Cyberattacks In An Evolving Landscape – Should Businesses Be Worried?

1075

The threat landscape is evolving and with attacks becoming more sophisticated, every business, no matter its size or the industry it’s in, is at risk.

According to Microsoft, the potential cost of cybercrime is $500billion, with data breaches costing the average company approximately $3.8million. While the potential financial impact is eye-wateringly large, these costs are only set to grow. It is predicted that the average cost of a data breach will exceed $150million by 2020 and by 2019, cybercrime will cost businesses over $2trillion.

This isn’t good news for businesses, especially now the days when a firewall alone was sufficient protection against cybercriminals are over. New technology in the workplace, along with complex partner ecosystems and flexible working practices, have changed the boundaries of enterprises for good. Attack actors have taken advantage of those who haven’t kept up with the pace of change.

Here are a number of ways those with malicious intent are attacking organisations and the threats businesses need to be particularly aware of as we enter 2018.

Nation state attacks

Nation state attacks are commonplace these days. Just take the Russian agencies using cyberattacks to extract information in a bid to influence the US presidential election, the Petya attack, and also WannaCry malware – two attacks often attributed to state-sponsored hackers.

Using WannaCry (which has one of the largest attack vectors to date) as an example, it has raised some interesting points around the psychology and the tasking of nation state hackers. When released, it was unclear who was behind WannaCry and while the malware used the same wiper software as Lazarus had previously implemented in other attacks attributed to nation state actors, its presence cannot be taken as attribution in the classic sense. The similarities in attack vectors may have suggested the same operators were involved in both attacks, but the intended effects seemed to be quite different. With this in mind, it was unclear whether this represented a multi-faceted nation state portfolio of attacks, covering multiple intended effects, or whether it was simply a reuse of previous capabilities by a hacker group that had formerly operated on behalf of a nation state attack.

It has since been confirmed by both the UK and US governments it’s “highly likely” that WannaCry was caused by Lazarus. However, with attribution difficult and it almost impossible to identify patterns in behaviour that could prevent future attacks without deep insight into how operator groups are tasked by their benefactors, nation state attacks continue to pose a threat to organisations.

Cyber vandalism

Cyber vandalism has been identified as a major part of the evolution of the cyber threat landscape, having become popular with threat actors across the world.

Despite this increased popularity though, it’s often difficult to understand the reward for threat actors staging this form of attack, as well as the motives behind them. Perhaps it’s a student wanting to show off their cyber skills, or maybe a developer testing their latest malware creations?

However, there is good news for organisations looking to battle cyber vandals. In fact, with more data available than ever before, it’s now possible to identify changes in attackers’ approaches which better allows businesses to protect themselves from becoming a target.

While taking the time to stop and think about the actor behind these attacks may seem like a luxury, it’s vital for enterprises to start looking at cyberattacks from the adversary’s perspective to understand what attacks are more attractive and lucrative to the actors and understand how best to protect against them.

Third-party attacks

More businesses are joining forces with, and benefitting from, partnerships with third-party suppliers. A survey by Thompson Reuters into third party risk revealed that 70 per cent of organisations have become more flexible and competitive because of third-party relationships.

Despite the obvious benefits of adding organisations to a supply chain, businesses often forget about the security vulnerabilities this opens them up to.

Threat actors are able to exploit any weakness in a supply chain, targeting the smaller (and potentially less secure) enterprises and using them as a stepping stone to the larger businesses within the chain. These kinds of attacks mean it’s no longer enough for organisations to understand just their own security set-up – they need an overall picture of the security of their entire partner network. 

Also, the General Data Protection Regulation (GDPR), Open Banking and the Second Payment Services Directive (PSD2) are all on the horizon, making it even more critical for organisations to know and understand their entire ecosystem. By undertaking regular overarching audits and turning this into a mandated process throughout the supply chain, businesses can do just that, as well as foster good threat intelligence sharing regimes in a bid to protect against third-party attacks.

Alongside this, every single organisation within a supply chain needs to be equally aware of and protected against this form of attack. The best way to do this is by working closely together to implement an overarching cybersecurity strategy throughout any partner network.

As the threat landscape continues to evolve and new and more complex attacks become commonplace, it’s vital to the success of a business that enterprises act now to safeguard their information against attack actors. By ensuring the relevant cybersecurity strategies are in place, organisations can rest safely in the knowledge that they are protected against modern threats.

About Chris O’Brien
Chris O’Brien, Director, Intelligence Operations at EclecticIQ