The Future of Cyber Attacks
In 2018 we can expect to see continued creativity from nation-state actors, a growing focus on industrial control systems, and efforts to compromise the software supply chain.
- By Toni Gidwani
- Dec 28, 2017
2017. Am I right? We saw headline grabbing attacks like WannaCry and NotPetya that spread like wildfire, continued debate over the extent of Russian hacking targeting key elections in the US and Europe, and very concerning indications that adversaries are learning how to attack critical infrastructure. In 2018 we can expect to see continued creativity from nation-state actors, a growing focus on industrial control systems, and efforts to compromise the software supply chain.
What lessons should we take into 2018? With threats evolving rapidly, being more prepared for cyberattacks in 2018 will be key to success. Threat intelligence enables security teams to identify enterprise exposure and assess risk more quickly. As a result, organizations that have intelligence and an aligned security team will be more agile and responsive.
When cyber attacks make you WannaCry
In 2018, we’ll continue to see known, leaked vulnerabilities exploited by a range of adversaries and efforts to blur the lines between nation-states and criminals. We saw this earlier in 2017 in the WannaCry and NotPetya attacks where leaked US vulnerabilities were weaponized by other nation states. The WannaCry ransomware attack was carried out by a North Korean hacking group, an example of a nation-state adopting an attack more commonly used by criminals. The NotPetya attack, widely assessed to be conducted by Russian threat actors, was a destructive wiper masquerading as ransomware that primarily targeted Ukraine.
When “politics by other means” can affect your company
The geopolitical landscape, in particular, will shape the threat organizations face in 2018 and beyond. Mounting financial pressures against the North Korean government are likely to translate into revenue generating cyber attacks. High tensions on the Korean Peninsula may cause Pyongyang to use cyber attacks in an attempt to deter or retaliate against perceived hostile actions, which could affect a larger range of companies. North Korean hackers jump across a range of different target industries and they are less constrained than other nation states with how they assess risk, creating greater unpredictability.
Similarly, we can expect Russian threat actors to use hacks as a way to retaliate against real and perceived slights in the international arena. It increasingly looks like efforts to hack the 2016 US presidential election were a reaction to Vladimir Putin’s belief that the US was behind the Panama Papers leak that highlighted the corrupt finances of close associates. Russia’s expulsion from the the 2018 winter olympic games is another inflammatory subject likely to drive hacking behavior like we saw in 2016 against the World Anti-Doping Agency.
ThreatConnect has seen the threat against critical infrastructure start to proliferate. Attackers are becoming smarter and more elegant, illustrating a degree of adversary learning, which is concerning to the security community. In 2018, we will see more attacks on critical infrastructure.
In addition to the threat to critical infrastructure, supply chain attacks will become more common. In several notable 2017 attacks (NotPetya and CCleaner), attackers exploited the software supply chain to greatly expand the number of victims and evade established security procedures. These software supply chain attacks go after an organization’s trust chain and create a dilemma since most organizations do not have visibility into their software suppliers risk. Organizations will need to reduce the attack surface with threat intelligence.
This rapidly evolving threat landscape reaffirms what many security leaders already know: it’s not getting easier. Threat intelligence enables your security team to be more prepared and to pivot more effectively to changing attacks while orchestration allows you to smartly automate more of your response. Best wishes in 2018 from ThreatConnect - we’ve made it to the end of this article without mentioning the blockchain or machine learning!
About the Author
Toni Gidwani is the Director of Research Operations at ThreatConnect.