When I saw the news that hackers had published the script of this week’s upcoming Game of Thrones episode after breaching HBO, it gave me pause. The attackers also stole video footage, documents and emails — so the GoT script could be the first of many leaks to come.
What’s perhaps most unsettling is the hacking group — called little.finger66 — doesn’t seem to have a motive, nor is there any ransom demand (that we know of, anyway).
These days, it’s not just credit card numbers that are up for grabs — it’s literally anything that cyber-attackers can use to make money or make a statement (or, in the case of little.finger66, for no obvious reason).
It makes me wonder, what’s next? Ransomware is bad enough — can it get worse?
There are evolving threats on the horizon. It seems, however, that cyber-attackers are also going old-school: Cisco’s 2017 Midyear Cybersecurity Report has discovered a resurgence in traditional attacks — like spam. Yes, spam is back.
Cisco threat researchers estimate the volume of spam with malicious attachments will continue to rise, while spyware and adware — often considered more of a nuisance than a real threat — will present high risks in the enterprise (Cisco found spyware had infected a whopping 20 per cent of its sample of 3,000 companies over four months).
Ransomware isn’t going away, either. After all, it’s a big money-maker for extortionists. And ransomware-as-a-service makes it easy for the Average Joe to launch an attack — no IT skills required.
But Cisco warns of a greater (and under-reported) threat: BEC, or business email compromise, which uses social engineering to trick organizations into transferring money to attackers. This, obviously, goes far beyond the ol’ Nigerian prince scam to much more legitimate-looking requests.
But there’s also a new threat on the rise, and it’s truly worrisome. You’ve heard of a DDoS attack — a distributed denial of service attack attempts to bring down an online service (anything from banking to news websites) by overwhelming it with traffic.
Now there’s the potential of something Cisco calls destruction of service (DeOS) attacks, which it says could leave organizations without the backups or safety nets required to restore systems after an attack. Think of WannaCry and Nyetya — these attacks spread far and wide, and they spread fast, with the potential to be much more damaging than traditional ransomware.
“Attackers are innovating ransomware and DDoS campaigns so that they can seriously disrupt an organization’s networks. By doing so, bad actors also damage the organization’s ability to recover from an attack,” says David Ulevitch, vice-president of Cisco’s Security Business Group, in a blog post.
Add IoT into the mix, and there are all sorts of new ways for cyber-criminals to exploit organizations. In Ulevitch’s blog post, he says “the bad actors have figured out that IoT devices present opportunities to build botnets that can launch DDoS attacks more powerful than we’ve seen in the past by virtue of their prevalence and ease of exploitation.”
He says we’ve entered the 1-TBps DDoS era, “where IoT-driven DDoS attacks can cause wide-reaching attacks with the potential to disrupt the Internet itself.”
The sheer volume and scope of cyber-attacks is overwhelming. But Cisco’s research also found that only about two-thirds of organizations are investigating security alerts — and in certain industries (such as healthcare and transportation) this number drops to about 50 per cent.
Clearly, organizations need to take a more proactive approach to security, rather than reacting after something’s already happened — which is usually too late.
Some advice from Cisco Security:
- Keep infrastructure and applications up to date, so attackers can’t exploit publicly known weaknesses
- Battle complexity through an integrated defense
- Be active, not reactive; don’t ‘set and forget’ security controls
- Use role-based training for employees versus a one-size-fits-all approach
After all, you don’t want Little Finger getting his hands on your data.