Welcome to our blog, where we will discuss cyber security; issues involving analysis, critical infrastructure and defense affecting organizations with a special focus on Africa. We will highlight high-risk, high-threat, complex and regulated (SOX, PCI, HIPAA, CIP, etc.) environments. The conversations will be relevant across industries and include Energy, Finance, Defense Agencies, Government and Healthcare.
Let’s roundup this year and take a look at the main cyber security trends in 2017:
The worst attacks this year were perpetrated by a Russian Gang, stealing information and collecting billions of dollars in ransoms. We have learnt that even the worst cyber-attacks are not necessarily about money or about harming IT networks, but about altering public perception and affecting public opinion. By tampering with elections, this in turn can harm democracy and public discourse. To think that the fate of nations could be determined by a hacker?
The Eggshell model no longer exists. The idea that it is sufficient to maintain a strong IT security perimeter in order to maintain the healthy security posture of an organization we know now to be a faulty one. 2017, saw a significant investment in this theory – but multiple vector attacks make I impossible to maintain. Billions of dollars in damage have been caused showing that this philosophy cannot survive.
This was the year that there were massive enterprise cyber-attacks on major brands. These attacks destroyed data and wiped out decade long reputations.
An innovative tilt on attacks, is by monopolizing the supply chain to enter the target. Most attacks were created combined with weaknesses in the systems and using communication protocols. Further monopoly on one-day weaknesses and a fresh trend in the speed in which attackers take advantage of 0-day attacks. It is neither difficult nor time consuming to discover weaknesses anymore. All an attacker has to do is follow publicity of discovered weaknesses and quickly take advantage before the security systems are updated at the various organizations. Sometimes it takes weeks or months for organizations to update their security settings. We saw such a scenario in Wannacry
Proliferation, the spreading of collaboration and immediate use of attack methods publicized on the net, This is similar to taking advantage of Day-1 weaknesses. One example is when the NSA published attack methods that were then identified being used by groups in South Korea, Russia, China and others.
The financial sector (banks) became a central target for experienced hackers (both criminal and state attackers) Main banking systems like SWIFT and ATM’s became a preferred target for cyber attackers. Their purpose was theft of hundreds of million dollars. Their main targets were banks in Eastern Europe and the Far East. Stock exchanges and cryptographic currencies were another central target, as the use of cryptographic currencies increase and cyber-crime and grew proportionately.
The main players of 2017 are Russian attackers in two categories: One, is state attackers like APT28 against the Ukraine and the US. The second are criminal attackers, the worst being Carbanak who attacked the SWIFT and ATM Systems.
Lets take a look at the worst cyber-security attacks of 2017
#Petya / NotPetya – at the end of June 2017, was targeted at The Ukraine. It was the worst attack in history, and by December 2017 it had spread to being the most costly attack this year. Damages are estimated at 1.2 billion dollars.
#WannaCry – The attack on the US credit rating company Equifax, one of the big 3 credit rating companies in the world. Equifax were the victims of having 143 million sensitive records stolen.
Leaks and the publication of those attacks on the NSA
Russians attempted involvement in the US elections
The worst Vector Attacks of 2017 themes fall into five main categories:
Large scale attacks being monopolized by the supply chain: Entrance via a 3rd party service suppliers in order to attack a company using those same services. For example in NotPetya 2017 a vector was monopolized when the accounting supplier was hacked and many thousands of companies (some governmental) were affected in the Ukraine.
Utilizing weaknesses built into the operating systems and communication protocols: This vector grew this year due to a series of leaks of governmental attack tools. Vault7. This threat grew when on Nov 9 the HIVE origin code was leaked by the planning and control centre of the CIA
Blackmailing attacks using Ransomware: During 2017 these unfocused types of attacks against hundreds of thousands of public / civil and governmental organizations.
BEC: Business E mail compromise, attacks based on disguise as management, according the FBI such attacks have lost over 50 billion dollars in the last 2 years. This script is relatively simple in which the attackers disguises himself as a company executive making monetary requests to be funnelled to him in private.
Large scale DDos attacks: Some using smart devices (IOT) ; this year we have seen a significant rise in the frequency of these of DDos attacks across the world. From the beginning of 2017 DDos attacks are up 91% and this originates from the tremendous growth in market size of smart devices that are connected to the internet. (IOT Internet of Things) and the continuation of the trend of Ddos-for-hire which make it possible for every evil perpetrator to commit an attack avoiding the possibility of supplying services.
So many trends to look out for and consider when planning our cyber strategies for 2018. As with all the best strategies, it is easy to base them on history and harder to base them on possible predictions for the coming year. We believe that if you follow the data, it will show you the way.