Self-propagating malware, ransomware cryptoworms and weaponized cloud are just a few of the new threats that should be on your radar this year. As attackers’ tools are evolving, so too are their motives.
Researchers believe the WannaCry and Nyetya crypotoworms, released last year, were only masquerading as ransomware to hide their “true purpose” of wiping data or destroying systems. All this according to Cisco’s 2018 Annual Cybersecurity Report, which outlines three main trends for IT pros to be aware of in the coming year:
- Malware is getting more sophisticated: According to Cisco’s threat researchers, network-based ransomware cryptoworms are eliminating “the need for the human element in launching ransomware campaigns.” This is a game-changer, since “an active and unpatched workstation is all that is needed to launch a network-based ransomware campaign” and could even be launched via an automated software update. Cisco reports that this type of supply chain attack is increasing in both velocity and complexity.
- Attackers are getting better at evasion: Encryption, which is typically used to protect organizations, is now being used by attackers to conceal command-and-control activity which, Cisco points out, gives them “more time to operate and inflict damage.” They’re also using legitimate services like Google and Dropbox to “weaponize” cloud services, which Cisco says is nearly impossible to identify because their traffic “mimics the behavior of legitimate network traffic.”
- Attackers are exploiting gaps in security: Many of these security breaches are related to the Internet of Things (IoT) and cloud services. Organizations are struggling with “a lack of clarity around who exactly is responsible for protecting those environments” and attackers are exploiting this.
IoT botnets are evolving and being used to launch DDoS attacks, and yet sensors and other IoT devices are being installed “rapidly and with little or no regard for security,” according to the report. Left unpatched and unmonitored, these devices pose a serious security threat, providing hackers with easy access into your network.
Researchers at Radware, a Cisco partner, believe the growth in IoT botnets is responsible for an increase in application-layer attacks — and that this is where future attacks will be concentrated. Radware has also seen increases in DDoS ‘burst attacks’ and reflection amplification attacks.
Though the threat landscape is evolving, so too are defenses. Cisco expects attackers to increase their use of encryption, but points out that machine learning and artificial intelligence are being used to detect these attacks and can help overcome shortcomings in resources and skills. Machine learning can also be used to spot unusual patterns in web traffic.
With all of these new threats to worry about, don’t forget about old-school malware. As the Cisco report reminds us, “no matter how much the threat landscape changes, malicious email and spam remain vital tools for adversaries to distribute malware because they take threats straight to the endpoint.”
Procedures such as backing up data, installing patches and educating workers are still key. And as supply chain attacks increase, it’s increasingly important to vet your vendors and their security practices.
Old-school threats, combined with emerging ones, require a multi-faceted approach, particularly as you deploy multi-cloud or IoT. Machine learning and AI are impressive tools for fighting cyber threats — but so, too, is getting your users to stop using ‘password’ as their password.