Vendor Trend Micro describes the Business Process Compromise as a relatively recent phenomenon as a way for attackers to manipulate the day-to-day running of operations in their favour. It targets, the company says, the “unique processes or machines facilitating these processes to quietly manipulate them for the attacker’s benefit”. For example, in 2013 drug traffickers managed to hack into the backend of a port in Antwerp – targeting the IT systems that tracked the movement and location of containers, and this made it easier for the drug traffickers to retrieve their cargo.

Machine learning-enabled attacks
iStock

Machine learning-enabled attacks

Both vendors and attackers are turning to artificial intelligence to strengthen their capabilities. According to a recent Intel Security report, machine learning is likely to become useful in evolving successful social engineering attacks, particularly considering the rate of development in AI.

See also: Machine learning in cybersecurity: what is it and what do you need to know?

By combining publicly available data with complex analysis tools and Intel Security believes it would be possible to pick targets more precisely and with a greater level of success.

In its report, Intel Security notes that machine learning tools are “force multipliers for those of us in security roles”, and that it would “be negligent to assume cybercriminals are not also adopting these powerful tools”.

Copyright © 2018 IDG Communications, Inc.