The prevalent security threats you will see in 2018

Topics:
Print Friendly, PDF & Email

2017 is coming to a close, which means it's a great time to talk about what's on the horizon. This year we spoke to a handful of Barracuda experts, whose names may recognize from the Barracuda blog and various bylines.  Here they are discussing what they expect to see in the next 12-18 months:  

Eugene Weiss on Mass Ransomware vs Targeted Ransomware
Sanjay Ramnath on Ransomware, Advanced Threats and multi-vector attacks
Fleming Shi on Domain Spoofing and Brand Hijacking
Fleming Shi on the Growing Threat of Secure Bank Messages
Asaf Cidon on Spear phishing
Wieland Alge on the Internet of Things
Tim Jefferson on Public Cloud Security



Eugene Weiss
Lead Platform Architect

Eugene Weiss on Mass Ransomware vs Targeted Ransomware

We are seeing a rapid increase in the volume of mass ransomware threats, and this trend will continue over the next 12-24 months.  The growing availability of crypto-currencies provides the attacker with the possibility to remain anonymous while conducting mass attacks.  By demanding a relatively small payment from a large number of victims, the attacker is able to run a ‘numbers game’ that increases the likelihood that he will earn a profit while remaining anonymous.  New cryptocurrencies that are more anonymous than Bitcoin will accelerate this trend, and the small payment sizes make it more likely that victims to pay.

In contrast to the ‘numbers game,’ targeted ransomware involves a focused effort to penetrate a large and often well-protected entity.   The successful targeted attack often involves several hours of research as well as trial-and-error attacks.  With mass ransomware, attackers can cast a wide net and wait for victims to take the bait.  The targeted attack also carries a higher risk of communications with the victim and an increased likelihood of sophisticated law-enforcement resources.  

Since smaller organizations continue to pay the ransom, mass ransomware has become a threat epidemic and will not slow down anytime soon.

We are seeing a rapid increase in the volume of mass ransomware threats, and this trend will continue over the next 12-24 monthsClick To Tweet

Sanjay Ramnath on Ransomware, Advanced Threats and multi-vector attacks


Sanjay Ramnath
Vice President of Global Marketing

Ransomware attacks will continue to impact businesses. Attackers will continue to look for new mechanisms (like botnets) to deliver ransomware. We also expect the evolution of ransomware to “protectionware”. Cybercriminals may evolve from demanding ransoms to unlock data to demanding payments to avoid being targeted.  

Email will remain the most common delivery vehicle for advanced threats. In addition to delivering malicious payloads, email-borne attacks will continue to become more sophisticated. Attackers will leverage social engineering, targeted campaigns, spear phishing and whaling to steal credentials, exfiltrate data, commit business fraud and more.

As organizations become more dispersed and adopt cloud platforms, they also present an expanded attack surface for cybercriminals to launch multi-vector attacks. Web applications will be increasingly targeted by hackers to steal data and disrupt businesses.

As organizations become more dispersed and adopt cloud platforms, they also present an expanded attack surface for cybercriminals to launch multi-vector attacksClick To Tweet

Fleming Shi on Domain Spoofing and Brand Hijacking

 



Fleming Shi
Senior Vice President of Technology

Domain spoofing has been increasing rapidly and will continue to grow through 2018.  Spoofing is a type of impersonation attack that tricks the victim into thinking that a criminal is someone else.  Criminals use domain spoofing to impersonate a company or a particular company employee.  The criminals often send emails to customers or partners of the company in order to steal credentials and gain access to company accounts.  

on behalf of a company to its customers and partners to steal credentials and gain access to their accounts. This is often the beginning of a multi-stage strategy to steal data and commit fraud with organizations that is quickly becoming the costliest cyber-attacks out there today.

There has been a stark increase in volume of mass phishing attacks where cybercriminals are spoofing popular e-commerce and consumer brand names and websites aimed to both steal information. The actual names of the brands these attackers impersonate is less important than the tactic, as criminals quickly change brand names with new attempts. The goal is to convince the unsuspecting to either download malicious documents or login into a fake account resulting in surrendered account credentials – which then leads to all sorts of hurtful behavior. Attackers can take user credentials and retrieve credit card information, additional personal information, and learn more about their victim’s online behavior for future social engineering attacks.  They will actually build websites that mimic actual brand name websites in the hopes to siphon victims during high times of shopping. Even though these counterfeit sites are not identical to thse actual sites of the impersonated big brands, attackers are counting on the fact that most consumers do not buy direct from these brands directly, and therefore won’t recognize what their home page actually looks like.

There has been a stark increase in volume of mass phishing attacks where cybercriminals are spoofing popular e-commerce and consumer brand names and websites aimed to both steal informationClick To Tweet

Brand hijacking in both emails and spoofed websites will only continue to grow in the next year, and both companies and consumers need to be on the guard, educated and ready for these threats to come around.

Fleming Shi on the Growing Threat of Secure Bank Messages

We have seen a stark increase in email attacks that impersonate secure messages from financial institutions. These fake “secure messages” carry malicious content and malware for download.

Impersonation is one of the most common tactics used in email attacks because it works very well. These impersonation threats leverage the relationship a victim has with his bank and the associated trust the victim may have in his bank’s online communication.  A victim who engages in online communication with the bank is usually of high value to these criminals.  

These impersonation threats carry malicious word documents that often appear harmless, but include an embedded script that can be updated by attackers at a later date.  This script can be modified to deploy a variety of threats including ransomware or advanced persistent threats. These attacks are very difficult to spot by end users as the email domains used in this attack are designed to look like real emails that customers might receive from an actual bank.

The volume of these attacks is rapidly increasing, so plan to see more of these fake secure messages in the coming year.

Asaf Cidon on Spear Phishing



Asaf Cidon
Vice President of Content Security

Spear phishing will continue to grow as long as it continues to be successful for cybercriminals. Spear phishing, highly targeted attacks that leverage impersonation of an employee or a popular web service, have been on the rise, and according to the FBI, these attacks have proven to be extremely lucrative for cybercriminals.

These attacks will continue to grow in number as well as become more sophisticated in terms of how they research and target their victims. In 2018, there will be a large increase of multi-stage spear phishing attacks that involve multiple steps, research and reconnaissance on behalf of the attacker targeting a small number of targets for very large pay outs. Cybercriminals are now taking an “enterprise” approach.  Similar to B2B enterprise sales, they go after a smaller number of targets, with the goal of extracting a much greater payload with highly personalized attacks. The latest iteration in social engineering involves multiple steps. The sophisticated cybercriminals don’t try to target company executives with a fake wire fraud out of the blue. Instead, they first infiltrate the organization, and then use reconnaissance and wait for the opportune time to trick their targets by launching an attack from a mailbox that has been taken over.

Spear phishing, highly targeted attacks that leverage impersonation of an employee or a popular web service, have been on the rise, and according to the FBIClick To Tweet

Organizations will have to invest in cutting edge tools and tactics in order to thwart spear phishing attackers. AI for real-time spear phishing defense offers some of the best hope in stopping these cybercriminals in their tracks.

Wieland Alge on the Internet of Things



Wieland Alge
General Manager of EMEA

Wannacry and its impact on production environments raised the awareness of infrastructure vulnerability.  The industrial plants of today are already impacted by these vulnerabilities; the smarter and more connected plants of tomorrow will have an even greater attack surface. This has been recognized on both sides of the fence.

Cybercriminals have realized that smarter targeted attacks can lead to big leverage for demanding ransom. Many industrial companies are now starting to implement defensive measures against these attacks. Nevertheless, we will certainly see several high-profile attacks aimed directly on connected machines.

The sweet spot for attackers are organizations that haven’t implemented a comprehensive digital security strategy and merely copy methods or tools that they already know.  New ways to cooperate between OT and IT people as well as systems are required to protect our resources from these attackers.

Cybercriminals have realized that smarter targeted attacks can lead to big leverage for demanding ransomClick To Tweet

Tim Jefferson on Public Cloud Security



Tim Jefferson
Vice President of Public Cloud

2017 took us well into the cloud generation, and as we look ahead to next year, it will become more critical than ever for organizations to understand public cloud environments in order to keep workloads and applications secure. There’s still a lot of confusion about security in the cloud, and much of that starts with responsibility. It’s important to understand that if your data and applications are in the cloud, it’s your responsibility to secure them. Public cloud functionality has grown tremendously this year, and there’s no doubt it will continue to advance, but now it’s time for the companies using the cloud to catch up. I am optimistic that 2018 will be the year where we see more folks gain a clearer understanding of the shared responsibility model.

Public cloud adoption will go on, but there will be more pressure on IT to fully understand public cloud and hybrid deployments, as well as unauthorized SaaS adoption across the companyClick To Tweet

If this proves to be the case, there’s no reason we shouldn’t expect to see public cloud adoption continue to spike. Especially if you consider the reasons that organizations site for not using the cloud — security often sits at the top of that list. And the timing for a better understanding of the shared security model would be ideal as well, because if there’s one thing that history tells us about cybercriminal activity, it’s that the attacks typically follow large audiences. Public cloud adoption will go on, but there will be more pressure on IT to fully understand public cloud and hybrid deployments, as well as unauthorized SaaS adoption across the company. Due to the potentially big payoff and increasing opportunities, attackers will continue to explore public cloud deployments for weaknesses to exploit.

For more insights and commentary from the Barracuda team, follow our blog here and our company page on LinkedIn. You can also find us on Twitter here and Facebook here.

 

Scroll to top
Tweet
Share
Share