[BreachExchange] Casting an eye on the 2018 cyber landscape

Audrey McNeil audrey at riskbasedsecurity.com
Fri Jan 5 14:05:13 EST 2018


The battle lines of cybersecurity have again been redrawn over the past 12
months, having witnessed the continually destructive fallout resulting from
data breaches and endured the biggest ransomware attacks in history. Petya,
NotPetya and WannaCry demonstrate just how easy ransomware is to weaponise
and throw out into the wild, possessing the ability to create mass hysteria
and crises at organisations worldwide impacting patients health condition,
data, companies reputations, etc. While ransomware has garnered extensive
media attention the past year, it is important to constantly remind
ourselves that these types of attacks can often provide a smoke screen for
far more targeted, invasive attacks. The next wave of cyber threats to hit
the headlines may look considerably different so it is essential to
consider how to improve overall nimbleness.

Equifax’s debacle is the latest reminder of just how susceptible even the
most 'secure' data is. Enterprises must operate under the assumption that
they are in a perpetual state of compromise and clearly define appropriate
APT attack risk management strategies. Every company should have the means
to rapidly detect and respond pre-emptively to an initial compromise or
enterprises will remain vulnerable to having their information stolen and
or their customers’ posture at risk by cyber criminals.

Here are some thoughts about what to expect in the cyber landscape during

It is important to note that the ruthlessness of attackers is not the only
driving factor. Equally, technological innovation makes companies
susceptible to attacks for opportunist hackers to capitalise on. The
implementation of business innovation together with sound cyber strategies
will enable companies to get the upper hand.

- We'll see more attacker activity against global wire transfer and
financial messaging systems within banks, especially those outside of the
US. Since the infamous Bangladesh heist, the continued spate of attacks
such as the one incurred by Russian bank Globex that ended 2017 highlights
the vulnerability of international wire transfer systems, the need for
banks to bolster their cyber defense and the increasingly sophisticated
techniques deployed by attackers.
- Equifax's recent breach will invoke discussions on additional regulations
around personally identifiable information (PII). Safeguarding sensitive
data of employees and customers is paramount and it is likely companies
will be forced to step up security measures. A holistic approach to
protecting PII should be undertaken, involving people, processes and
technology, alongside advanced security.
- Similar to the way particular cybercrime groups have developed specific
tools and techniques to compromise wire transfer systems, we expect more
specialised efforts to attack proprietary technologies. Although compromise
of mainframe systems may be a more common occurrence than is currently
publicised, we believe cyber attackers focus greater attention on these and
other critical legacy systems that are often overlooked by security teams
who focus on protecting the latest mobile or cloud-based innovations.
According to IBM, mainframes are the epicentre of financial services for
thousands of global organisations including 92 of the world’s top 100
banks, posing an attractive higher value target for attackers. These
systems currently support 29 billion ATM transactions a day and 87 per cent
of all credit card transactions . Mainframes can also be utilised for
multiple different attack scenarios, particularly espionage. From a single
location, an attacker could gather significant competitive or strategic
- Attackers will start exploiting additional (non-SWIFT) financial payment
and messaging systems, including ACH (Automated Clearing House). The ACH
network oversees more than 90 per cent of the total value of all electronic
payment transactions including payroll, direct deposits, tax payments and
consumer bills, batching them together and processing them at specific
intervals in the day, so rewards would be particularly lucrative for
hackers. According to NACHA, the ACH network increases on average by upward
of $40 trillion a year.
- Social engineering will continue to be the most prominent way of
penetrating networks. Be it via phishing, phone calls, pretexting or other
such techniques, savvy hackers will exploit the one weakness that is found
in every organisation: human psychology.
- Once GDPR goes into effect in May 2018, the most serious violations could
result in fines of up to €20 million or four per cent of turnover
(whichever is greater). Non-complying global corporations could be
penalised billions of dollars with potentially devastating effects to the
company itself as well as the economy. This should spur enterprises into
immediate action and though no one wants to be the last to adhere to
regulations, we know that organisations move slowly and human nature is to
delay. The first hefty fine levied will motivate corporations to achieve
compliance with the new regulations.  The immense size of the proposed
fines show just how serious and imperative it is for enterprises to execute
the necessary steps to collect, manage and protect customer data. As the
details of Uber’s breach now unfold, the global transport tech giant could
easily be made an example of with an enormous fine due to hiding this from
regulators and paying hackers for the cover up, ahead of GDPR coming into
- In an increasingly hostile geopolitical climate, we'll see expanded
attacker activity emanating from North Korea and others. The likes of
WannaCry, the biggest ransomware cyber attack the world has ever seen,
serves as an example of the scale and disruption nation-state actors can
create around the globe.
- We'll see an increase in disruptive malware activity whereby critical
infrastructure such as banking systems are targeted (e.g. changing journal
data.). The motives behind such attacks are to destabilise economic
infrastructure. What happens if banks cannot trust their own data and,
thereby, consumers can’t trust their banks?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180105/3755db8d/attachment.html>

More information about the BreachExchange mailing list