[BreachExchange] A look back to 2016 and what to expect in 2017 in cybersecurity space

Audrey McNeil audrey at riskbasedsecurity.com
Fri Dec 16 18:03:05 EST 2016


http://www.csoonline.com/article/3150665/internet-of-
things/a-look-back-to-2016-and-what-to-expect-in-2017-in-
cybersecurity-space.html

As we approach the holidays and get ready for 2017, let’s take a moment to
review our great work in preventing and defending advisories and attacks on
the organizations. We know cyber criminals keep trying to evade the cyber
defenses we have deployed. There have been big security incidents and
breaches in 2016. Spam and spear phishing email campaigns touched
unprecedented heights delivering ransomware to millions of potential
victims.

The world of digital information security does not lack for challenges.
Major events in 2016 have created uncertainty about the future and at the
same time new opportunities for the security industry to think and innovate
new defense technologies and solutions. But in the cybersecurity world, one
thing is sure that some attacks and crimes will continue to evolve and new
challenges will emerge.

The security industry’s biggest challenges are to improve the life cycle of
threat defense effectiveness by moving the curve ahead of advisories.

The key events of 2016!

Ransomware: Ransomware has been ongoing for a few years. However, this year
has been marked a new high in the volume and creativity of attacks across
industries, especially targeting the healthcare industry. One of the
largest attacks was against Hollywood Presbyterian Hospital paid $17,000
ransom to regain access to files locked by ransomware.

The recent attack on the San Francisco public transit system infected and
locked up more than 2,000 computers used to operate San Francisco’s public
transport system. This forced the Municipal Transportation Agency to open
the gates and allow passengers to ride for free. The attacker put the
demand for 100 bitcoin ransom.

Lawful hacking: US lawmakers brought Apple, the FBI, security experts and
law enforcement officials to testify on the ongoing debate over encryption
and the abilities of investigators to access data on a terrorist's Apple
iPhone. This created a lot of noise and chaos around privacy concerns and
impact of government agencies’ abilities to access citizens' phones from
the backdoor. The theme that emerged was the need for the FBI to improve
its own technical power to crack encryption - without the help of tech
industry or third parties. At the end, the FBI with the help of a
third-party tool were able to unlock the San Bernardino shooter’s iPhone
5C. So did the FBI learned to overcome the encryption itself and can now
hack into iPhone encryption by lawful hacking? Apple encryption is
considered a strong security device to date in the enterprise vs any other
phones available.

IoT hacking: A massive internet attack that caused outages and network
congestion for a large number of websites was launched with the help of
hacked IoT devices such as video cameras, DVR etc. The attack on Dyn, an
internet backbone service provider to some of internet’s top destinations,
created problems for internet users to reach an array of sites such as
Twitter, Amazon, Spotify etc. The security community has been ringing the
bell loudly about IoT security vulnerabilities for years.

What is ahead in 2017!

Time to get serious about IoT security: IoT will help accelerate shutting
down the internet in an agile methodology. In addition, we can expect to
see ransomware for IoT devices as it will continue to proliferate and
become more destructive. Imagine a driverless car system attacked by
ransomware. Your car could sit in your driveway until the ransom is paid or
your life could be in danger when your car is attacked while you are
driving.

Critical infrastructure, such as nuclear power plants and
telecommunications towers, are highly vulnerable to cyber-attack. Security
around the critical infrastructure needs to be planned for the possibility
that the networks and systems will see attack methods consistent with
multiple potential threat actors including national states, terrorism and
organized crime.

To fuel its growth, ransomware authors are trying to innovate new technical
advances by increasing exploit kit sophistication to stay ahead of the
enterprise defense technologies. They are even trying to offer
ransomware-as-a-service delivery models to hackers and priced at
pay-as-you-go service offerings.

Cloud security concerns: As enterprises continue to migrate more data and
applications into the cloud, they are providing a backdoor for hackers to
access other enterprise systems. The shift towards cloud based storage and
services is becoming a very lucrative target for attacks as the perimeter
is not protected by a firewall or traditional security measures. An attack
to disrupt a major cloud provider will affect all of their customers'
businesses.

The disruptive event would be used as a means to impact a competitor or
organization. The days are not far away when we will start seeing new
ransomware impacting cloud based data centers as more and more
organizations embrace the cloud both public and private. These attacks will
start finding their way into new infrastructure through encrypted files
spreading cloud to cloud or by hackers using cloud services as launching
pads to initiate attacks. The attack on the cloud will result in millions
of dollars in damages and loss of critical data.

The impact of AI and machine learning to cybersecurity: AI is exciting for
many reasons and the potential that AI and machine learning has is
unlimited. Enterprises will need to invest in solutions that have the
capabilities to collect and analyze data from countless endpoint, network
devices and attack sensors across organizations, industries and
geographies. But attackers will also use AI capability to wield highly
sophisticated and persistent attacks with malware designed with adaptive,
success-based learning to improve the efficacy of attacks. The next
generation AI-powered attack that will emerge involve customized code that
will emulate the behaviors of specific users to fool even skilled security
personnel. This could include crafting sophisticated phishing campaigns
that will successfully dupe even the most threat-conscious employee.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161216/61e891ee/attachment.html>


More information about the BreachExchange mailing list