[BreachExchange] The 2018 Cybersecurity landscape
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Dec 7 18:35:37 EST 2017
http://www.itnewsafrica.com/2017/12/the-2018-cybersecurity-landscape/
Every year around this time all the security businesses and analysts leap
for their crystal ball and attempt to predict what we should be worrying
about in the coming 12 months or more. And the sad reality is that not a
lot will change as there is not much need for the cybercriminal community
to do anything different – it’s already working well now!
The cybercriminal community is all about profit and that means they
continue to utilise the same sorts of tactics if they continue to gain the
results they are after – mainly money!
That said thought, how will the threat landscape look like over the next 12
months?
- Supply chain and third party attacks have been a common feature in 2017
and will continue to be a fruitful attack method for cybercriminals in the
next year. These tend to be highly focused operations with predetermined
targets of interest, rather than cases of mass, indiscriminate targeting.
Nevertheless, the Oracle MICROS breach that affected its point of sale
customers and NotPetya campaign were outliers in this regard. This is
probably due to the differing motives of these campaigns: supply chain
attacks are often done for intelligence gathering and reconnaissance
purposes, whereas thee MICROS and NotPetya attacks were financial or
disruptive, so the emphasis would have been on widening the number of
targets for maximum effect. Suppliers and third parties are often seen as
easier entry points for attackers, especially as many do not have adequate
security maturity levels. Moreover, suppliers are often given unnecessary
wholesale access to company networks, which is why they are targeted in the
first place.
- Wormable malware – Some of the biggest cyber incidents in 2017 revolved
around the issue of self-replicating malware that can spread between
networks. WannaCry and NotPetya were examples of this. As well as these
we’ve seen the Bad rabbit ransomware that reportedly spreads via a
combination of Windows Management Instrumentation (WMI) and Server Message
Block (SMB) protocol, and a wormable Trickbot banking trojan was also
reported in Jul 2017.
Malware modified with self-replicating capabilities to continue in 2018,
particularly given the disruption caused by WannaCry and NotPetya inspiring
similar attacks. Another driver for this is that many organizations around
the world will be slow to mitigate against these methods, whether by
applying appropriate patches and updates, restricting communication between
workstations, and disabling features such as SMB to reduce the capability
of malware to propagate within organization networks.
The bar for cyber-attacks keeps getting lower. The availability of leaked
tools from the NSA and HackingTeam, coupled with ‘how to’ manuals, means
that threat actors will have access to powerful tools that they can iterate
from and leverage to aggressively accomplish their goals.
But whatever happens in 2018 and beyond, what is clear is that cybercrime
will continue to be a problem and present governments, businesses and
individuals with challenges to protect their data and their intellectual
property. It is therefore critical that you take steps to manage your
digital footprint and manage the digital risk you present to the World via
your business activities in the internet and via cloud solutions. That way,
when something bad does happen, you will know quickly and can deal with it
more effectively.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171207/55eaaf4a/attachment.html>
More information about the BreachExchange
mailing list