So the biggest threat as a whole in 2016 was definitely Ransomware. But what does the threat landscape in 2017 look like? As we saw towards the end of 2016 the latest trend appears to be IOT based botnet attacks to create DDOS attacks.
Ransomware is big business, money can be made from the domestic market as individuals panic, they don’t know what to do and often pay the ransom to get their data released. This is intentionally set to an amount that the cyber criminals feel the victim can afford usually a few hundred British pounds, or half a bitcoin. But the real money can be achieved from businesses, this is sometimes by accident, they pick up some ransomware from an infected flash drive, website etc. But in 2017 we see this becoming more of a targeted attack. Through the use of a spear phishing email campaign or infected flash drives. The ransom can be set much higher for businesses, as the cost of loss of data, reputation and much more is of such high value to them, they are likely to pay it, let alone the risk of embarrassment.
We don’t see much chance of ransomware dying down in 2017, whilst awareness education is improving and vendors are producing anti-ransomware products most consumers and businesses only decide to look into solutions like this after they have been a victim of an attack.
We are expecting to see a big increase on mobile malware in 2017 which will coupled with ransomware cause massive issues. Most users rely on their phones for work, socialising and tend to trust the device with all sorts of personal information only held on there. They take basic precautionary steps such as a passcode or fingerprint to protect it and therefor feel as it is usually with them at all times it is safe. The one saving grace with mobile devices is most people tend to make use of cloud backups protecting the data even if the local copy is encrypted with ransomware.
There has been a proof of concept already seen using a method called Doxing, this is where the ransomware as well as encrypting the device also sends a copy of the data on the device back to the cyber criminal. The threat then becomes if the ransom isn’t paid the sensitive data held on the device could be made public. This could be embarrassing and cause a lot of personal and privacy issues for individuals. But should this land on a corporate mobile device the devastation caused could be loss of clients and project information to competitors.
Self-propagating malware is also a new thing that we are starting to see, much like we have been used to with other forms of malware, where they self replicate and spread around to other machines on a network we are now starting to see this with ransomware. Traditionally the ransomware would infect a machine, look for network shares and in some cases cloud backups and encrypt everything it found before being stopped in it’s tracks. There are however some shares the user may not have access to or parts of the network it couldn’t reach. Now with self-propagating ransomware it can get everywhere causing mass devastation to a business.
We saw towards the end of 2016 the mirai malware that infected so many IOT devices around the globe and brought some major sites down. This was made possible due to weaknesses in IOT devices, in general IOT devices tend to be made with convenience and simplicity in mind for the user, security isn’t often a key consideration. This is for a few reasons.
Firstly the devices were never on the radar as being something that would be compromised to facilitate a large scale bot attack, secondly some IOT devices just don’t have the processing power to provide sophisticated security and thirdly especially the case with wearables it would significantly impact on battery life.
That being said the time has come for manufacturers to step up, they need to be actively patching their devices, recalling them if need be to ensure that they cannot be compromised and contributing to the massive mirai botnet armies. One of the major issues we are seeing is so many vendors pushing products out with default usernames and passwords that don’t require the user to change them. IP based camera systems such as those from the Hikvision brand insist that the user changes the password to a complex custom password before they can use the device. This should be an industry standard in our opinion.
The issue with putting to much convenience in an IOT device is that a lot of key security measures are circumvented. For example whilst it is possible to put a piece of malware onto a key access card, it would be a very small one and it would have to be carefully crafted. However with the likes of NFC on smart watches and mobile phones, one’s watch can now grant entry to a building, authenticate payment with contactless technology. Presenting a risk if the mobile device is infected with malware/ransomware.
This is going to become a major issue for critical infrastructure. As businesses, employees and suppliers try to integrate IOT devices, BYOD strategies and more the risk to critical infrastructure becomes greater.
IOT and Ransomware working together
We are also predicting a joint venture between the two. If ransomware can get into business and homes via IOT devices we could see a whole host of trouble. There is obviously when coupled with self-propagating ransomware the spread to the entire home or corporate network. Causing devastating damage on a mass scale, users aren’t only having to be savvy with opening emails, files from flash drives and being careful of websites they visit. They are going to have to ensure that any IOT device connected with their network is sufficiently secured. This is certainly a good thing and a principle we should all be adopting in this day and age. However with users bringing IOT devices into the corporate environment this can pose a threat that we really need to get a handle on.
There is also the threat of home/business automation being taken over. Many IOT devices we use for convenience control things such as our homes lighting, radiator controls, CCTV, alarm systems and much more. If these devices became bricked or encrypted without a fine to release them what happens? Do we sit in darkness in the cold with no security to secure our home?
So in conclusion what do we do in 2017? Do we power all of our electronics down, pull the plug from the wall jack for our internet connection, put on our tin hat and wait for 2018?
Well we think 2017 has a lot to teach us. The threat landscape is changing, attack vectors are evolving and we need to be ready. As a home user, IT manager or CISO we need to be abreast of what is happening, we need to be armed and ready.
We would certainly recommend awareness training for your staff keeping them up to date and aware of what the threats are and how to mitigate against them. Make sure everyone knows what to do in the case of an attack, have systems and processes in place to mitigate the attack and deal with the issue.
We provide awareness training, planning services and can be on site to deal with an emergency situation if the worst should happen. Please get in touch here to find out more.