Date post: | 22-Jan-2018 |
Category: |
Technology |
Upload: | ramiro-cid |
View: | 4,110 times |
Download: | 0 times |
ramirocid.com [email protected] Twitter: @ramirocid
Ramiro Cid | @ramirocid
Cyber Security Threats for 2017
ramirocid.com [email protected] Twitter: @ramirocid 2
Index
1. Main Cyber Security Threats during 2017 Slide 5
2. Ransomware Attacks Slide 9
3. Vulnerability exploits on Windows cool down as other platforms heat up Slide 10
4. Hardware and firmware threats an increasing target for sophisticated attackers
Slide 11
5. “Drone Hacking” places threats in the sky Slide 12
6. Mobile threats to include ransomware, RATs, compromised app markets Slide 13
7. IoT malware opens a backdoor into the home Slide 14
8. IoT and DDoS Hacks Slide 15
9. Machine learning accelerates social engineering attacks Slide 16
10. The explosion in fake ads and purchased “likes” erodes trust Slide 17
11. Escalation of ad wars boosts malware delivery Slide 18
12. Hactivists expose privacy issues Slide 19
ramirocid.com [email protected] Twitter: @ramirocid 3
Index
13. Law enforcement takedown operations put a dent in cybercrime Slide 20
14. Typosquatting Slide 21
15. Threat intelligence sharing makes great strides Slide 22
16. Cyber espionage: industry and law enforcement Slide 23
17. Smart Medical Devices and Electronic Medical Records (EMRs) Slide 24
18. Critical Infrastructure cyber attacks Slide 25
19. Cloud computing providers infection Slide 26
20. Connected Cars Slide 27
21. Sources used to expand knowledge Slide 28
ramirocid.com [email protected] Twitter: @ramirocid
During 2017 we will suffer a more dangerous Cyber Security storm
ramirocid.com [email protected] Twitter: @ramirocid
The current presentation is based on different Cyber Security Threats for 2017 published in Internet as ‘The Next Tier ‐ 8 Security
Predictions for 2017’ of Trend Micro, ‘4 Cyber Security Threats for 2017’ of University of San Diego and ‘5 Cyber Security Threats to
be Aware of in 2017’ of ZoneAlarm and other Cyber Security threats predictions reports.
At the end of this presentation all references URL are present if you want to investigate deeply any threat.
1. Main Cyber Security Threats during 2017
ramirocid.com [email protected] Twitter: @ramirocid
During 2017 we will suffer ‘old’ threats like ransomware, cyber espionage and ‘hacktivist’ exposing privacy
issues but in addition to known them, our threats list will upgrade so much adding new concepts like
machine learning accelerates social engineering attacks or cloud computing providers infection.
The list is a very long, so a big effort (time, money, people) is needed to mitigate all these risks.
In the next slide we will see the complete list of main threats during 2017…
1. Main Cyber Security Threats during 2017
ramirocid.com [email protected] Twitter: @ramirocid
Ransomware Attacks
Vulnerability exploits on Windows cool down as other platforms heat up
Hardware and firmware threats an increasing target for sophisticated attackers
‘Dronejacking’ places threats in the sky
Mobile threats to include ransomware, RATs, compromised app markets
IoT malware opens a backdoor into the home
IoT and DDoS Hacks
Machine learning accelerates social engineering attacks
The explosion in fake ads and purchased “likes” erodes trust
Escalation of ad wars boosts malware delivery
Hacktivists expose privacy issues
Law enforcement takedown operations put a dent in cybercrime
1. Main Cyber Security Threats during 2017
ramirocid.com [email protected] Twitter: @ramirocid
Typosquatting
Threat intelligence sharing makes great strides
Cyber espionage: industry and law enforcement
Smart Medical Devices and Electronic Medical Records (EMRs)
Critical Infrastructure cyber attacks
Cloud computing providers infection
Connected Cars
1. Main Cyber Security Threats during 2017
ramirocid.com [email protected] Twitter: @ramirocid
Ransomware will be the primary threat, continuing being a very significant threat until the second half of 2017 all over the globe,
but they have only been getting more sophisticated and troublesome over time. Hackers can gain access to your computer encrypt
your files and demand a payment in return for your files back.
Ransomware‐as‐a‐service, custom ransomware for sale in dark markets, and creative derivatives from open‐source ransomware
code will keep the security industry busy through the first half of the year
How to stay safe?
Be sure to back up your files with a high‐quality back‐up solution to protect your personal information. This is a great precaution to
ensure that your files are safe and accessible to you – for free – no matter what happens. Exercise extreme caution when opening
up email attachments or clicking on links sent from emails. Use a VPN to have a secured connection if you’re ever using public wifi
and be sure to install antivirus and firewall software and ensure it’s updated.
2. Ransomware Attacks
ramirocid.com [email protected] Twitter: @ramirocid
Exploiting client‐side software vulnerabilities has become significantly more difficult in recent years, thereby increasing the
development cost of generic and reliable exploits.
To successfully penetrate the latest operating systems (for example, a fully patched Microsoft Edge browser running on the 64‐bit
Windows 10 operating system), attackers must often combine several high‐quality vulnerabilities with advanced exploitation
techniques.
3. Vulnerability exploits on Windows cool down as other platforms heat up
ramirocid.com [email protected] Twitter: @ramirocid
Software, including operating systems and applications, implicitly rely on hardware to operate correctly. Hardware vulnerabilities can
undermine the operation and security of the entire software stack. Exploiting a hardware vulnerability can compromise an entire
system and does not require an exploit of the software stack. Further, systems whose hardware is successfully attacked can be
difficult to patch without replacing vulnerable hardware. Finally, none of the systems’ software‐based security mechanisms and
protections can be relied upon because they assume the hardware has not been compromised.
How to stay safe?
There are mitigating factors, though. Hardware is less exposed to attacks than software stacks, and attacking hardware almost always
involves exploiting some sort of hardware logic vulnerability rather than the many software vulnerabilities commonly found in
software stacks. Hardware’s reduced attack surface raises the complexity of attacks. As a result, we see very few vulnerabilities in
hardware and incidents in which hardware is either targeted or successfully exploited by attackers. Similarly, common malware
almost never targets hardware.
4. Hardware and firmware threats an increasing target for sophisticated attackers
ramirocid.com [email protected] Twitter: @ramirocid
Drones continue to become more and more mainstream. What started as a fun toy for kids and a slightly expensive hobby for
enthusiasts has really taken off, if you’ll forgive the pun.
Drones are well on the way to becoming a major tool for shippers, law enforcement agencies, photographers, farmers, the news
media, and more. It is hard to deny that drones have become a lot more valuable to many types of businesses and government
agencies.
Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home,
business, or critical infrastructure facility and attempt to hack into the local wireless network.
5. “Drone Hacking” places threats in the sky
ramirocid.com [email protected] Twitter: @ramirocid
In 2017, we expect that mobile ransomware will continue to grow but the focus of mobile malware authors will change. Because
mobile devices are usually backed up to the cloud, the success of direct ransom payments to unlock devices is often limited.
Because of that, mobile malware authors will combine mobile device locks with other forms of attack such as credential theft. For
example, we have observed this year how families such as Android/Svpeng, identified by the security industry as mobile
ransomware, are now mutating to target banking credentials, looking to steal money from victims’ accounts.
Specialist believe in 2017 banking Trojans will reappear and they will come from ransomware authors. This malware will combine
mobile device locks and other ransomware features with traditional man‐in‐the‐middle attacks to steal primary and secondary
authentication factors, allowing attackers to access banks accounts and credit cards.
Malicious applications. The applications that allow to buy keep your banking data and are susceptible to be hacked.
Video game. Many of them allow online billing and payment and are possible targets for hackers to
intercept the user's bank details.
6. Mobile threats to include ransomware, RATs, compromised app markets
ramirocid.com [email protected] Twitter: @ramirocid
Consumer electronics continues to grow at a rapid pace. One area in particular is the consumer element of the Internet of Things,
which is expected to hit roughly 1.8 billion devices by 2019. Known colloquially as “smart home” or “connected home,” this market
includes a number of well established brands and products, as well as a huge field of smaller companies looking to reak into the
scene.
Internet abduction of things (cars, refrigerators, televisions,...). A ransomware virus can block, for example, a security camera and
hackers can request a rescue to unlock it.
7. IoT malware opens a backdoor into the home
ramirocid.com [email protected] Twitter: @ramirocid
As more devices are becoming internet enabled and accessible, the security measures meant to protect these devices aren’t
keeping up. The Internet of Things is meant to bring household devices together to communicate with us and each other. By
default, these devices are open and available to the internet and are protected with default passwords. Hackers are increasing their
attention to new ways of leveraging IoT devices for malicious purposes. These devices bring a vulnerability to the network they are
connected to, making it easy for hackers to take advantage of them.
IoT devices are utilized for Distributed Denial of Service (DDoS) to flood a targeted website by an overwhelming amount of requests
from millions of connected machines. Smart devices use open public ports so that they can be accessible away from home. Hackers
establish a large database of these open ports to form a botnet, a large amount of exploitable ports they can infect with malware.
Then, these devices are used to transmit small amounts of data to aid in
a DDoS attack.
8. IoT and DDoS Hacks
ramirocid.com [email protected] Twitter: @ramirocid
With an ever‐increasing footprint in education, business, and research, the availability of machine learning toolkits, documentation,
and tutorials has exploded in recent years.
In as little as an hour, an individual can be training complex models on large datasets on a distributed architecture. In 2016, we have
seen enthusiasts and professional data scientists teach machines how to write.
Shakespearean sonnets, compose music, paint like Picasso, and defeat professional Go player Lee Sedol. The learning period has
become shorter, and accessibility for everyone, including cybercriminals, has never been better.
Security is an arms race, and cybercriminals are fine‐tuning their methods with the help of machine learning.
9. Machine learning accelerates social engineering attacks
ramirocid.com [email protected] Twitter: @ramirocid
Every Internet user is bombarded with information for making decisions: what to click, what to read, and where to spend.
These choices fuel a multibillion dollar online economy and, with that much money on the line, unscrupulous actors are constantly
looking for ways to take advantage of others.
Reputation is key for many decision makers to feel confident about their choices; this is the trust that some people seek to exploit.
10. The explosion in fake ads and purchased “likes” erodes trust
ramirocid.com [email protected] Twitter: @ramirocid
Security researchers spend a lot of time in dangerous Internet territory, filled with cracked websites and drive‐by malware
downloads.
To navigate this territory in relative safety, we use security add‐ons for browsers that disable active content, read raw site content
code, fetch bits piecemeal using different servers, and use virtual machines that get reloaded to avoid local computer infections.
These precautions can turn “browsing the Internet” into a much more difficult process.
11. Escalation of ad wars boosts malware delivery
ramirocid.com [email protected] Twitter: @ramirocid
Over the years, the amount of data collected about users has increased exponentially.
This aggregated data has helped us improve our health, get where we want to go faster when we search, find long‐lost friends,
have a better performing home electronics system, and even stay protected while we go online.
12. Hacktivists expose privacy issues
ramirocid.com [email protected] Twitter: @ramirocid
Some notable recent successes of law enforcement and its allies taking down malicious sites or actors.
What is a takedown operation? It is a series of coordinated actions in which law enforcement agencies, together with other parties
(usually security vendors), shut down a cybercriminal operation. In the best case, it includes arrests, but in all cases the takedown
disrupts or seizes the infrastructure used by cybercriminals.
A takedown operation is the result of many months, or in some cases years of investigations.
13. Law enforcement takedown operations put a dent in cybercrime
ramirocid.com [email protected] Twitter: @ramirocid
Nearing the end of 2016, a lot of fake news articles making their way around Internet, inspiring a new way for hackers to distribute
malware and attempt to steal your information.
Cyber criminals are now making fake websites that are intended to look exactly like the real one, by securing URLs that have a slight
type from their legitimate counterparts.
After you type in the URL, the website is designed to look exactly like the original, so you wouldn’t even think you made an error
inputting the web address.
They do this in the hopes that you would input your credentials, believing that you’re providing this information to a site that you can
trust. In some cases, these websites distribute malware while also being a phishing scam, hoping to steal your personal and financial
information.
14. Typosquatting
ramirocid.com [email protected] Twitter: @ramirocid
Sharing threat intelligence shifts the balance of power away from the adversaries and back to us, the defenders.
It disrupts the lifecycle of an attack and proves more costly to the bad actors as they shift their resources and techniques onto new
tactics.
If sharing threat intelligence is so valuable, then why isn’t there more cooperation? Historically, there have been three key barriers to sharing threat intelligence:
1) Unintentionally sharing private customer information.
2) Losing a competitive advantage.
3) Public awareness that an organization has been attacked.
15. Threat intelligence sharing makes great strides
ramirocid.com [email protected] Twitter: @ramirocid
Normally the targeted entities are in the government sector or, in some cases, individuals or members of a political party.
The modus operandi for these cases starts with the actors setting up a host domain infrastructure that will serve either as a control
server or deliver a payload. Next is the spear‐phishing attack, in which the target receives weaponized email.
From there, attackers use an arsenal of tools, ranging from credential editors, pass-the-hash attacks, or custom scripts. In most
cases, a backdoor remote access Trojan maintains a foothold in the network. Less skilled actor groups use commercial off-the-shelf
RATs such as PlugX and modify the basic settings to serve their campaigns.
16. Cyber espionage: industry and law enforcement
ramirocid.com [email protected] Twitter: @ramirocid
The healthcare industry is going through a major evolution as patient medical records go online and medical professionals realize
the benefits of advancements in smart medical devices.
However, as the healthcare industry adapts to its digital revolution, there are a number of concerns around privacy, safety and
cyber security threats.
Health Gadgets. According to ESET(*), 39% of healthcare companies do not know how to protect themselves. This situation allows
hackers to obtain confidential data about patients.
(*) ASET is an IT security company headquartered in Bratislava, Slovakia founded in 1992
17. Smart Medical Devices and Electronic Medical Records (EMRs)
ramirocid.com [email protected] Twitter: @ramirocid
Critical infrastructures. Public administration, financial system, power plants and nuclear industry have little protection systems and
are clear objectives of hackers.
What is the actual status of Critical Infrastructure?
‐> Growing and growing. “New” concepts like Smart Cities are more and more real and increase the big size and scope of Critical
Infrastructure (which is too big without adding it) if we think as we mentioned before on electricity generation, transmission and
distribution, gas production, water supply, telecommunication, heating, financial services, public health, etc.
18. Critical Infrastructure cyber attacks
ramirocid.com [email protected] Twitter: @ramirocid
Infecting a cloud computing provider with a virus affects all clients who have their data there, which are potential victims of hackers
so a big scope and impact on this type of attacks.
Enterprises are no longer sitting on their hands, wondering if they should risk migrating applications and data to the cloud. They're
doing it but security remains a serious concern.
The shared, on‐demand nature of cloud computing introduces the possibility of new security breaches that can erase any gains made
by the switch to cloud technology.
Cloud services by nature enable users to bypass organization‐wide security policies and set up their own accounts in the service of
shadow IT projects. New controls must be put in place.
19. Cloud computing providers infection
ramirocid.com [email protected] Twitter: @ramirocid
There's a "massive future security problem just around the corner," and it can't be fixed by trying to bolt on security during the
implementation phase.
Complexity was called "the worst enemy of security" as a connected car could have "approximately 100 million lines of code,"
compared to 8 million for an F‐35 fighter jet. There has been a dramatic increase in Electronic Computing Units, with some high‐end
vehicles currently having about 100 ECUs. There has also been a rise in the diversity of in‐vehicle systems which provide both luxury
and critical features. This complexity has been exposed to wireless networks through the development of wireless communication
interfaces. These interfaces are a double‐edged sword by connecting the vehicle to the Internet of Things, they have led to
dramatically extended functionality, but they have opened up the traditionally closed vehicular system, making vehicles a more
accessible and more attractive target to adversaries.
Connectivity was called a "double‐edged sword" since adding cars to the Internet of Things will continue to make vehicles "a more
accessible and more attractive target to adversaries“.
Content. Theft of personal information, leading to identity theft, is an attractive goal for cyber‐criminals. Personal data is increasingly
available in car networks as the cars themselves are more sophisticated, and smartphones and other devices are connected to them.
20. Connected Cars
ramirocid.com [email protected] Twitter: @ramirocid
2017 Security Predictions – The Threats Are Real | Secplicity
URL: https://www.secplicity.org/2016/12/19/2017‐security‐predictions‐threats‐real/
Experts predict 2017's biggest cybersecurity threats | Dan Patterson (TechRepublic)
URL: http://www.techrepublic.com/article/experts‐predict‐2017s‐biggest‐cybersecurity‐threats/
4 Cyber Security Threats for 2017 | University of San Diego
URL: https://onlinedegrees.sandiego.edu/4‐cyber‐security‐threats‐2017/
5 Cyber Security Threats to be Aware of in 2017 | ZoneAlarm
URL: http://www.zonealarm.com/blog/2016/12/cyber‐security‐threats‐2017/
Report examines the massive future cybersecurity problem of connected cars | NETWORKWORLD
URL: http://www.networkworld.com/article/3031092/security/report‐examines‐the‐massive‐future‐cybersecurity‐problem‐of‐connected‐cars.html
21. Sources used to expand knowledge
ramirocid.com [email protected] Twitter: @ramirocid
Cyber Security in the Connected Vehicle Report 2016 | TU‐Automotive
URL: http://www.tu‐auto.com/cybersecurity‐report/
The Next Tier ‐ 8 Security Predictions for 2017 | Trend Micro
URL: http://www.trendmicro.com/vinfo/us/security/research‐and‐analysis/predictions/2017
2017 Cybersecurity Predictions: New Norms Expected in Threat Landscape | Ryan Olson (Palo Alto Networks)
URL: http://researchcenter.paloaltonetworks.com/2016/11/2017‐cybersecurity‐predictions‐new‐norms‐expected‐threat‐landscape/
2017 Threats Predictions | McAfee Labs
URL: http://www.mcafee.com/us/resources/reports/rp‐threats‐predictions‐2017.pdf
The dirty dozen: 12 cloud security threats| Fahmida Y. Rashid (InfoWorld)
URL: http://www.infoworld.com/article/3041078/security/the‐dirty‐dozen‐12‐cloud‐security‐threats.html
21. Sources used to expand knowledge
ramirocid.com [email protected] Twitter: @ramirocid
Questions?
Many thanks !Ramiro Cid
CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL
@ramirocid
http://www.linkedin.com/in/ramirocid
http://ramirocid.com http://es.slideshare.net/ramirocid
http://www.youtube.com/user/cidramiro