Cybersecurity threats have conditioned organizations that their information can be compromised at any moment, and they must defend the full depth of their sensitive information and infrastructure from a disturbingly increasing global threat landscape.
From observing various cyber attacks in 2014 and 2015, cyber attacks have been increasing significantly in numbers and damage and with no signs of slowing down. Despite cybersecurity measures offered today, companies are still struggling to combat cyber threats, especially when advanced and multi-dimensional versions can bypass security controls.
Consequently, cyber attacks affected major corporations and world governments, exposing sensitive information such as account credentials, e-mails, and secret documents or completely delaying services for a period of several days. The estimated global loss of cybercrime accounts for $575 billion worth of damage. As the threat landscape is rapidly evolving, and traditional methods are ineffective against the new wave of attackers.
For 2016, businesses need to shift to more aggressive cybersecurity strategies as as means to avoid having all of their important information stolen and becoming another media embarrassment. As a result, demand for cybersecurity services has tremendously increased in response to major cyber attacks and data breaches. This is great news for the cybersecurity industry, which is not surprisingly showing explosive growth.
According to Cybersecurity Venture’s 2015 Q4 report, the worldwide cybersecurity market is defined by market sizing estimates that range from $75 billion in 2015 to $170 billion by 2020. In addition, seven-figure cybersecurity deals have gone up by 40% year-over-year. Victim organizations of cyber threats are outsourcing IT security services with expertise in forensic investigations, attack assessments, and an incident response team.
It is important to learn from common cyber attack patterns in the past two years to develop a preventative measures strategy and what to anticipate as 2016 is only beginning.
Based on analyzing 2014 and 2015 trends, several cyber attacks became predictors for the biggest threats for 2016:
An application sending untrusted data to an interpreter is an instance of injection vulnerability, exploiting common design flaws in web applications and installing malicious scripts to compromised sites. SQL and XML parsers and program arguments are the common targets of such an attack. If carried out successfully, injection vulnerability attacks can easily result in compromising data leading to damage and loss.
2015 Hacking Team’s data breach of email correspondences offered a great transparency to what the threat-based products exist, especially considering that the nature of their business is computer intrusion. One of the more notable products the company was offering was an injection proxy appliance, or IPA at an average cost of $35,000 to other countries. An IPA is a networking device, typically installed alongside an internet service provider’s servers, that can hijack a target’s internet traffic without their knowing, and secretly deliver malware to their device or computer. When a user watches a video or downloads an APP, the IPA can be modified to include malware. Instead of a video, the target might be prompted to update their installation of Adobe Flash first or an app, using an update that contains malware that the attack can remotely control in real time.
HP’s 2015 Cyber Risk Report found that 44% of 2014 breaches came from vulnerabilities that are two to four years old. Hacking Team’s breach, therefore, demonstrates that malware-for-hire services that include specialized injection tools will become on the rise later this year. Software must be patched regularly, and expertise is required to avoid common misconfigurations because that will be the absolute easiest entrance for hackers.
Data Breaches of 2016, More Frequent and Getting Worse
Lessons have to be learned when data breaches on Sony, Ashley Madison, and Hacking Team can render a significant impact on how anyone’s data could be compromised.
Arguably the most dangerous and most common vulnerability, exposure of sensitive data results in catastrophic losses for any organization. Thus, attackers use this vulnerability to inflict as much damage as possible. The target data can be stolen when it is resting in the system, in an exchange transit or in a backup store. Damage estimates place the average cost of a data breach at $3.8 million with a 23% increase since 2013. Without immediate preventative measures, data breaches are prohibitively costly.
While attack groups commonly use DDoS attacks to only disrupt an organization’s service, data breaches are starting to become more commonly used to damage company reputation. With the recent success of high-impact breaches, driven by a common goal of exposing incriminating information like questionable corporate practices, classified messages, and suspicious transactions will drive threat groups to involve data breach methods to their attack strategy. This will continue to become a popular method for hacktivist groups in support of their own agenda as they will continually claim responsibility for the attacks.
The Cost-Effective DDoS Service Market for Everyone
Even when corporations often face media backlash for data breaches and service interruptions, the reality is that the market for DDos services attacks is cheap and easy for anyone to utilize. Besides groups with advanced attack methods, users can simply hire DDoS-for-hire service providers. They can cost as little as $150 to take a small organization offline for up to a week, often advertising themselves as under different but synonymous titles such as “booters” and “stressors.”
DDoS service providers are a byproduct of a reality that anyone can utilize these services with a simple online transaction. With the major data breaches of the past several years, the DDoS market is growing in popularity. We can anticipate a stream of numerous attackers who require very little knowledge, preparation and resources to cause a high degree of damage towards any target, especially considering how cost-effective services are. With the minimal amount of money required for rendered DDoS services, attacks can happen at from a small to massive scale anywhere.
Ransomware Putting Reputations at Stake
Ransomware is a type of malware that encrypts a victim’s files and subsequently demands payment in return for the key that can decrypt the files. Once a user’s computer is infected, the ransomware installs itself, setting keys in the Windows Registry to start automatically each time the computer reboots. The ransomware is remotely operated and generates two encrypted keys (one for the victim and the other on the attacker’s server). Once the keys are established, the ransomware encrypts every file found on Windows and then displays a screen on the victim’s computer with a time limit to pay before the attack destroys the key to decrypt the files.
In most advanced instances, crypto-ransomware aims for the target’s sensitive data. They can be as simple as typical ransomware, or “police trojans” acting as law enforcement, or as advanced as crypto-ransomware that steals the target’s data.
Unless advanced reverse social engineering is involved, individuals and businesses would often just pay the ransom since the average attack costs an average ransom amount of $300. While variants exist such as CryptoLocker, TorrentLocker and CryptoWall, the CyrptoWall v3.0 threat has cost hundreds of thousands of users worldwide more than $325 million in damages so far.
For 2016, ransomware will become an more lucrative business. 2014 and 2015 have seen many instances of data breaches, so this will give extortionists new leverage against new targets fearing to become the next victim. With complex obfustication layers of exploit code and anti-vm techniques, ransomware threats can increase and demanding more Bitcoin ransom money in their payload ransomware variant.
Internet of Things (IoT), Huge Threat to Consumers
Internet of Things (IoT) will invite cyber threats at a massive scale this year. Companies offering IoT products that include wirelessly transmitting sensor data to each other has been predicted by tech reporters everywhere that will be the biggest trend of 2016. There is a huge possibility attackers could expose a vulnerability within an IoT device, at this rate, at least one IoT device failure will be lethal in 2016.
We have seen this with simpler devices such as CCTVs where Incapsula reported in March 2014 that an HTTP GET flood turned approximately 900 CCTV cameras around the world into a botnet. Approximately 245 million surveillance cameras in total are used professionally, not accounting for CCTV cameras configured for home use. Compromised devices has also been seen as advanced as when security researchers in July 2015 hacked a Jeep Cherokee’s infotainment system using a 3G connectivity, leading to a recall of 1.4 million Chrysler vehicles.
With enough Wi-Fi configuration on less secured smartcars, all the attacker needs to do is to stay within the Wi-Fi range, identify the car’s Wi-Fi network, and then break the password, which is secured quite weakly. From these instances, attacks can figure out sensitive information on the IoT device including their IP address, Wi-Fi signal strength, or system configurations related to the device.
If devices used by businesses can become exposed to attacks, then it’s far more likely that consumer products tend to be less-secured and more prone to vulnerabilities, since these devices are broadcasting sensitive information. Smart-connected home device shipments are projected to grow at a compound annual rate of 67% in the next five years and are expected to hit almost 2 billion units in 2019.
Given that the estimated number of shipments will outpace smartphones and tables in the next 3 years, the increasing use of devices that requires a Wi-Fi connectivity will open a whole new world for attackers. IoT devices must include advanced security defenses on top of default factory installations, so device connectivity are not prone to attackers looking for weak points in the network.