In every intelligence industry, there’s often a central aim: predicting the future.
Organisations collect and analyse, dissect and interpret, looking for that essential nugget that will give them the edge over adversaries by indicating what they’ll do next.
Carbon Black chief cybersecurity officer Tom Kellermann combines his thoughts with those of Carbon Black's threat analysts and security strategists to give some insight into the threats and sectors likely to be top of the list for cyberattackers in 2019.
Geopolitical tension remained high throughout 2018, bringing with it an associated uplift in cyber insurgency.
The US trade war with China is undoubtedly a factor behind the recent resurgence in Chinese cyber espionage and this is set to continue.
As well as espionage targeted at infiltration and data theft, Carbon Black detected an escalation of attacks where the primary objective was destruction.
Its recent Quarterly Incident Response Threat Report (QIRTR) depicted widespread adoption of C2 on sleep cycles and a high prevalence of attack victims experiencing island hopping and counter incident response.
In 2019, Kellermann is predicting there will be more instances of island hopping, particularly via public cloud infrastructure.
There will also be a wave of destructive attacks as geopolitical tension continues to manifest itself in cyberspace.
In 2019, attackers will attempt to counter detection in the form of Vapor worms – fileless attacks that display worm characteristics and propagate through networks - and IoT worms.
As attackers become more sophisticated in their methods, defenders will need to get more adept at spotting evidence of incursions through proactive threat hunting and analysis.
Carbon Black threat analysis unit enterprise architect Paul Drapeau believes that peoples’ habits of putting their private lives online in the hands of third parties will come back to haunt us in 2019.
He says, “Attackers have been actively using ransomware to make a quick buck by locking systems and encrypting files, but this activity could move from the compromise of systems to compromise of personal lives.
“Breaches of social media platforms present a wealth of data to be mined by bad actors. This data could be used to correlate activities between people to find illegal, scandalous or compromising behaviour and then leveraged for traditional blackmail at scale.
“Pay up or your spouse/employer gets copies of these direct messages,” an example note might read. We can fight ransomware on our own networks with anti-malware tools or backups, but we depend on giant companies to protect our more personal details.”
The breach doesn’t even have to be real to result in extortion attempts, as was seen in 2018 with the mass email scam purporting to have compromising video and passwords of the victims.
Imagine an attacker building on data from a breach and fabricating message contents and then demanding “ransom” be paid.
This type of attack definitely takes more work to pull off, it’s more targeted and difficult, but the payoff could be there.
Victims may be willing to pay more money and pay up more readily when it is their real lives and reputations at stake versus their digital files.
When it comes to the sectors facing the highest risk, Carbon Black security strategist Stacia Tympanick expects to see a lot more supply chain attacks occur within the healthcare industry.
Healthcare is a tough attack surface to protect and could be a tempting target for nation-state actors bent on disrupting critical national infrastructure (CNI).
There is so much focus on just making sure that devices are discovered and protected on networks, that managing medical devices on top of this opens up a large attack surface.
The trend toward remotely managing patient conditions via IoT devices increases that surface still further – this vector could be weaponised by bad actors.
Healthcare is also starting to move to the cloud, so cloud providers should be evaluated under a stern eye to ensure that proper and secure procedures/processes are in place to protect patient data.
Steganography is the technique of hiding secret information within innocuous images or documents and it’s an ancient practice – think Da Vinci hiding codes in the Mona Lisa.
Examples of steganography are just as hard to detect in the cyber world, with code being masked in legitimate files designed to make it past scanners and firewalls.
We could see steganography being used in combination with other attack vectors to create persistence and control mechanisms for malware that’s already running on a compromised network.