2 Jun 2017

Just when you think you have seen the worst that cyber criminals have to throw at you, they are back with more sophisticated, and in some cases, more severe threats. Understanding emerging and evolving cyber threats is the first step in helping to protect your organisation. The next, and most important, step is shoring up your defence technologies with the proper training, education and deployment. To help prepare for what may be coming next, let’s take a look at what are already shaping up to be some of the more prevalent cyber threats for the coming year.

Ransomware

Ransomware is set to continue its dominance of the threat landscape as hackers become more aware of the earning potential with this set of malware. Ransomware is not new, but the ways in which it is currently being deployed are evolving. Most commonly, hackers send emails to unsuspecting targets that may contain links or attachments that are infected with malicious software. Although e-mail and malicious websites are the most common source of ransomware, it can also be initiated or disseminated through zero-day exploits, drive-by attacks or network vulnerabilities.

Machine learning

The advancement of machine learning will allow hackers to accelerate the proliferation and the sophistication of social engineering and other attacks. Experts at Intel® (Intel Security McAfee Labs 2017 Threat Predictions Report) predict there will be two forms of machine learning attacks. The first will develop strategies to disrupt advanced security software and policies. In this approach, machine learning is used to introduce false data or bombard an environment with any false positives that would be detected by various machine learning detection models. The second approach involves using machine learning to refine social engineering attacks enabling bulk phishing campaigns to attain the success rates of targeted attacks.

Man-in-the-middle attacks

Man-in-the-middle attacks on businesses’ Wi-Fi networks will continue to evolve and become more prevalent. A man-in the middle attack happens when a hacker generates the same SSID or wireless profile that your access control point issues for your Wi-Fi network. When this happens, a computer that attempts to connect to your Wi-Fi may see the imposter SSID and connect to that. Once connected to the fake network, the hacker can see everything you are doing online and steal your information.

Ghostware and two-faced malware

Ghostware is another emerging threat that can be most insidious of threats, as it will infiltrate, carry out its targeted mission and then completely erase any evidence that the malware was ever there or that a breach even occurred.

Planning ahead for what “could” happen and how to respond in case it “does” happen is key to surviving an attack

As detection and prevention systems become increasingly adept at detecting malware, criminals continue to create ways to stay a step ahead. “Sandboxing” of unknown files in a controlled environment to test for malicious activity has become common and so hackers have come up with a way around it. “Two-faced” malware can detect when it is on a virtual machine and appear benign. Then, once allowed past the firewall and anti-virus software the malware will run its second, malicious design.

Adware and fileless malware attacks

Adware, software often more of a nuisance than a severe threat, is also increasingly becoming a tool of hackers again. Adware may also include spyware, code that tracks a user's personal information and passes it on to third parties without the user's authorisation or knowledge.

New to the game are Fileless malware attacks. Fileless infections – those written directly onto a computer’s RAM without using files of any kind – are difficult to detect and often elude intrusion prevention and antivirus programs.

Now that we have identified some potential risks you may face, the obvious question is what can be done to mitigate them? To make the process more manageable, we have broken down the various aspects of a cybersecurity program into three categories.

Software and Hardware technologies

Any comprehensive cybersecurity program should include a robust network security appliance and up-to-date endpoint protection software. Many organisations adopt a “set it and forget it” mentality but in reality these programs are only as good as the current update or patch.

To protect against man-in-the-middle attacks on your Wi-Fi networks, you need security-enabled access points that are ideally monitored 24/7/365 either internally or by a third-party cybersecurity monitoring provider.

Having a continuing education programme, can greatly reduce the risk your business faces

Another sound investment is to formulate an exhaustive disaster recovery programme. Planning ahead for what “could” happen and how to respond in case it “does” happen is key to surviving an attack. The disaster recovery programme should also include a detailed cloud-based data back-up plan. It is a common misconception that syncing files to the cloud is the same as backing up files to the cloud. In reality, a virus can corrupt a file on a computer and when that file is synced to the cloud it will overwrite the uncorrupted version, making the file unrecoverable.

Education and training

No matter how sophisticated your security, your first line of defence and greatest source of risk will always be your employees. Develop and execute strong policies and procedures, and train your staff to comply with them. Education on cybersecurity threats such as phishing and malware, and what to do when encountered, should be part of the expected knowledge base of your employees as they interact with your business-critical data. Having a continuing education programme, even as simple as updates on threats currently circulating, can greatly reduce the risk your business faces.

Alternative methods

We realise developing, executing and managing a robust cybersecurity programme may seem daunting to organisations that do not have a dedicated team to identify and combat digital threats. Engaging a third-party provider with comprehensive cybersecurity solutions is a good option for those businesses that do not have the time or resources to administer a programme on their own.

Many small- to medium-sized business (SMB) will continue to hold the false hope that it couldn’t happen to me”. The sad truth though is that 43% of cyberattacks target small business (2016 Symantec Internet Security Threat Report).

No one can predict where cyber criminals will attack next and in what fashion. However, keeping up-to-date on the emerging threats as they become known and shoring up your defense against them is a start in protecting your business and your data.

How strong are your company’s defenses against cyber threats?

18.2%

50%

22.7%

9.1%