One constant in cybersecurity is the continual rise of sophistication and creativity of attackers. In 2016, we will see a fundamental expansion of the techniques of attackers. Integrity attacks will rise.
The industry has become comfortable with traditional Availability and Confidentiality attacks, which are typically crude but effective.
Denial of Service attacks for example, undermine availability of websites, services, and resources. Flooding networks, deleting files, and redirecting traffic are some of the brute tactics. Such maneuvers have been around for a long time and are well understood. Security tools and services can control such risks.
Recent Data Breaches are a great example of confidentiality attacks, which have exposed the personal and business data of millions. Attackers tend to break in, grab all they data they can, and run. Not especially elegant, but it works. The security industry is rapidly gaining traction with tools and practices to prevent such compromises.
Integrity attacks are something new. They are more sophisticated, well planned, and executed. It is about discretely modifying specific data or transactions and can be much more devastating.
The scale of impact is vastly different. It is not about selling credit card data or compromising ATM’s for a few thousand dollars. Instead, it can create huge windfalls for organized criminals and advanced threats.
Last year Carbanak, a malicious banking campaign was detected, which selectively modified a relatively small number of very specific transactions. This one organized-group stole 300 million to a billion dollars in total from over 100 banks, by altering just a few transactions. Successes like that reinforce continued activities and further investment by the attackers.
Modifying trusted communications is also on the rise. Even something as simple as taking control of a company’s email system can allow an attacker to conduct fraudulent transactions. Several incidents are emerging where Accounts Payable departments have received ‘urgent’ emails from executives to immediately send checks to overseas vendors. Completely fraudulent. The attackers were able to have an interactive discussion in email, successfully impersonating executives, to compel funds being transferred.
Ransomware, another example of compromising the integrity of just a few files which remain on a victim’s system, is also growing rapidly. It will be one of the scourges of 2016. Cryptowall, a popular ransomware package, fleeced over 320 million dollars last year from unfortunate victims who paid the extortion. Consumers, businesses, and even government agencies paid to have their access restored. The scale of ransomware has never been so great and it continues to grow, fueled by its own success. The criminals are benefitting from distinct advantages and will greedily continue for as long as they can.
When will the Integrity problems be tamed? Not for some time. They are just beginning to pick up. Integrity attacks are difficult to protect, detect, and recover from. The security industry has not yet adjusted to emerging challenges and attackers are taking advantage of the opportunity.
In 2016, sophisticated threats will pursue Integrity attacks which will be a challenging shift in the industry that everyone will have be concerned with and overcome.
Want to know more?
- Emerging security and other topics was recently discussed at the McAfee Labs: What’s in store? Cyber threats in 2016 and beyond live webcast on Jan 20th 2016. You can the webcast now, on-demand.
- The Intel Security McAfee Labs 2016 Threat Predictions white paper is now available. Download your copy for free.
- Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear more on what is going on in cybersecurity.