Ransomware will continue to evolve its methods of propagation, evasion techniques and continue to hide its communication and the targets it seeks. As reported by the Cyber Threat Alliance, ransomware has been very lucrative for cyber criminals to launch campaigns and in a short period of time derive large revenue streams. Today, the value of credit card data is so low compared to ransomware, where higher value can be extracted from more victims. Research by the Cyber Treat Alliance reported that CryptoWall v3, generated more than $325 million for the group behind it.
This will drive further versions of ransomware style attacks to be released allowing more cyber criminals to extort users to pay the ransom to get the decryption key for their data. We predict to see this crossing over to other platforms, such as OS X and mobile operating systems.
2. Sharing of threat intelligence
Efforts have been around for years to share threat intelligence in some verticals and we predict that 2016 will mark a year where the private sector and security vendors look to share more of this than they ever have in Asia Pacific. Today, many adversaries often write one piece of malware and send it to multiple organisations, with only minor changes made to make it undetectable. However, if we, as a community, can force cyber adversaries to create multiple unique attacks each time, it will force their costs to go up. And if we can share the information, the defender costs go down. The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks. By knowing what kinds of actors are targeting you, the tools that they have available and the tactics they employ allows organisations to defend their networks more effectively.
Although the debate continues on how effective these regulations will be, Asian governments should look to foster the sharing of threat intelligence and organisations should think about how they can share in their vertical and go cross vertical in their efforts. We should ensure that there are responsible privacy protections in place, for the purpose of identifying, preventing, mitigating and responding to cyber threats, vulnerabilities, and malicious campaigns. The faster organisations can share this information, the better we can serve to protect each other and push the cost back to the attackers.
We expect this trend to continue, as more organisations begin to realise the benefits of sharing knowledge as a means to unify efforts to fight against cyber intrusions in Asia Pacific.
3. Secondary victim attacks
More and more we are seeing that when we know the motive of an attack, there is usually a secondary victim. The 2015 Verizon Data Breach Report, highlighted that adversaries are using third-party websites to deliver their attacks. This often can mean that the person or organisation that experiences the initial breach isn’t the real target, but rather a pawn in a bigger attack.
From the perspective of an attacker, this allows them to take advantage of trust and use the resources of another company for their gain. The most common method seen in Asia Pacific has been “watering hole attacks”, where an organisation’s website is infected with exploit code to try and infect visitors of their site. We predict that this will continue to rise with more reported incidents coming to light in 2016.
4. Trust in our security models
Over the past few years, cyber attacks have escalated and gotten more aggressive and successful. Not only have we seen it become easier and cheaper to launch successful attacks, it has eroded our digital trust in online systems. That trust also extends itself to the failure of legacy security architectures, due not only to an out-dated assumption that everything on the inside of an organisation’s network can be trusted, but also the inability of legacy countermeasures to provide adequate visibility, control, and protection. We expect to see more organisations adopting new security models, such as “Zero Trust” where it is intended to remedy the deficiencies with perimeter-centric strategies and the legacy devices and technologies used to implement them. It does this by promoting “never trust, always verify” as its guiding principle.
This differs substantially from conventional security models that operate on the basis of “trust but verify.” essential security capabilities are deployed in a way that provides policy enforcement and protection for all users, devices, applications and the communications traffic between them, regardless of their location. We expect this will continue across Asia Pacific in 2016.
5. Attacking the Internet of Things
Whole new categories of digital device are getting connected to the Internet, from domestic appliances to home security and the list goes on. Gartner predicts the number of connected things will rise from 6.5 billion in 2015 to almost 21 billion by 2020, growing by a staggering 5.5 million “things” each day. This will continue to accelerate in 2016 but sadly we see no reason why these things won’t become a target for cybercrime. During this year we have seen some evidence of this emerging trend, like attacks on cars, smart rifles and many more shown at Blackhat USA in August this year. We don’t expect to see millions of devices compromised in 2016 across Asia Pacific, but we should be prepared to see more attacks and proofs of concepts trying to exploit these types of devices.
6. Cyber crime legislation
Asia Pacific has often operated under very lax regulations when it comes to cybersecurity. It is a global issue, however regulations to safeguard businesses and consumers are still evolving across the world. It’s unsurprising that the USA is taking the lead on this front, given the number of high profile attacks reported to have targeted US firms in recent years. This has resulted in cybersecurity becoming a focus for policy, most recently seeing the introduction of The Cybersecurity Information Sharing Act (CISA), which aims to help US companies to work with their government to combat hackers. Similarly, the European Union has also laid out 14 actions to improve cyber security readiness, along with a policy on Critical Information Infrastructure Protection (CIIP), which aims to strengthen the security and resilience of vital ICT infrastructure by supporting high level of preparedness, security and resilience capabilities, at a national and EU level.
We expect that will see a significant shift in the mindset of governments and regulators in Asia Pacific to take on an even more active role in protecting the Internet and safeguarding its users. Cybercrime laws will be in discussion, and changes to out-dated cyber security standards will be mandated to bolster an improved stance on security.