Four Factors that will Change Cybersecurity
Cybercrime campaigns and high-profile advanced persistent threats groups are readjusting how they profile and target victims. As cybercriminals face effective defenses to tried and tested attack vectors, they adapt and switch to try out new tactics, techniques and procedures (TTPs). The changes are proving successful as we have all seen in the number of successful ransomware attacks and the increase in sophistication of the phishing attacks that allow cybercriminals to breach systems and steal credentials or bribe organizations for their data.
Criminal Forces are Coming Together
In particular, we are seeing the emergence of new cybercrime operating models among high-profile cybercriminal groups, according to the latest 2019 Cyber Threatscape Report from Accenture. Incredibly, relationships are forming among criminals or as Accenture calls them, “secure syndicates” who closely collaborate and use the same malicious code in some instances and in others leverage the same tools. This suggests a significant change in how cybercriminals work together to attack business or spread disinformation which has become a new strategy. This will certainly make identifying threat actors more difficult as groups with an environmental cause may partner with hackers to harm organizations.
Hacking and Cybercrime are Changing Goals
Early in 2019, an organization was targeted by an elaborate hoax involving a spoofed letter supposedly written by the fund group’s CEO. The letter claimed the organization was divesting in coal companies because of moral reasons in several of its mutual funds and changing its stance and overall voting to take a stronger position on environmental issues.
The attackers also spoofed the organization’s website; several thousand people received the spoofed letter and large news outlets broadcast the contents of the letter as genuine public relations.
Ultimately, the letter and website were uncovered as fake and were not the work of the fund group, rather the work of an activist seeking to embarrass the fund group and raise awareness for the environment. The incident emphasized how simple it is for hackers to create campaigns with spoofed letters and websites in order to drive successful disinformation campaigns. Incidents like these, according to the report, are clear indicators for the future of cyberthreats to financial institutions and financial market infrastructures.
Further, disinformation campaigns may have serious consequences on brand reputation across a variety of industries in a variety of markets. The tools, malicious code and partners required to implement a successful campaign are well within the capability for threat adversaries already targeting organizations like the one described above.
The report has uncovered four driving factors that are contributing to the evolution of the cyberthreat landscape.
Ransomware is the Weapon of Choice
The ransomware threat will increase as the malware continues penetrated defenses and organizations continue to pay the Bitcoin that the cybercriminals demand. In addition, the potential of ransomware with self-propagating abilities such as WannaCry are already being deployed across businesses and government agencies.
While the motives behind many attacks may appear to be financial, targeted ransomware attacks may also serve ideological or political motives going forward. Whatever the purpose, ransomware will likely continue to threaten organizations and IT security teams and their partners must ensure they take adequate measures to prepare, prevent, detect, respond, and contain any ransomware attack.
Vulnerabilities in Cloud Infrastructure will Demand Costly Solutions
The discovery of multiple side-channel vulnerabilities in modern CPUs over the last two years are posing a high risk to organizations operating their IT infrastructure in the cloud. Adversaries can use this type of cloud associated vulnerabilities to read sensitive data from other hosts on shared physical servers.
Solutions are available for most platforms, cloud deployments, and other software, however, most of the solutions come at a cost of reduced performance, leading to a potential increase in the overall IT technology costs for organizations.
Geopolitical-Driven Attacks
New threats are emerging from disinformation as the IoT and technology evolution progresses. Organizations are increasingly finding themselves as targets as geopolitical tensions increase. As cybercriminals take advantage of global events and seek to influence mass opinion, these criminals will not only persist with current levels of activity, but also look to take advantage of new capabilities they may develop as new technologies enable more-sophisticated TTPs.
The Number of Cybercriminals is Growing
Despite high-profile law enforcement focus against cybercriminals and cybercrime over the past several years, the number of threat actors is growing and based on the number of attacks and diversity of malicious code used is growing substantially. The reports analysis indicates conventional cybercrime and financially-motivated attacks will continue to pose a growing threat for targeted individuals and organizations with poor security defense.
However, criminal operations will likely change their tactics to reduce the risk of detection and to continue to evade improving security defense. Cybercriminals may also attempt to increase targeting by using phishing attacks and perhaps legitimate documents to identify likely victims before delivering malware.