5 Cybersecurity Threat Trends to be Aware of in 2016

Last year, we reviewed threat reports from numerous companies and organizations.  At the time, a couple of simple themes emerged: too many systems were unpatched, and phishing was a predominant means of intrusion.  These themes are still present a year later, but some new trends have arisen to keep them company.

Ransomware is on the rise, insider threats are in resurgence, mobile devices and Macintoshes are increasingly vulnerable, and attacks on healthcare facilities, particularly hospitals, are on the rise.

Let’s look at these trends from three points of view:  attack method, target platform, and target organizations – and discuss what to do about them.  For those who want to dig deeper, a list of threat reports appears at the end of this post.

Attack Methods:  Ransomware

Several reports note an increase in ransomware – malware that encrypts all of your files, or prevents you from using your computer until you pay a ransom.  The best response to a ransomware breach is to have a good backup of your data and a fast way to restore a compromised machine.  Home users tend to lack these safeguards, and are thus the focus of ransomware attacks.

However, environments with strict up-time requirements, such as hospitals and healthcare facilities, will often pay the ransom to get back up and running as soon as possible.  A patient’s life and well-being are always the highest priority.  Naturally, it’s best to prevent the attack entirely, so a strong endpoint protection system, coupled with network security systems (firewall, IDS/IPS, web gateways, etc.) are essential.

Attack Methods:  Phishing

The sheer volume of malicious e-mail is ebbing, but phishing attacks are becoming more sophisticated.  Attackers carefully craft e-mails based on research and information from social media, and target them at specific companies, divisions or groups within a company, or individuals.  The goal is to induce the victim to open an e-mail attachment, (often a Microsoft Word or Excel file) that installs the malware.  Consequently, researchers are seeing a rise in macro malware along with increasingly effective phishing campaigns.

Attack Methods: Insider Threat

The trusted insider is still a major attack vector, so strong identification and privilege management, along with data loss prevention (DLP) capabilities are a must.

Target Platforms:  Applications, Mobile Devices, and Mac OS

As more and more people access networks with mobile devices, bad actors find more and more ways to compromise the applications they run.  At the laptop level, the venerable Macintosh is becoming more vulnerable as well.

Target Organizations:  Healthcare

Attackers are exploiting two major weaknesses at healthcare facilities and hospitals:  medical devices and health records.

Health organizations use a huge variety of network-connected medical devices.  Uptime on these devices is paramount, so system maintenance, which requires downtime, is often neglected.  The result:  unpatched software vulnerable to denial-of-service attacks.  Hospital staff will do anything to restore devices to normal operation, and too often that means paying ransom immediately.

Healthcare records are extremely valuable to bad actors.  Attackers can sell healthcare records for high prices on the Dark Web, or use them to blackmail victims.

So, what are the takeaways?  With ransomware on the rise, we’re seeing a much more aggressive form of malware – a form that does not simply steal data, but actively interferes with your organization’s mission.  If uptime is preeminent – as in hospitals or healthcare facilities – be sure to have tools, techniques, and procedures to restore systems to operation quickly.

Recognize the uptick in the insider threat, so be careful with privilege management, implement DLP, and make sure your users are properly screened.  Phishing is more effective than ever, so implement mail protection systems, test your users, and remind them to watch for phishing e-mails.  Don’t assume your Macs or mobile devices are safe, and protect them carefully with endpoint protection and encryption systems.

 

Threat Reports Reviewed for This Blog

CEO’s Guide to Cyberbreach Response, AT&T,

https://www.business.att.com/cybersecurity/

Blue Coat Systems 2015 Mobile Malware Report

http://bit.ly/2ahyTzC

Verizon 2016 Data Breach Investigations Report

http://www.verizonenterprise.com/resources/reports/rp_dbir-2016-executive-summary_xg_en.pdf

McAfee Labs 2016 Threats Predictions

http://www.mcafee.com/us/resources/reports/rp-threats-predictions-2016.pdf

McAfee Labs Threats Report

http://www.mcafee.com/us/resources/reports/rp-quarterly-threats-mar-2016.pdf

IBM X-Force Research 2016 Cyber Security Intelligence Index

http://www-03.ibm.com/security/data-breach/cyber-security-index.html

HPE Security Research Cyber Risk Report 2016

http://bit.ly/2azXopP

UBM 2016 Trend Report: Cybersecurity

http://techbeacon.com/resources/cybersecurity-2016-trend-report-ubm-ponemon-study

F5 State of Application Delivery 2016 Report

https://f5.com/about-us/news/the-state-of-application-delivery

Cisco 2016 Annual Security Report

http://bit.ly/1Kqzm8s

Symantec Internet Security Threat Report, April 2016

https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf

Mandiant M-Trends 2016
https://www2.fireeye.com/rs/848-DID-242/images/Mtrends2016.pdf