This is the fourteenth, and final, in our series of cybersecurity predictions for 2016. Stay tuned for more through the end of the year.
Ransomware will continue to evolve its methods of propagation and evasion techniques, hiding its communication and the targets it seeks. As reported by the Cyber Threat Alliance, ransomware has been very lucrative for cybercriminals to launch campaigns and, in a short period of time, derive large revenue streams. Today, the value of credit card data is low compared to ransomware, where higher value can be extracted from more victims.
Research by the Cyber Threat Alliance reported that CryptoWall v3 generated more than $325 million for the group behind it. This will drive further versions of ransomware-style attacks to be released, allowing more cybercriminals to extort users to pay the ransom to get the decryption key for their data. We predict seeing this crossing over to other platforms, such as Mac OS X and mobile operating systems.
2. Sharing of Threat Intelligence
Efforts have been around for years to share threat intelligence in some verticals, and we predict that 2016 will mark a year in which the private sector and security vendors look to share more of this than they ever have in Asia-Pacific. Today, many adversaries often write one piece of malware and send it to multiple organisations, with only minor changes made to make it undetectable. However, if we, as a community, can force cyber adversaries to create multiple unique attacks each time, it will force their costs to go up. And if we can share the information, the defender costs go down. The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks. Knowing what kinds of actors are targeting you, the tools that they have available, and the tactics they employ allows organisations to defend their networks more effectively.
Although the debate continues on how effective these regulations will be, Asian governments should look to foster the sharing of threat intelligence, and organisations should think about how they can share in their vertical and go cross vertical in their efforts. We should ensure that there are responsible privacy protections in place for the purpose of identifying, preventing, mitigating and responding to cyberthreats, vulnerabilities, and malicious campaigns. The faster organisations can share this information, the better we can serve to protect each other and push the cost back to the attackers.
We expect this trend to continue, as more organisations begin to realise the benefits of sharing knowledge as a means to unify efforts to fight against cyber intrusions in Asia-Pacific.
3. Secondary Victim Attacks
More and more we are seeing that, when we know the motive of an attack, there is usually a secondary victim. The 2015 Verizon Data Breach Report highlighted that adversaries are using third-party websites to deliver their attacks. This often can mean that the person or organisation that experiences the initial breach isn’t the real target but rather a pawn in a bigger attack.
From the perspective of an attacker, this allows them to take advantage of trust and use the resources of another company for their gain. The most common method seen in Asia Pacific has been “watering hole attacks”, where an organisation’s website is infected with exploit code to try and infect visitors of their site. We predict that this will continue to rise with more reported incidents coming to light in 2016.
4. Trust in Our Security Models
Over the past few years, cyberattacks have escalated and gotten more aggressive and successful. Not only have we seen it become easier and cheaper to launch successful attacks, it has eroded our digital trust in online systems. That trust also extends itself to the failure of legacy security architectures due, not only to an outdated assumption that everything on the inside of an organisation’s network can be trusted, but also the inability of legacy countermeasures to provide adequate visibility, control and protection. We expect to see more organisations adopting new security models, such as “Zero Trust,” which is intended to remedy the deficiencies with perimeter-centric strategies and the legacy devices and technologies used to implement them. It does this by promoting “never trust, always verify” as its guiding principle.
This differs substantially from conventional security models that operate on the basis of “trust but verify”. Essential security capabilities are deployed in a way that provides policy enforcement and protection for all users, devices, applications and the communications traffic between them, regardless of their location. We expect this will continue across Asia-Pacific in 2016.
5. Attacking the Internet of Things
Whole new categories of digital device are getting connected to the Internet, from domestic appliances to home security, and the list goes on. Gartner predicts the number of connected things will rise from 6.5 billion in 2015 to almost 21 billion by 2020, growing by a staggering 5.5 million “things” each day. This will continue to accelerate in 2016. Sadly, we see no reason why these things won’t become a target for cybercrime. During this year we have seen some evidence of this emerging trend, like attacks on cars, smart rifles and many more shown at Black Hat USA in August this year. We don’t expect to see millions of devices compromised in 2016 across Asia-Pacific, but we should be prepared to see more attacks and proofs of concepts trying to exploit these types of devices.
6. Cybercrime Legislation
Asia-Pacific has often operated under very lax regulations when it comes to cybersecurity. It is a global issue; however, regulations to safeguard businesses and consumers are still evolving around the world. It’s unsurprising that the USA is taking the lead on this front, given the number of high-profile attacks reported to have targeted U.S. firms in recent years. This has resulted in cybersecurity becoming a focus for policy, most recently seeing the introduction of the Cybersecurity Information Sharing Act (CISA), which aims to help U.S. companies work with their government to combat hackers. Similarly, the European Union has laid out 14 actions to improve cybersecurity readiness, along with a policy on Critical Information Infrastructure Protection (CIIP), which aims to strengthen the security and resilience of vital ICT infrastructure by supporting high level preparedness, security and resilience capabilities at a national and EU level.
We expect that we will see a significant shift in the mindset of governments and regulators in Asia-Pacific to take on an even more active role in protecting the Internet and safeguarding its users. Cybercrime laws will be in discussion, and changes to outdated cybersecurity standards will be mandated to bolster an improved stance on security.
Want to explore more of our top 2016 cybersecurity predictions? Register now for Ignite 2016.
[Palo Alto Networks Blog]