Most dangerous new cyber security threats 2017: ransomware, spearphishing, IoT botnets

Ransomware is the act of holding an organisation’s data to ransom for cash, and in 2016 these types of attacks rose at a phenomenal rate. According to a recent report from SonicWall, ransomware attempts swelled from 3.8 million in 2015 to 638 million last year – and as much as $209 million had been paid out in the first quarter of last year alone.

See also: Ransomware explained – how digital extortion turns data into a silent hostage

Ransomware is a worry for any organisation, but in particular attacks have been ramped up against utilities and hospitals where data is absolutely vital for day-to-day operations. Although far and away most security experts recommend anything but paying the ransom, it’s easy to see why some organisations do it – when the demanded payments are just about affordable enough to justify the cost against downtime. But there’s no guarantee that, once paid, the locked data will be restored.

The most common ransomware type by far is called ‘Locky’ – which often arrives as a word document that asks the user to enable macros. Once this is enabled, the file runs a downloader in the background and installs Locky Ransomware, which then scrambles data on all available drives and typically demands a Bitcoin payment.

See also: Worst 10 ransomware attacks – we name the Internet's nastiest extortion malware

Gartner expects 8.4 billion ‘things’ connected to the internet around the world this year, providing opportunity for denial of service attacks at a scale never seen before. In late 2016, an enormous DDoS attack was pointed at DNS provider Dyn using something called the Mirai botnet, which was launched from a huge number of IoT devices, likely at a Dyn customer. The attack on internet infrastructure took down a large number of popular internet services, including parts of Twitter, Github, storage service Box and the Playstation Network. It proved at the time that many service providers were ill-equipped to deal with the scope of the attack, and researchers at the time said they had monitored IoT botnets recruiting other botnets at scale before the attack took place.

Although businesses are starting to wake up to the security threat from IoT devices – which are often built for affordability with security as a secondary consideration – the code for Mirai went public in October last year.

See also: Botnet trafffic - the invisible force that wants to eat the Internet

Phishing attacks have long been an established threat – but they’re now more targeted and sophisticated than ever before. Spearphishing is the process of sending a fraudulent email from a trusted account to a targeted individual, usually with the intention to scam the recipient out of money. ‘Whaling’ takes this concept one further and involves targeting high-worth individuals, often within an organisation to get them to send money to a fraudulent account. The FBI calls these business email compromise scams – and well-known companies have fallen for them. For example, a finance executive at toymaker Mattel signed off on a $3 million transaction to the Bank of Wenzhou, China, believing it to be a legitimate request. 

And according to recent research from security vendor Proofpoint, social media phishing attacks grew 500 percent in volume from the start of 2016 compared to the end. This included what the company calls ‘angler’ phishing, where fraudulent customer service accounts – from PayPal, for instance – intrude on interactions between customers and businesses.

Vendor Trend Micro describes the Business Process Compromise as a relatively recent phenomenon as a way for attackers to manipulate the day-to-day running of operations in their favour. It targets, the company says, the “unique processes or machines facilitating these processes to quietly manipulate them for the attacker’s benefit”. For example, in 2013 drug traffickers managed to hack into the backend of a port in Antwerp – targeting the IT systems that tracked the movement and location of containers, and this made it easier for the drug traffickers to retrieve their cargo.

Both vendors and attackers are turning to artificial intelligence to strengthen their capabilities. According to a recent Intel Security report, machine learning is likely to become useful in evolving successful social engineering attacks, particularly considering the rate of development in AI.

See also: Machine learning in cybersecurity: what is it and what do you need to know?

By combining publicly available data with complex analysis tools and Intel Security believes it would be possible to pick targets more precisely and with a greater level of success.

In its report, Intel Security notes that machine learning tools are “force multipliers for those of us in security roles”, and that it would “be negligent to assume cybercriminals are not also adopting these powerful tools”.