Preparing for 2018: Enterprise Ransomware, Software Supply Chain Attacks and Nation-State Threats

Preparing for 2018: Enterprise Ransomware, Software Supply Chain Attacks and Nation-State Threats

As we look back at 2017, one thing is certain – the hacks, breaches and exploited vulnerabilities that halted hundreds to thousands of businesses this year show that threat actors are growing more skilled, moving faster than legacy technology and finding clever ways to infiltrate organizations. With the new year approaching, we’ll see some major trends in attack types continue to grow and geopolitical motivations will strongly influence nation-state cyber activity.

Looking at the major attack types that will be prevalent in 2018, enterprise ransomware will continue to be a major trend for adversaries. In 2017, we saw these disruptive and destructive attacks come to the forefront with the WannaCry, NotPetya and BadRabbit malware outbreaks that successfully took companies offline for days and, in some cases, even weeks. While mostly destructive and not truly ransomware in nature, these attacks highlighted the potential for criminal groups to hold entire networks hostage while demanding millions of dollars in ransom from businesses who need to get their operations back up and running. These viral enterprise ransomware attacks will likely become a major trend amongst e-crime actors in 2018.

In addition to enterprise ransomware, software supply chain attacks will be the new vector for many adversaries. Recent events have demonstrated that the software supply chain is becoming an attractive way for nation-state threat actors to target organizations en-masse – take for example the CCleaner attack in September. Compromising the update channel of a popular software package can immediately give access to thousands of victims in one fell swoop. While these software supply chain attacks are not new, the frequency with which they have been taking place are a cause for concern. As evidenced by this momentum, the software supply chain will likely become a favorite threat distribution vector for criminal groups as well in 2018. In order to stay protected against these attacks, organizations must leverage anomaly-based detection and ensure comprehensive visibility to detect and stop these incidents.

Geopolitical motivations across the globe in 2018 will also continue to influence nation-state cyber activity. The potential for attacks from North Korea will continue to be a primary concern. In fact, we’ve been worrid for some time that one of the ways North Korea may try to deter a possible military attack against their nuclear or ballistic missile facilities is through asymmetric operations, which these days also include significant cyber attack capabilities. In particular, due to North Korea’s lack of dependence on global financial systems and the importance of it to U.S. and Western economies, as well as past history of intrusions into major banking institutions by DPRK, the financial sector is one that will likely suffer the brunt of these attacks.

Additionally, ongoing attacks from Iran against Saudi Arabia, and even potentially the United States, will come to the forefront in 2018. We have observed Iran invest significant resources in advancing its cyber capabilities over the last seven years. Continued tensions and proxy wars with Saudi Arabia over the conflicts in Syria, Yemen and the blockade of Qatar, have resulted in waves of cyber attacks from Iran against Saudi Arabia. These attacks are likely to continue and potentially escalate into 2018, with possible impact on Western companies working in Saudi Arabia. Additionally, if the U.S. pulls out of the JCPOA nuclear agreement and attempts to reinstate financial sanctions against Iran, they may expand those attacks to include the U.S. financial and energy sectors.

This past year was marked by adversaries finding more interesting and effective ways to cause harms to organizations – whether by halting operations or by exposing used data. And, with 2018 quickly approaching, it will be critical for organizations to focus on the growing threat vectors and nation-state developments affecting their industries.

About the Author

Dmitri Alperovitch is the co-founder and CTO of Crowdstrike.

Featured

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.