No favourites here: What makes up the art of cybersecurity warfare
Regardless of where people live or what they do, the risk of falling victim to cyber security attacks is always prevalent. According to a report by the Australian Cyber Security Centre, 90 percent of major Australian businesses and government agencies have been targets of industrial espionage, hacking or security breaches in the past year. At least 60 percent of organisations surveyed experienced tangible impacts on their business due to attempted or successful compromises, despite rating the incidences as relatively low in severity.
Make no mistake, the cyber security war does not play favourites and no one is safe. The only way to try and combat the threats is by accessing what has happened in the past and plan for the future. In the end, it is a constant foot race of trying to stay one step ahead of the hackers. In order to do this, it is important to embrace the positives, learn from the negatives, and plan for what the future holds.
What we did right
Cybersecurity teams leveraged new technology and procedural improvements to gain important ground throughout the past year. The hospitality and retail industries who suffered last year from Point of Sales (POS) Malware will be happy to know as a result of heightened security measures the risk has dropped significantly. According to the 2017 SonicWall Annual Threat Report, the number of new POS malware variants decrease by 88 percent since 2015 and 93 percent since 2014.
Another positive found was the disappearance of major exploit kits Angler, Nuclear and Neutrino after cybersecurity investigations exposed the likely authors, leading to a series of arrests by local and international law enforcement agencies. In the absence of large exploit kits some smaller kits are trying to fill the void and by the third quarter of 2016, runner-up Rig had evolved into three versions employing a variety of obfuscation techniques. However, the decrease in dominant exploit kit families experienced earlier in 2016 is a great win for the cyber security industry.
What we did wrong
Unfortunately, cyber criminals made extreme advances in the deployment of ransomware. The 2017 SonicWall Annual Threat Report shows, ransomware attacks grew 167 times since 2015, from 3.8 million in 2015 to 638 million in 2016. The reason for this increase was likely a perfect storm of factors, including the rise of ransomware-as-a-service (RaaS) and mainstream access to Bitcoin.
Another possibility for the rise in ransomware is that cyber security professionals were cutting off other avenues for cyber criminals to make money and so in desperate times, criminals turned to ransomware.
In October 2016, people that used the likes of Reddit, Netflix, Twitter or Spotify experienced another of the top threat trends. Mirai, a botnet that affected IoT devices was leveraged to mount multiple record-setting distributed denial-of-service (DDoS) attacks. The root cause leading to the Mirai attacks was unquestionably the lax security standards rampant in IoT device manufacturing today. Specifically, these devices do not prompt their owners to change their passwords, which makes them uncommonly vulnerable.
The next step
As with any arms race, advances made by the good guys are often offset by advances made by the bad guys. This is why it’s critical for companies to not become complacent and remain alerted to new threats and learn how to counterattack.
It’s worth noting that the technology already exists today to solve many of the new challenges cyber criminals threw at victims in 2017. For any type of new advanced threat like ransomware, it’s important to understand that traditional sandboxing solutions will only detect potential threats, but not prevent them.
In order to prevent potential breaches, any network sandbox should block traffic until it reaches a verdict before it passes potential malware through to its intended target. It is imperative to understand that as cyber security professionals find solutions a cyber criminal will always be up to the challenge of creating the next cyber threat.
To your battle stations
Education is a key first step toward preventing cyber attacks. As discussed earlier, it is not a matter of if but when you get targeted. It is important for businesses to take the time to have training with every team member of the organisation on security best practices for email and online usage.
Implement the technology needed to protect the network. And most importantly, stay up-to-date on the latest threats and cyber security innovations shaping the landscape. It’s important to remember the good, learn from the bad and plan for the future.
Article by Scott McCrady, vice president APJ, SonicWall.