Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

5 Security Lessons Learned in 2016

Ringing in a More Secure 2017

Ringing in a More Secure 2017

Time marches on, and so does the state of cyber security. In 2016 we’ve seen cybercriminals continue to innovate. But we’ve also seen defenders continue to advance in the way they detect and mitigate attacks. As the year comes to a close, let’s take a look at five examples that demonstrate this ongoing tug of war between adversaries and defenders. The lessons we’ve learned can help us ring in a safer new year.

1. Data is being monetized in multiple ways in the same attack. 

For many financially motivated cybercriminals, one of the most valuable commodities is data. However, cybercriminals can’t predict with certainty the type of data they’ll be able to access and exfiltrate. Once they have invested the time and resources to execute an attack, they want to maximize their returns. To do this, attackers are increasingly turning to blended threats, for example combining malware and ransomware, to create multiple revenue streams based on the type of data uncovered. One of the first examples was a banking Trojan called GameOver Zeus that could install CryptoLocker so that if the data uncovered couldn’t be used for fraud, the attackers could turn to extortion. A more recent example is the Pony credential-harvesting malware used in concert with the “RAA” ransomware. Other ransomware variants, such as “CryptXXX” and “Crysis,” reportedly also possess credential-stealing capabilities. Cyber hygiene practices like password and patch management along with secure, remote data backups can go a long way to thwarting these types of attacks.

2. Cybercriminals don’t act with impunity.

Capitalizing on weak attacker OPSEC, security researchers, law enforcement agencies and intelligence agencies are working together to detect, identify, observe, analyze and report on cybercriminals – ultimately leading to arrests. In September 2016, the FBI arrested two alleged members of a hacking group called “Crackas with Attitude” charged with hacking the personal Internet accounts of senior U.S. government officials as well as U.S. government systems. More recently, federal investigators in the U.S., U.K. and Europe collaborated to take down “Avalanche” – a distributed, cloud-hosting network comprised of up to 600 servers worldwide, that was rented by criminals to launch malware and phishing attacks. The agencies worked side by side with other organizations over the course of four years to understand the complex, global network, culminating in the arrest of five individuals and seizure of systems used for digital fraud.

3. Flash remains a popular vulnerability.

Exploit kits, pre-packaged software that uses vulnerabilities in software applications to spread malware, are not new to the information security community. But they remain successful in part because they exploit a large number of vulnerabilities quickly – in some cases within days of being written up in the National Vulnerability Database. Adobe Flash is the most commonly exploited software by exploit kits, accounting for one third of the identified vulnerabilities exploited in the most popular exploit kits. Patches are available for these vulnerabilities and organizations should prioritize keeping their Adobe Flash software up to date. 

Advertisement. Scroll to continue reading.

4. Incident response capabilities are advancing.

Although data breaches are becoming more common, our response capabilities are improving. Consider the recent example of Camelot, the company that operates the U.K.’s National Lottery. The firm became aware of suspicious activity on a small portion of accounts. While cyber criminals were not been able to access core systems and did not gain access to customers’ financial data, personal details in some customers’ accounts had been changed. Camelot quickly identified the unauthorized access; suspended the compromised accounts; contacted and is working closely with law enforcement on the investigation; and communicated clearly with customers to educate them on the potential breach and corrective action. This type of responsiveness, collaboration and communication demonstrates a level of maturity and sophistication in how organizations handle incidents when they occur. 

5. IoT devices – a new vulnerability. The Mirai malware has launched some of the largest distributed denial of service (DDoS) attacks measured to date. The malware exploits weak default passwords in IoT devices (cameras, DVRs, routers, or other internet-connected devices) to gain control of such devices and create botnets. The SSHowDowN Proxy attack is another recent example of IoT devices being used for malicious purposes. This attack exploits a 12-year-old vulnerability in OpenSSH to compromise devices (satellite antenna equipment, routers, hotspots, modems, and internet-connected Network Attached Storage devices) and route bad traffic. Device manufacturers and users can both take action to mitigate such attacks including changing passwords, patching known vulnerabilities and/or disabling SSH entirely.

As these observations from 2016 reveal, attacks are evol
ving and advancing but organizations are as well. It pays dividends to reflect on the past so we can see how far we’ve come and what we can learn to help make 2017 a happy new year for defenders.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem