Cyber security threats for 2017

ramirocid.com [email protected] Twitter: @ramirocid

Ramiro Cid | @ramirocid

Cyber Security Threats for 2017

ramirocid.com [email protected] Twitter: @ramirocid 2

Index

1. Main Cyber Security Threats during 2017 Slide 5

2. Ransomware Attacks Slide 9

3. Vulnerability exploits on Windows cool down as other platforms heat up Slide 10

4. Hardware and firmware threats an increasing target for sophisticated attackers

Slide 11

5. “Drone Hacking” places threats in the sky Slide 12

6. Mobile threats to include ransomware, RATs, compromised app markets Slide 13

7. IoT malware opens a backdoor into the home Slide 14

8. IoT and DDoS Hacks Slide 15

9. Machine learning accelerates social engineering attacks Slide 16

10. The explosion in fake ads and purchased “likes” erodes trust Slide 17

11. Escalation of ad wars boosts malware delivery Slide 18

12. Hactivists expose privacy issues Slide 19

ramirocid.com [email protected] Twitter: @ramirocid 3

Index

13. Law enforcement takedown operations put a dent in cybercrime Slide 20

14. Typosquatting Slide 21

15. Threat intelligence sharing makes great strides Slide 22

16. Cyber espionage: industry and law enforcement Slide 23

17. Smart Medical Devices and Electronic Medical Records (EMRs) Slide 24

18. Critical Infrastructure cyber attacks Slide 25

19. Cloud computing providers infection Slide 26

20. Connected Cars Slide 27

21. Sources used to expand knowledge Slide 28


During 2017 we will suffer a more dangerous Cyber Security storm


The current presentation is based on different Cyber Security Threats for 2017 published in Internet as ‘The Next Tier ‐ 8 Security

Predictions for 2017’ of Trend Micro, ‘4 Cyber Security Threats for 2017’ of University of San Diego and ‘5 Cyber Security Threats to

be Aware of in 2017’ of ZoneAlarm and other Cyber Security threats predictions reports.

At the end of this presentation all references URL are present if you want to investigate deeply any threat.

1. Main Cyber Security Threats during 2017


During 2017 we will suffer ‘old’ threats like ransomware, cyber espionage and ‘hacktivist’ exposing privacy

issues but in addition to known them, our threats list will upgrade so much adding new concepts like

machine learning accelerates social engineering attacks or cloud computing providers infection.

The list is a very long, so a big effort (time, money, people) is needed to mitigate all these risks.

In the next slide we will see the complete list of main threats during 2017…



Ransomware Attacks

Vulnerability exploits on Windows cool down as other platforms heat up

Hardware and firmware threats an increasing target for sophisticated attackers

‘Dronejacking’ places threats in the sky

Mobile threats to include ransomware, RATs, compromised app markets

IoT malware opens a backdoor into the home

IoT and DDoS Hacks

Machine learning accelerates social engineering attacks

The explosion in fake ads and purchased “likes” erodes trust

Escalation of ad wars boosts malware delivery

Hacktivists expose privacy issues

Law enforcement takedown operations put a dent in cybercrime



Typosquatting

Threat intelligence sharing makes great strides

Cyber espionage: industry and law enforcement

Smart Medical Devices and Electronic Medical Records (EMRs)

Critical Infrastructure cyber attacks

Cloud computing providers infection

Connected Cars



Ransomware will be the primary threat, continuing being a very significant threat until the second half of 2017 all over the globe,

but they have only been getting more sophisticated and troublesome over time. Hackers can gain access to your computer encrypt

your files and demand a payment in return for your files back.

Ransomware‐as‐a‐service, custom ransomware for sale in dark markets, and creative derivatives from open‐source ransomware

code will keep the security industry busy through the first half of the year

How to stay safe?

Be sure to back up your files with a high‐quality back‐up solution to protect your personal information. This is a great precaution to

ensure that your files are safe and accessible to you – for free – no matter what happens. Exercise extreme caution when opening

up email attachments or clicking on links sent from emails. Use a VPN to have a secured connection if you’re ever using public wifi

and be sure to install antivirus and firewall software and ensure it’s updated.

2. Ransomware Attacks


Exploiting client‐side software vulnerabilities has become significantly more difficult in recent years, thereby increasing the

development cost of generic and reliable exploits.

To successfully penetrate the latest operating systems (for example, a fully patched Microsoft Edge browser running on the 64‐bit

Windows 10 operating system), attackers must often combine several high‐quality vulnerabilities with advanced exploitation

techniques.

3. Vulnerability exploits on Windows cool down as other platforms heat up


Software, including operating systems and applications, implicitly rely on hardware to operate correctly. Hardware vulnerabilities can

undermine the operation and security of the entire software stack. Exploiting a hardware vulnerability can compromise an entire

system and does not require an exploit of the software stack. Further, systems whose hardware is successfully attacked can be

difficult to patch without replacing vulnerable hardware. Finally, none of the systems’ software‐based security mechanisms and

protections can be relied upon because they assume the hardware has not been compromised.

How to stay safe?

There are mitigating factors, though. Hardware is less exposed to attacks than software stacks, and attacking hardware almost always

involves exploiting some sort of hardware logic vulnerability rather than the many software vulnerabilities commonly found in

software stacks. Hardware’s reduced attack surface raises the complexity of attacks. As a result, we see very few vulnerabilities in

hardware and incidents in which hardware is either targeted or successfully exploited by attackers. Similarly, common malware

almost never targets hardware.

4. Hardware and firmware threats an increasing target for sophisticated attackers


Drones continue to become more and more mainstream. What started as a fun toy for kids and a slightly expensive hobby for

enthusiasts has really taken off, if you’ll forgive the pun.

Drones are well on the way to becoming a major tool for shippers, law enforcement agencies, photographers, farmers, the news

media, and more. It is hard to deny that drones have become a lot more valuable to many types of businesses and government

agencies.

Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home,

business, or critical infrastructure facility and attempt to hack into the local wireless network.

5. “Drone Hacking” places threats in the sky


In 2017, we expect that mobile ransomware will continue to grow but the focus of mobile malware authors will change. Because

mobile devices are usually backed up to the cloud, the success of direct ransom payments to unlock devices is often limited.

Because of that, mobile malware authors will combine mobile device locks with other forms of attack such as credential theft. For

example, we have observed this year how families such as Android/Svpeng, identified by the security industry as mobile

ransomware, are now mutating to target banking credentials, looking to steal money from victims’ accounts.

Specialist believe in 2017 banking Trojans will reappear and they will come from ransomware authors. This malware will combine

mobile device locks and other ransomware features with traditional man‐in‐the‐middle attacks to steal primary and secondary

authentication factors, allowing attackers to access banks accounts and credit cards.

Malicious applications. The applications that allow to buy keep your banking data and are susceptible to be hacked.

Video game. Many of them allow online billing and payment and are possible targets for hackers to

intercept the user's bank details.

6. Mobile threats to include ransomware, RATs, compromised app markets


Consumer electronics continues to grow at a rapid pace. One area in particular is the consumer element of the Internet of Things,

which is expected to hit roughly 1.8 billion devices by 2019. Known colloquially as “smart home” or “connected home,” this market

includes a number of well established brands and products, as well as a huge field of smaller companies looking to reak into the

scene.

Internet abduction of things (cars, refrigerators, televisions,...). A ransomware virus can block, for example, a security camera and

hackers can request a rescue to unlock it.

7. IoT malware opens a backdoor into the home


As more devices are becoming internet enabled and accessible, the security measures meant to protect these devices aren’t

keeping up. The Internet of Things is meant to bring household devices together to communicate with us and each other. By

default, these devices are open and available to the internet and are protected with default passwords. Hackers are increasing their

attention to new ways of leveraging IoT devices for malicious purposes. These devices bring a vulnerability to the network they are

connected to, making it easy for hackers to take advantage of them.

IoT devices are utilized for Distributed Denial of Service (DDoS) to flood a targeted website by an overwhelming amount of requests

from millions of connected machines. Smart devices use open public ports so that they can be accessible away from home. Hackers

establish a large database of these open ports to form a botnet, a large amount of exploitable ports they can infect with malware.

Then, these devices are used to transmit small amounts of data to aid in

a DDoS attack.

8. IoT and DDoS Hacks


With an ever‐increasing footprint in education, business, and research, the availability of machine learning toolkits, documentation,

and tutorials has exploded in recent years.

In as little as an hour, an individual can be training complex models on large datasets on a distributed architecture. In 2016, we have

seen enthusiasts and professional data scientists teach machines how to write.

Shakespearean sonnets, compose music, paint like Picasso, and defeat professional Go player Lee Sedol. The learning period has

become shorter, and accessibility for everyone, including cybercriminals, has never been better.

Security is an arms race, and cybercriminals are fine‐tuning their methods with the help of machine learning.

9. Machine learning accelerates social engineering attacks


Every Internet user is bombarded with information for making decisions: what to click, what to read, and where to spend.

These choices fuel a multibillion dollar online economy and, with that much money on the line, unscrupulous actors are constantly

looking for ways to take advantage of others.

Reputation is key for many decision makers to feel confident about their choices; this is the trust that some people seek to exploit.

10. The explosion in fake ads and purchased “likes” erodes trust


Security researchers spend a lot of time in dangerous Internet territory, filled with cracked websites and drive‐by malware

downloads.

To navigate this territory in relative safety, we use security add‐ons for browsers that disable active content, read raw site content

code, fetch bits piecemeal using different servers, and use virtual machines that get reloaded to avoid local computer infections.

These precautions can turn “browsing the Internet” into a much more difficult process.

11. Escalation of ad wars boosts malware delivery


Over the years, the amount of data collected about users has increased exponentially.

This aggregated data has helped us improve our health, get where we want to go faster when we search, find long‐lost friends,

have a better performing home electronics system, and even stay protected while we go online.

12. Hacktivists expose privacy issues


Some notable recent successes of law enforcement and its allies taking down malicious sites or actors.

What is a takedown operation? It is a series of coordinated actions in which law enforcement agencies, together with other parties

(usually security vendors), shut down a cybercriminal operation. In the best case, it includes arrests, but in all cases the takedown

disrupts or seizes the infrastructure used by cybercriminals.

A takedown operation is the result of many months, or in some cases years of investigations.

13. Law enforcement takedown operations put a dent in cybercrime


Nearing the end of 2016, a lot of fake news articles making their way around Internet, inspiring a new way for hackers to distribute

malware and attempt to steal your information.

Cyber criminals are now making fake websites that are intended to look exactly like the real one, by securing URLs that have a slight

type from their legitimate counterparts.

After you type in the URL, the website is designed to look exactly like the original, so you wouldn’t even think you made an error

inputting the web address.

They do this in the hopes that you would input your credentials, believing that you’re providing this information to a site that you can

trust. In some cases, these websites distribute malware while also being a phishing scam, hoping to steal your personal and financial

information.

14. Typosquatting


Sharing threat intelligence shifts the balance of power away from the adversaries and back to us, the defenders.

It disrupts the lifecycle of an attack and proves more costly to the bad actors as they shift their resources and techniques onto new

tactics.

If sharing threat intelligence is so valuable, then why isn’t there more cooperation? Historically, there have been three key barriers to sharing threat intelligence:

1) Unintentionally sharing private customer information.

2) Losing a competitive advantage.

3) Public awareness that an organization has been attacked.

15. Threat intelligence sharing makes great strides


Normally the targeted entities are in the government sector or, in some cases, individuals or members of a political party.

The modus operandi for these cases starts with the actors setting up a host domain infrastructure that will serve either as a control

server or deliver a payload. Next is the spear‐phishing attack, in which the target receives weaponized email.

From there, attackers use an arsenal of tools, ranging from credential editors, pass-the-hash attacks, or custom scripts. In most

cases, a backdoor remote access Trojan maintains a foothold in the network. Less skilled actor groups use commercial off-the-shelf

RATs such as PlugX and modify the basic settings to serve their campaigns.

16. Cyber espionage: industry and law enforcement


The healthcare industry is going through a major evolution as patient medical records go online and medical professionals realize

the benefits of advancements in smart medical devices.

However, as the healthcare industry adapts to its digital revolution, there are a number of concerns around privacy, safety and

cyber security threats.

Health Gadgets. According to ESET(*), 39% of healthcare companies do not know how to protect themselves. This situation allows

hackers to obtain confidential data about patients.

(*) ASET is an IT security company headquartered in Bratislava, Slovakia founded in 1992

17. Smart Medical Devices and Electronic Medical Records (EMRs)


Critical infrastructures. Public administration, financial system, power plants and nuclear industry have little protection systems and

are clear objectives of hackers.

What is the actual status of Critical Infrastructure?

‐> Growing and growing. “New” concepts like Smart Cities are more and more real and increase the big size and scope of Critical

Infrastructure (which is too big without adding it) if we think as we mentioned before on electricity generation, transmission and

distribution, gas production, water supply, telecommunication, heating, financial services, public health, etc.

18. Critical Infrastructure cyber attacks


Infecting a cloud computing provider with a virus affects all clients who have their data there, which are potential victims of hackers

so a big scope and impact on this type of attacks.

Enterprises are no longer sitting on their hands, wondering if they should risk migrating applications and data to the cloud. They're

doing it but security remains a serious concern.

The shared, on‐demand nature of cloud computing introduces the possibility of new security breaches that can erase any gains made

by the switch to cloud technology.

Cloud services by nature enable users to bypass organization‐wide security policies and set up their own accounts in the service of

shadow IT projects. New controls must be put in place.

19. Cloud computing providers infection


There's a "massive future security problem just around the corner," and it can't be fixed by trying to bolt on security during the

implementation phase.

Complexity was called "the worst enemy of security" as a connected car could have "approximately 100 million lines of code,"

compared to 8 million for an F‐35 fighter jet. There has been a dramatic increase in Electronic Computing Units, with some high‐end

vehicles currently having about 100 ECUs. There has also been a rise in the diversity of in‐vehicle systems which provide both luxury

and critical features. This complexity has been exposed to wireless networks through the development of wireless communication

interfaces. These interfaces are a double‐edged sword by connecting the vehicle to the Internet of Things, they have led to

dramatically extended functionality, but they have opened up the traditionally closed vehicular system, making vehicles a more

accessible and more attractive target to adversaries.

Connectivity was called a "double‐edged sword" since adding cars to the Internet of Things will continue to make vehicles "a more

accessible and more attractive target to adversaries“.

Content. Theft of personal information, leading to identity theft, is an attractive goal for cyber‐criminals. Personal data is increasingly

available in car networks as the cars themselves are more sophisticated, and smartphones and other devices are connected to them.

20. Connected Cars


2017 Security Predictions – The Threats Are Real | Secplicity

URL: https://www.secplicity.org/2016/12/19/2017‐security‐predictions‐threats‐real/

Experts predict 2017's biggest cybersecurity threats | Dan Patterson (TechRepublic)

URL: http://www.techrepublic.com/article/experts‐predict‐2017s‐biggest‐cybersecurity‐threats/

4 Cyber Security Threats for 2017 | University of San Diego

URL: https://onlinedegrees.sandiego.edu/4‐cyber‐security‐threats‐2017/

5 Cyber Security Threats to be Aware of in 2017 | ZoneAlarm

URL: http://www.zonealarm.com/blog/2016/12/cyber‐security‐threats‐2017/

Report examines the massive future cybersecurity problem of connected cars | NETWORKWORLD

URL: http://www.networkworld.com/article/3031092/security/report‐examines‐the‐massive‐future‐cybersecurity‐problem‐of‐connected‐cars.html

21. Sources used to expand knowledge


Cyber Security in the Connected Vehicle Report 2016 | TU‐Automotive

URL: http://www.tu‐auto.com/cybersecurity‐report/

The Next Tier ‐ 8 Security Predictions for 2017 | Trend Micro

URL: http://www.trendmicro.com/vinfo/us/security/research‐and‐analysis/predictions/2017

2017 Cybersecurity Predictions: New Norms Expected in Threat Landscape | Ryan Olson (Palo Alto Networks)

URL: http://researchcenter.paloaltonetworks.com/2016/11/2017‐cybersecurity‐predictions‐new‐norms‐expected‐threat‐landscape/

2017 Threats Predictions | McAfee Labs

URL: http://www.mcafee.com/us/resources/reports/rp‐threats‐predictions‐2017.pdf

The dirty dozen: 12 cloud security threats| Fahmida Y. Rashid (InfoWorld)

URL: http://www.infoworld.com/article/3041078/security/the‐dirty‐dozen‐12‐cloud‐security‐threats.html

21. Sources used to expand knowledge


Questions?

Many thanks !Ramiro Cid

CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

[email protected]

@ramirocid

http://www.linkedin.com/in/ramirocid

http://ramirocid.com http://es.slideshare.net/ramirocid

http://www.youtube.com/user/cidramiro

Cyber security threats for 2017

Technology

Transcript of Cyber security threats for 2017