[BreachExchange] Using Cyber Threat Intelligence to Make 5 Security Forecasts for 2017

Audrey McNeil audrey at riskbasedsecurity.com
Fri Dec 30 13:50:18 EST 2016


http://www.securityweek.com/using-cyber-threat-intelligence-make-5-security-
forecasts-2017

I spend most of my time analyzing vast quantities of cyber threat data,
looking for trends and insights that we can use to help our customers
better prepare for what cyber threats are coming next. There are some clear
trends that have emerged over the past 12 months that we can use to offer
cyber security guidance and strategies in the coming year.

1. An organization’s ‘level of presence’ will grow and in turn so will
cyber risk.

Every product and service relies on some type of technology infrastructure.
With that reliance organizations are extending their “level of presence” in
the digital world via social media, payment transactions, customer
engagement, marketing, partners, suppliers... the list goes on.

The supply chain accounts for a large part of an organization’s increased
digital footprint. Partners and suppliers support customer, HR, payroll,
and accounting - and we share with them very sensitive information or
provide them with sensitive access to that data, therefore “extending” our
presence. With that extension of digital presence, organizations are
operating at a higher exposure to be a victim of fraud, extortion, ransom,
compromised accounts, exploited assets and denial of service attacks, to
name a few.

It will be increasingly important for organizations to move beyond just
looking at things as inside-out IT security and instead understand their
total risk profile in order to make significant improvements towards
changing security outcomes for the better.

2. Ransomware will continue to be a moneymaker for cybercriminals.

We all know ransomware attacks grew exponentially in 2016 and there is no
indication they are going to slow down in any way - financially motivated
cybercriminals follow the money trail.

>From an adversary capability perspective, ransomware is cheap to operate.
>From an opportunity perspective, many organizations are not yet applying
the proper analysis and decision-making to appropriately defend against
this threat. Ransom-based attacks also have a very large target base as
every employee in every organization that utilizes an email address is a
potential target victim.

Combine the lack of willingness for organizations to acknowledge the threat
with the consistent release of breached email addresses (LinkedIn, Dropbox,
MySpace, Tumblr, etc.) that are used to automate the campaign and you will
continue to see a solid profit center for the criminals.

3. Extortion (ala TheDarkOverlord style) will increase.

Not yet as common as ransomware, but set to increase in 2017, is
extortion-based threats - another example of cybercriminals following the
money. We will see more organizations breached and then contacted by the
malicious actor with a demand of payment in order for the data to be
returned.

In football, they say run the same play until the other team can stop it.
In the case of extortion, cybercriminals have a pretty good set of case
studies to follow.

If the organization does not pay the extortion fee, the stolen data is then
publicly released on a paste site, via social media or sold on the black
markets, which of course brings significant risk to the organization.

4. 2017 will be the year of increasingly creative IoT attacks.

IoT security threats have been talked about, but not really worried about
by most because a serious incident had yet to occur. That all changed this
past year.

With the 2016 DDoS attack on Dyn, and the ripple effect it created, we will
see more scrutiny on security within the IoT marketplace. Vendors will work
in new security precautions but at the same time, cybercriminals will also
increase their attention on new ways to leverage IoT devices for their own
malicious purposes.

There are plenty of “As-A-Service” attack capabilities on the Dark Web for
hire now and we should expect creative, new IoT hacking services to pop up
in the near future.

5. Threat intelligence will play a larger role in risk management
decision-making.

As cybercriminals continue to shift their tactics to find new avenues for
attack, good guys have to evolve as well in order to ensure a sound
defense. Cyber threat intelligence is being used more and more as a way of
guiding where that cyber defense evolution needs to occur. As such cyber
threat intelligence solutions and analysts will be increasingly added to
and defined in security budgets.

A large part of what is needed, however, is to not only focus on tactical
CTI capabilities as done in the past, but to specifically build a CTI
program that informs decision makers on the risk evolving threats can
impose on the business. Every product or service a business delivers
depends on a technology platform in some way and wise leaders are beginning
to track the threats to that infrastructure.

While organizations can’t really impact cybercriminals’ intent or
capability, placing greater focus on reducing the bad guys’ opportunity -
especially as the level of presence is growing - should be at the top of
your security to-do list in 2017. Having the right intel to help guide
those efforts is critical to a fruitful 2017 and beyond.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161230/4070a8e6/attachment.html>


More information about the BreachExchange mailing list