Cybersecurity changes rapidly. Those with valuable insights can better prepare for the shifting risks and opportunities. An Intel team, led by the McAfee Labs group, has released a whitepaper covering both the 2016 cybersecurity predictions as well as a five year look-ahead. Collectively, it paints a picture of a growing technology landscape and the attackers who are maneuvering for an unfair advantage at the expense of others.
I am honored to have contributed to this year’s exercise, collaborating with a stellar group of experienced security experts. Many of the predictions are logical extensions of current attacks, newsworthy events, or tied closely to the growth of technology.
One prediction in particular may surprise the industry. The growth of Integrity-attacks could be the unexpected shift which will fuel significant change in perspectives, expectations, and controls.
Unlike denial-of-service attacks which undermine the availability of entire systems or data breaches which steal away confidential data, integrity focused attacks maliciously modify data or transactions.
We have seen a number of cases where attackers with financial motivations are undermining the integrity of data for their benefit. These types of attacks can be very selective and discrete, making them extremely difficult to detect, prevent, and correct. Perhaps most importantly, such maneuvers have shown to generate an unexpectedly shocking amount of loss and victim angst.
Banking infrastructure malware Carbanak, which was discovered in 2015, infected banks and selectively modified systems to create a small number of fraudulent transactions which fleeced hundreds of millions of dollars in a single coordinated campaign.
In separate attacks, business victims have seen their email systems tampered with. Fraudulent messages crafted from executive’s accounts to account-payable departments, instructing money transfers be made immediately to a 3rd party. These of course were not actually from the executives, but rather attackers who were able to gain administrative access to the communication tools and use them to orchestrate funds being sent to entities they control.
Crypto based ransomware is another huge example where select files of an infected system are encrypted by the attackers and held for ransom. Consumers, businesses, and even government agencies have been victimized. We talk more specifically about the prolific rise of ransomware in the 2016 predictions report. The Cyber Threat Alliance, which includes Intel Security, recently published a detailed analysis showing how one such ransomware, CryptoWall, is responsible for taking a staggering $325 million from victims.
Attacks designed to undermine the Integrity of systems and data tend to create emotional distress in victims as they perceive being specifically targeted in a very personal way. It is their family pictures being held for ransom, emails with their address are being forged, and select transactions from their company are being tampered with. From a security perspective, the current generation of available tools are not designed or optimized to protect from such attacks. The resulting impacts may be enough to fundamentally change opinions and expectations of security.
Overall, we at Intel Security believe integrity based attacks will continue to rise in 2016 and beyond, as they are proving lucrative for attackers and troublesome for defenders.
To protect technology, users, data, and digital services, we all must understand the challenges we will face in the future.
Download the free whitepaper and gain the insights of experts. http://www.mcafee.com/us/resources/reports/rp-threats-predictions-2016.pdf
Intel IT Network: Collection of My Previous Posts