Top Cybersecurity Threats of 2017
The cybersecurity industry sees dozens of high-profile attacks and breaches every year, and 2016 was no exception. The industry changed in startling ways over the last 12 months as hackers targeted high-profile companies across the internet. Now that the dust has settled, 2016 will likely be remembered for the largest distributed denial of service (DDoS) attack, multiple successful breaches of the SWIFT banking system, a phishing attack on a United States presidential candidate’s campaign, and several ransomware attacks on major healthcare organizations. NopSec has analyzed the aftermath of some of the biggest incidents of the last 12 months to understand how these threats will evolve over time.
Learn more about the biggest cybersecurity threats of 2016 and how they changed the industry for good.
Nation-State Cyber Attacks
The past year saw a dramatic increase in the number of cyber attacks committed or commissioned by nation-states. A nation-state cyber attack is when a foreign nation organizer tests the IT infrastructure of other nations.
Countries often use these attacks to destabilize the economic and financial systems of their rivals. They can also be used to influence diplomatic relations and the international political landscape.
The biggest nation-state cyber attack took place during the 2016 Presidential Election. The U.S. Intelligence community found that Russia interfered with the election by stealing and releasing personal information related to the Democratic National Committee. Russian hackers also stole malware from the National Security Agency and auctioned the software online. Yahoo also disclosed that nation-state hackers might have been behind a security incident that occurred two years ago.
These kinds of cyber attacks will only increase in the years to come, with nation-state-sponsored data breaches remaining the biggest threat to high-impact government systems.
Ransomware
The market for ransomware continues to grow every year. This type of malware holds sensitive information for ransom until the victims pay the hacker, usually via cryptocurrency like Bitcoin. The hacker will encrypt the victim’s files, rendering them inaccessible. Once they have been encrypted, the ransomware will usually upload the files to a private key while deleting the local copy.
Ransomware has shown to be extremely effective in the wild. The U.S. Computer Emergency Readiness Team (US-CERT) reported 4,000 average daily ransomware attacks in 2016—four times as many average daily attacks as in 2015. Many companies often feel pressure to pay the ransom to get their files back, but this only makes ransomware more profitable. Hackers made off with approximately $1 billion in 2016 alone, which shows us that they aren’t feeling the heat just yet.
The growing market for ransomware has spurred demand for what’s known as Ransomware as a Service (RaaS). Engineers and hackers can easily sell their ransomware to aspiring hackers and bad actors worldwide. Anyone looking to wage an attack can now purchase the malware they need on the dark web. Hackers, or shadow brokers, can also shield themselves from risk by having other parties carry out attacks using their malware.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks have been a pervasive problem for years now, but they are becoming more popular and effective at causing outages. The industry witnessed what’s believed to be the largest DDoS attack in history in 2016 when hackers targeted the French cloud computing company OVH. The scale of that attack was later eclipsed by the DDoS against DNS provider Dyn. The hackers were generated traffic of 1.2 terabits per second, bringing down popular websites like Amazon, CNN, Visa, and Twitter.
DDoS attacks are categorized by the metrics used to measure artificial traffic and the types of IT infrastructure they target.
Volume-based attacks
Measured in bits per second (BPS), saturate a site’s bandwidth to block other visitors.
Protocol attacks
Measured in packets per second, they attack servers and intermediate communication equipment in order to tie up enough of these resources to lead to denial of service.
Application layer attacks
Measured in requests per second. These attacks attempt to crash web servers through a flood of requests that appear legitimate.
Hackers carry out various types of DDoS attacks for different reasons. Some use them to extort money from victims or to gain political influence, while others use them to gain a competitive advantage in the marketplace by temporarily rendering their competitors’ services unavailable. We expect these kinds of attacks to become more prevalent in the years to come with hackers targeting essential IT infrastructure to maximize the potential damage.
Internet of Things (IoT)
Smart devices, like thermostats, watches, appliances, and automated machines, are becoming increasingly popular among consumers and businesses. Gartner estimates that by 2020, consumers and businesses will be using more than 20 billion IoT devices, up from just 5 billion in 2015. These devices are often less secure than traditional IT infrastructure such as servers and computer systems. Most of us may not associate IoT with cyber attacks, but smart devices have now become targets as well.
Hackers often take advantage of unpatched vulnerabilities in the IoT that can leave these devices vulnerable to attacks. The hacker can remotely access the device, disable features, or use it to access the internet, specifically to mine cryptocurrency. In one high-profile IoT attack, hackers managed to take down large swathes of the Ukrainian power grid, leaving residents in the dark in the middle of winter.
The IoT can help us stay connected like never before, but the proper security measures need to be taken to prevent these devices from falling into the wrong hands.
Many of 2016’s biggest threats and vulnerabilities were the result of human error, such as those caused by phishing attacks and business email compromises. Consumers and employees may lack the skills needed to protect their IT assets from emerging threats.
Hackers often use social media and other public platforms to share these vulnerabilities and try out proof of concepts that can later be used to stage an attack.
These trends will continue to shape cybersecurity for years to come. Companies should use the latest vulnerability management software to track and facilitate vulnerability remediation in real-time.
Download the full Top Cybersecurity Threats of 2017 by NopSec to learn about the five of the biggest cyber threats that NopSec expects to see in 2017: nation-state cyber attacks ransomware, DDoS attacks, the Internet of Things, and social engineering and human error.