Cyber security teams have to stay on the front foot, in order to protect company data. This means keeping on the look out for new mutations to otherwise familiar attacks. With this in mind, what are the newest cyber attacks that companies could encounter within the next year if they are not prepared for them?
Attacks on cloud applications
The cloud is now a common storage realm for companies that want to scale their data while making use of usually large capacities.
However, some of the newest cyber attacks around right now are increasingly targeting the cloud, particularly cloud applications.
Top 10 benefits of cloud computing
Jethro Beekman, technical director at Fortanix, said: “Cloud migration and the ineffectiveness of perimeter defences have led to an increase of host- and service-based security mechanisms.
“This means individual applications have now become an even bigger target. Data breaches will no longer be done through direct dumping of the database, but by directly targeting applications that already have access to the database.
“New cyber attacks will use memory scraping of sensitive data while in use by applications, particularly in public cloud environments, to gain access to data while decrypted.”
Attacks from nation-states
Recent research by Microsoft found that over 8,000 of the company’s customers had been attacked by nation-state hackers in the space of a year.
The WannaCry attack is a notable recent example of a cyber attack that has been attributed to a nation-state, that being North Korea.
According to Sam Curry, CSO at Cybereason, this is a trend that looks set to continue.
“The malware being used by nation-state actors will have a disturbing trickle-down effect among dark actors,” he said. “The reality is that nation-state actors have a unique advantage over other threat actors in that they have effectively unlimited resources to accomplish their mission.
“This means that nation-states are able to work at the leading edge of attacks with the most advanced and fastest evolving malware toolkits, and more and more of these toolkits are becoming innovation toolkits for all threat actors in the emerging ecosystem of actors.
“Tools made in advanced, nation-state labs have a way of turning up globally soon after. Expect a surge in 2020 of advanced tools appearing in organized crime toolkits, because using nation-state tools aids threat actors both for their own criminal ends and to provide noise and as a backdrop for the authors to hide their own attacks.”
Swarm technology
Swarm technology refers to decentralised systems that use automation such as AI to operate without the need for human intervention.
Named after the term that defines a group of insects and acting in a similar manner, although swarm tech has been known to have the potential to benefit society, some experts are wary of its possible cyber attacking capabilities as well.
Derek Manky, chief of security insights & global threat alliances at Fortinet, explained: “Over the past few years, the rise of swarm technology, which can leverage things like machine learning and AI to attack networks and devices has shown new potential.
“Advances in swarm technology have powerful implications in the fields of medicine, transportation, engineering, and automated problem solving. However, if used maliciously, it may also be a game changer for adversaries if organisations do not update their security strategies.
“When used by cyber criminals, bot swarms could be used to infiltrate a network, overwhelm internal defences, and efficiently find and extract data. Eventually, specialised bots, armed with specific functions, will be able to share and correlate intelligence gathered in real-time to accelerate a swarm’s ability to select and modify attacks to compromise a target, or even multiple targets simultaneously.”
Weaponised 5G
As 5G works its way into everyday use, some experts reckon that the network, much like the aforementioned swarm technology, could be just as useful to cyber criminals as civilian mobile device users.
Why 5G is the heart of Industry 4.0
Manky continued: “The advent of 5G may end up being the initial catalyst for the development of functional swarm-based attacks. This could be enabled by the ability to create local, ad hoc networks that can quickly share and process information and applications.
“By weaponising 5G and edge computing, individually exploited devices could become a conduit for malicious code, and groups of compromised devices could work in concert to target victims at 5G speeds.
“Given the speed, intelligence, and localised nature of such an attack, legacy security technologies could be challenged to effectively fight off such a persistent strategy.”
GDPR could see DDoS change course
Some of the newest cyber attacks may not be new in form, but rather the way in which it operates, which could be just as worrying to cyber security teams.
“DDoS attacks have traditionally followed the well-trodden method of flooding servers and networks with huge volumes of internet traffics in order to overwhelm them,” said Mark Belgrove, Head of Cyber Consultancy at Exponential-e. “However, in a slightly ironic twist, we’re witnessing more successful attacks launched off the back of GDPR, a law that was developed to provide more protection to our data.
GDPR — How does it impact AI?
“GDPR empowers data subjects to request access to the data an organisation holds on them and, despite a maximum response time being stated in the regulation, many don’t allocate the required resources to handle such requests.
“As such, cyber criminal gangs can inundate businesses with requests, creating a huge backlog and placing the responsible employees under huge pressure. This brings other areas of the enterprise to a standstill.
“This added employee strain also makes it more likely that they will fall for phishing attacks or make other small mistakes which could provide attackers with a way in.”
A 2019 study by Link11 found that DDoS attacks had tripled within the past year.
Advanced malware
Belgrove continued on to explain that cyber criminals using malware as a tactic were evolving from traditional methods.
“Traditional keylogger malware is being replaced in some instances with advanced imitation JavaScript-based web browsers that simply record all sensitive data that is entered by an unsuspecting victim,” he said.
“The malware can still be activated via the same method – clicking on a link within a phishing email, for example – but instead of downloading a malicious file, users are faced with a working replica web browser that can fool the vast majority long enough for them to access a corporate application using their credentials.
“Because this attack type is so new, it can take some time before it’s flagged by the anti-virus in place – if at all.”
A guide to cyber attacks: Malware – Part 1
Attacks on critical infrastructure
Perhaps the most vital personal data about is the data contained within critical infrastructure.
This is a term that refers to systems that uphold the needs of society or the economy, and includes data associated with pharmaceuticals, real estate and finances.
According to Dave Weinstein, CSO at Claroty, this could be more of a target in the eyes of criminals behind the newest cyber attacks.
“Perhaps the most important techniques to be on the lookout for are those that aim to compromise user accounts with privileged access to operational technology (OT) networks and assets,” he said. “This threat is actor agnostic, but we’ve seen an uptick in this type of activity of late from Iran-linked actors targeting the utility and oil and gas sectors.
“Techniques like password spraying and spearphishing are hardly new to the cyber threat landscape, but their use against critical infrastructure organisations, particularly in North America, suggested a concerted effort among select groups to gain access to these hardened targets.
“Third parties and remote employees are attractive targets in this respect. Similarly, zero-days or even known vulnerabilities in VPN infrastructure can pose a serious risk to critical infrastructure organisations.
“It’s important that asset owners and operators patch these systems and monitor all their industrial communications, especially those originating from remote sources.”