Security Market Segment LS
Wednesday, 21 December 2016 11:26

The 12 hacks of Christmas

By
The 12 hacks of Christmas

The year 2016 saw a huge number and variety of cyber attacks, ranging from a high-profile DDoS using hijacked Internet-connected security cameras to the alleged hacking of party officials during the US election.

Sophos Justin PetersWhile the good guys largely managed to hold back the tide, 2016 it showed that cyber crime is well organised, well-funded, and relentlessly clever.

IT Security vendor Sophos, says it saw it all – including a tsunami of data breaches, the rising tide of ransomware, to significant losses of people’s personally identifiable information (PII).

Justin Peters (left), Sophos’s Technology Solutions director has provided insights into how some of those trends might play out in 2017.

#1 Destructive DDoS IOT attacks will rise

In 2016, Mirai showed the massive destructive potential of DDoS attacks because of insecure consumer IoT (Internet of Things) devices. Mirai's attacks exploited only a small number of devices and vulnerabilities and used basic password guessing techniques. However, cyber criminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities. Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in your network.
#2 Shift from exploitation to targeted social attacks

Cyber criminals are getting better at exploiting the ultimate vulnerability - humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves. For example, it’s common to see an email that addresses the recipient by name and claims they have an outstanding debt the sender has been authorized to collect. Shock, awe or borrowing authority by pretending to be law enforcement are common and effective tactics. The email directs them to a malicious link that users are panicked into clicking on, opening them up to attack. Such phishing attacks can no longer be recognized by obvious mistakes.

#3 Financial infrastructure at greater risk of attack

The use of targeted phishing and "whaling" continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts. We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFT-connected institutions which cost the Bangladesh Central Bank $81 million in February. SWIFT recently admitted that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks: "The threat is very persistent, adaptive and sophisticated – and it is here to stay".

#4 Exploitation of the Internet’s inherently insecure infrastructure

All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky. For example, attacks against BGP (Border Gateway Protocol) could potentially disrupt, hijack, or disable much of the Internet. And the DDoS attack on Dyn in October (launched by a myriad of IoT devices), took down the DNS provider and, along with it, access to part of the internet. It was one of the largest assaults seen and those claiming responsibility said that it was just a dry run. Large-scale ISPs and enterprises can take some steps to respond, but these may well fail to prevent serious damage if individuals or states choose to exploit the Internet's deepest security flaws.

#5 Increased attack complexity

Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organization's network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively. Closely managed by experts, these attacks are strategic, not tactical, and can cause far more damage. This is a very different world to the pre-programmed and automated malware payloads we used to see – patient and evading detection.

#6 More attacks using built-in admin languages and tools

We see more exploits based on PowerShell, Microsoft's language for automating administrative tasks. As a scripting language, PowerShell evades countermeasures focused on executables. We also see more attacks using penetration testing and other administrative tools that may already exist on the network, need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.

#7 Ransomware evolves

As more users recognize the risks of ransomware attack via email, criminals are exploring other vectors. Some are experimenting with malware that reinfects later, long after a ransom is paid, and some are starting to use built-in tools and no executable malware at all to avoid detection by endpoint protection code that focuses on executable files. Recent examples have offered to decrypt files after the victim shared the ransomware with two friends, and those friends paid to decrypt their files. Ransomware authors are also starting to use techniques other than encryption, for example deleting or corrupting file headers. And finally, with "old" ransomware still floating around the web, users may fall victim to attacks that can't be "cured" because payment locations no longer work.

#8 Emergence of personal IoT attacks

Users of home IoT devices may not notice or even care if their baby monitors are hijacked to attack someone else's website. But once attackers "own" a device on a home network, they can compromise other devices, such as laptops containing important personal data. We expect to see more of this as well as more attacks that use cameras and microphones to spy on households. Cyber criminals always find a way to profit.

#9 Growth of malvertising and corruption of online advertising ecosystems

Malvertising, which spreads malware through online ad networks and web pages, has been around for years. But in 2016, we saw much more of it. These attacks highlight larger problems throughout the advertising ecosystem, such as click fraud, which generates paying clicks that don't correspond to real customer interest. Malvertising has actually generated click fraud, compromising users and stealing from advertisers at the same time.  

#10 The downside of encryption

As encryption becomes ubiquitous, it has become much harder for security products to inspect traffic, making it easier for criminals to sneak through undetected. Unsurprisingly, cyber criminals are using encryption in creative new ways. Security products will need to tightly integrate network and client capabilities, to rapidly recognize security events after the code is decrypted on the endpoint.

#11 Rising focus on exploits against virtualized and cloud systems

Attacks against physical hardware (e.g. Rowhammer) raise the possibility of dangerous new exploits against virtualized cloud systems. Attackers might abuse the host or other guests running on a shared host, attack privilege models, and conceivably access others' data. And, as Docker and the entire container (or ‘serverless’) eco-system become more popular, attackers will increasingly seek to discover and exploit vulnerabilities in this relatively new trend in computing. We expect active attempts to operationalize such attacks.

#12 Technical attacks against states and societies

Technology-based attacks have become increasingly political. Societies face growing risks from both disinformation (e.g., "fake news") and voting system compromise. For instance, researchers have demonstrated attacks that might allow a local voter to fraudulently vote repeatedly without detection. Even if states never engage in attacks against their adversaries' elections, the perception that these attacks are possible is itself a powerful weapon.

Read 3720 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




Maximising Cloud Efficiency - LUMEN WEBINAR 23 April 2025

According to KPMG, companies typically spend 35% more on cloud than is required to deliver business objectives

The rush to the cloud has led to insufficient oversight, with many organisations struggling to balance the value of cloud agility and innovation against the need for guardrails to control costs.

Join us for an exclusive webinar on Cloud Optimisation.

In this event, the team from Lumen will explain how you can maximise cloud efficiency while reducing cost.

The session will reveal how to implement key steps for effective cloud optimisation.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Latest from Ray Shaw

Related items

More in this category: « Cyber security myths that just won't die Are you who you say you are? »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments