Security Market Segment LS
Wednesday, 21 December 2016 17:03

Cyber crime more sophisticated – putting on a top hat, white tie and tails

By

Cybercriminals have become more sophisticated and insidious by constantly revising, updating and re-inventing their tactics and technologies to launch attacks.

Having 100% protection against today’s cyber threats is a pipe dream so it is more about how we survive cyber attacks – cyber resilience is the name of the game.

Building cyber resilience is a strategy that layers state-of-the-art preventative systems, point-in-time recovery measures, and a means to maintain continuity during an attack. A good strategy can make a significant difference in fending off the myriad sophisticated threats. No one can predict all the attacks coming but they can build in cyber resilience and learn from what has already happened.

iTWire asked Peter Bauer, chief executive and co-founder of Mimecast, a major cloud email provider, and as such part of cyber crime’s main attack vector, phishing, to share his insights into tomorrow’s cyber attacks and how organisations can be prepared. His response is given below:

Mimecast bauerAlthough we may not know all the answers of what’s to come, based on what we’ve seen over the year here are a few attacks that we, at Mimecast, think will rise up 2017:

 

 

The rise of cyber gangs

If you think 2016 was rampant with attacks, 2017 will be much worse. Not just in the number of attacks, but the sophistication. Attackers are getting much smarter, their data gathering techniques more sophisticated, and they are more organised.

The year 2017 will see growing families or “gangs” of attackers, as well as a shared network of stolen information. While groups will likely clash, these virtual gangs will grow, gain resources, and fight over “turf” – territories in the digital landscape.

All business can do is take a layered security approach and have a proper cyber resilience strategy in place to combat these threats. If that is out of reach, especially for cash-strapped organisations, they need to consider moving to a cloud security strategy where advanced security capabilities exceed those that can be managed on premise.

Ransomware continues to evolve, yet don’t take your eye off other threats

Ransomware will explode to become one of the biggest threats, fuelled by smaller ‘opportunist’ attackers using off-the-shelf kits to deploy malware. This is an easy and cheap attack method that still produces fruitful results. Fire a million arrows and only one needs to hit!

Few organisations have effective defences against this type of malware and with anonymous bitcoins it has never been so easy to get away with. 2017 will see more crypto-lockers and evolving forms of ransomware that deny access to desktops, network drives, cloud services, and even IoT.

Then there is the trend by adversaries impersonating the CEO to transfer thousands of dollars to an offshore account or by basic phishing attacks that will cause employees to launch attacks on your organisation.

Focus on data mining

Attackers aren’t just focused on money, they’re focusing on data mining and will use the data they gather in more advanced attacks to gather important data to be either sold on the Dark Web or used in future attacks.

While wire transfer fraud (Nigerian 911 scam) is, and will still be an issue in the future, organisations need to also think about where else they’re susceptible and ensure they have the appropriate protective measures in place. Backups are essential, but the evolution of ransomware is staggering and organizations need to ensure their gateway, firewall, endpoint and other security solutions are consistently up-to-date.

Cyber espionage to cause more political disruption

Nation states and their sponsored operatives will use cyber espionage more and more to cause political shifts, disruption, and to gain economic advantage. This will involve, but will not be limited to, email hacking and disclosure of other forms of intercepted private communications, disruption of and interference with critical national infrastructures.

Reigning-in data residency and governance

The impending general data protection regulation (GDPR) will significantly focus European organizations on improving their security and privacy programs. At the same time, increased state-sponsored attacks will lead to more stringent rules around data residency and governance, as well as state firewalls being considered to mitigate threats and allow regional business activity to continue.

Advancements in managing internet traffic from different geographies will become a focus as global trade landscape changes.

Impersonation attacks in the spotlight

Social engineering attacks, like phishing, spear-phishing, and domain spoofing have grown from being a nuisance to a huge problem. However, one of the lesser publicised problems is impersonation attacks.

Whaling attacks can cost organisations millions in financial losses. The Australian Crime Commission claims that cyber crime now costs the country more than a billion Australian dollars each year. We expect to see whaling attacks as the next “it” attack flooding the media.

Macro malware still in the game

Macro malware is still the main attack vector. Most organisations block executable attachments at the gateway by default, they must still allow files, such Microsoft Office documents, to pass freely if employees are to be productive.

Mimecast has found that 50% of firms have seen email attacks that use macros in attachments increase over the last year. Why? It is such a simple tactic with little proactive AV detection, and that’s why we’ll continue to see waves of Macro malware into next year and beyond.

Taking the time to reflect on all the ups and downs we’ve seen in cyber security over the last year, offered me greater clarity into what we may expect to see in 2017. Stay safe this holiday season, as it’s unlikely that attackers will all be taking the holidays off.


Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.

CLICK HERE!

WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.

REGISTER HERE!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News