Dealing with smarter and nastier Cyber attacks in 2017
The first month of the year is usually when one tends to look back at the previous year, take some learnings and plan for a more successful outing, the same applies in the world of cyber security as well.
Looking back at 2016, we can’t just help keep ABS eCencus out of conversation for a simple reason that it was the most high profile DDoS attack on Australian soil and one that should have been expected. While we can debate about what went wrong, why the DDoS mitigation was not effective etc, the more important point here is what we learn from the fiasco such that we are better prepared to deal with the attacks that are becoming smarter by the day. Midway in 2016, Australia took a big step in the right direction setting up the Cyber Security Strategy with committed investments acknowledging the growth of malicious cyber threats and protect the interest of Australians.
Meanwhile across the world the story that gathered the most attention in 2016 was the US election hacks that allegedly altered the results of the presidential elections. State: 0, hackers: 1, well at-least on the perception.
So its 2017 now, there is no eCensus happening this year but cyber criminals are lurking around and always trying to find that loophole, that one security flaw, a miniscule vulnerability that will allow them to bring down an organisation, shut down access to an agency or worst, steal and sell personal records to make a quick (Bitcoin) buck. If you didn’t already know, there is a thriving business happening on the dark web with cyber criminals running a market place where one can buy “scammer as a service”, rent botnets to launch massive DDoS attacks, even buy/sell personal information of unsuspecting common people.
So how do you deal with the emerging threats, here are the top 3 in our view that you should be considering when planning your 2017 cyber mitigation strategy
1. Zombie Internet of Things (Z-IoTs)
Growth of technology on one hand has been a great business enabler, on the other it’s aiding cyber criminals to launch bigger scale attacks using connected IoT devices. Most of these are rarely protected or updated with the same level of focus as you would see in an organisation’s IT networks making them extremely vulnerable. There is little doubt that 2017 will see more connected devices being compromised and used as zombies to set off large scale attacks.
One might say, I don’t use any IoT devices so this isn’t applicable to me. Sadly, yes, it is, as the compromised IoT devices will expand the Bot army by millions and could well be used against your network. To give you an example, Mirai botnet that surfaced in 2016 already allows access to over 400,000 infected Bots including IoT devices. Mirai has been associated with some high profile attacks such as one on French web host OVH and managed DNS service provider Dyn.
What you need to consider : the growth in botnet for hire and cost to hire them have been inversely proportional which means more chances of network disruption unless you proactively take the right measures. The case for more robust DDoS protection and mitigation service has never been higher.
2. Self learning Malwares
Another key area of concern in 2017 will be the “next gen” malwares, from dumb to hyper smart with self-learning capabilities. What this means is that malwares will be fitted with artificial intelligence that will be capable of more complex decision making.
Malwares as known today will be more transformed and start becoming autonomous, they will start collecting and analysing network information such as traffic flow, transitions, application analysis etc., the more they are able to hide inside a host, the more the chances of them becoming immune to existing security tools eventually making detection and mitigation a whole lot more difficult.
What you need to consider : self learning malware designed to proactively spread between platforms can operate in stealth mode. The more they stay undetected, the more intelligence they gather to create a devastating consequence. Consider protection available outside your network, deploying APT mitigation and/or using a cloud service which is secure with a mitigation response strategy to minimise any potential damage.
3. Increased awareness at all levels
A cyber security report from National Security College at ANU towards the end of 2016, shows the lack of understanding and managing cyber security including widespread weaknesses in security practices, and poor senior management awareness.
Some of the key points from the report shows
- latent problems with executive knowledge over the risks of cyber threats, their responsibilities, and how to improve cyber threat management.
- Significant variance in cyber security roles, processes and internal/external reporting. The relative absence of systematic cyber risk discussion at board level indicates a cyber compliance culture rather than an active cyber risk management culture.
- Relatively high levels of tolerance for persistent – and perceived ‘low-level’ – threats, such as malware and DDoS, suggests that the relevant Australian cyber security initiatives do not receive information on the range of cyber threats faced by our country.
- Low maturity towards culture of cyber security specifically within the government sector – No agency reports reviewing cyber risk management monthly or weekly.
In 2017 this issue would still be on the table but with more dire consequences given the evolving threat landscape where attacks keep becoming smarter and attackers more sophisticated with new risks emerging and increase in multi vector attacks.
What you need to consider :
Cyber risk management should be ‘normalised’ as core board business, asserted as a priority on a par with financial risk management as part of all government and business decision-making.
Standardised cyber risk reporting for medium-sized businesses should be developed and promoted to achieve common risk management standards and protocols.
Companies and government agencies should discern and address, where necessary, low levels of cyber literacy amongst its executive teams.
Collaboration with government cyber security agencies should become the default policy setting for businesses and agencies; i.e. non-reporting of cyber threats should become the exception, not the rule.
It isn’t a doom and gloom, however for many organisations their aged infrastructure and services have become a blind spot in their overall security strategy. Cyber criminals are always sniffing around for vulnerabilities that will allow them to breach a network defence system. There are a few basic things that go a long way keeping the attackers at bay, such as
- Using robust mitigation solutions, you may want to refer best practices from international bodies such as IETF
- Deploying physical and logical separation on your internal network, consider internal firewalls even, to stop/slow down attacker’s advances in case of a breach.
- Protecting your data and monitoring it. Limiting the data access on need be basis.
- Regular reporting and audit of your security parameters, both via internal security team and external security specialists.
- Raising staff awareness against malwares and phishing attacks. Regular training and testing can help them spot malicious emails and other malware delivery methods.