sb-nz logo
Story image

What to expect from cyber attacks in 2017

10 Jan 2017

Latest research shows that attackers are holding data for ransom at an alarming rate as they continue to deploy attacks across every industry. Along with the rise of ransomware and mushrooming of mass malware, attackers are increasingly utilising non-malware attacks in attempting to remain undetected and persistent on organisations’ enterprises. 

These non-malware attacks are capable of gaining control of computers without downloading any files and are using trusted, native operating system tools (such as PowerShell) and exploiting running applications (such as web browsers and Office applications) to conduct malicious behaviour.

As organisations plan to defend their enterprises against ransomware and non-malware attacks, here’s what to expect in 2017.

1:  Non-malware attacks will escalate and become more severe

Attackers are increasingly utilising non-malware attacks in an effort to remain undetected on organisations’ endpoints.

Non-malware attacks leveraging PowerShell and Windows Management Instrumentation (WMI) saw a significant rise in 2016. Additionally, instances of severe non-malware attacks grew throughout 2016. According to recent research, over a 90-day period, about one-third of organisations are likely to encounter at least one severe, non-malware attack.

Deployment of non-malware attacks in the wild has moved, with regularity, into attack campaigns. For example, earlier this year, Carbon Black discovered the first known instance of PowerShell being used in a ransomware attack with PowerWare. By using PowerShell, PowerWare avoids writing new files to disk and tries to blend in with more legitimate computer activity.

The alleged hack against America’s Democratic National Committee (DNC) earlier this year was reported to have leveraged both PowerShell and WMI in order for attackers to move laterally and remain undetected.

As we turn the calendar to 2017, non-malware attacks are at the highest levels I’ve seen and should be a major focus for security defenders during the coming year. 

2: The ransomware blitz will continue

While ransomware is more than 30-years-old, it experienced a renaissance of sorts for attackers in 2016. According to recent data, the number of ransomware instances grew by more than 50 per cent in 2016 when compared to 2015.

And while mass malware still accounts for the majority of total malware, ransomware is stealing the headlines. Unfortunately, that’s because it works and has resulted in major paydays for attackers. In 2015, ransomware was a $24 million crime. As we close out 2016, businesses from all industries have lost more than $850 million to ransomware. 

Ransomware is quickly evolving in sophistication. Payloads are increasingly infecting hundreds of machines at once, as occurred during the attack against the San Francisco Municipal Transport Agency, where more than 2,000 systems were locked down.

Until organisations unilaterally make prevention of ransomware attacks a top priority, we’ll continue to see ransomware make headlines in 2017.

3: Cyber-security investments will rise on a global scale

Organisations are quickly coming to the realisation that traditional antivirus does very little to stop modern attacks. The proliferation of non-malware attacks has accentuated this issue. 

Major global hacks against the several international banking network and the Ukraine power grid, among others, have served as clarion calls that critical infrastructure and worldwide financial systems will continue to be targeted. 

In the U.S., alleged attacks against voter databases and the election process have placed a renewed emphasis on cyber security as an issue of national security. 

As a result, we will see a significant shift away from traditional antivirus solutions around the globe in 2017 as private organisations and worldwide governing bodies effort to curb the growing trend of attacks seen this year.

2017 challenging

Year 2016 was not a good year for cyber defenders, and 2017 is looking like another challenging year.  While investments are being made with innovation and deployment, there is still work to do when it comes to cyber-security awareness, preparation, and culture.

We must work to increase our leverage, through employee training, automation, and getting more value out of our security investments. There’s a lot of opportunity to improve in 2017, so let us take some of these predictions and figure out how to make these attacks less likely to cause significant harm.

Article by Ben Johnson, chief security strategist, Carbon Black 

Story image
First AML awarded Privacy Trust Mark
“First AML conducts regular, detailed staff privacy and security training sessions and employs regular third-party audits that go above and beyond what is required by law."More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More