The cyber threat landscape continues to evolve and become even more multifaceted. This means that all public and private organizations, and people alike, need to be aware of what might be looming in the future. What are the emerging threats like? And how can we stay one step ahead of the cybercriminals who are unfortunately becoming more technically savvy and innovative year after year?
Let’s have a look at a few current and possible future phenomena:
1. Bot-assisted social engineering. A new term for you? Let’s clarify what it means. First of all, social engineering is the act of exploiting human weaknesses to gain access to personal information and protected systems. When this kind of scam normally ties the cybercriminal to one victim at a time, especially when the criminal needs to stay in contact with the victim through emails, social media, or phone calls, machine learning (ML) bots will most likely eventually take on some of the manual labor. This will make the scamming process more efficient.
At the moment, social engineering scams and phishing are the most common cybersecurity threats, but they are also the least scalable illegal enterprises that cybercriminals can take advantage of. When cybercriminals find the right kind of technical solutions and succeed in solving the scalability issue of these scams, it will bring a whole new level of threats for us to defend against. Their philosophy will culminate in the idea “The more damage you can do with a lot less effort, the better”.
For the time being, the technology is still too clumsy to reach this level of efficiency, and people can identify a bot when interacting with one. However, it is good to keep this in mind in the years or decade to come. After all, the financial incentive for utilizing bot-assisted social engineering schemes is quite significant. For example, imagine a future where advanced technology will make it possible to establish call centers without humans and where ML bots will be able to contact 10,000 people in an hour. Now, imagine this technology in the hands of a criminal and you will see where this is headed.
The fact that the technology is still not here,
doesn’t mean that it someday won’t be.
2. The rise of ransomware without the encryption. Unfortunately, this is already a trend, so no need to look into the future. Organizations have improved their backup systems which has made denying access to business-critical data harder for the attackers. Cybercriminals have realized this and are now gradually shifting from the less effective task of encrypting an organization’s data to just purely stealing vast amounts of it and holding the confidentiality of that data as ransom.
The attacker can, for example, threaten a company that if it won’t pay the demanded ransom, they will release the data to the internet or sell it do the highest bidder. If a company would find its sensitive business information, IPR-related data, or similar falling into the wrong hands, it would most likely cause unmeasurable damage or even destroy the entire company.
So, what kind of an effect can a ransomware attack have on the share value of publicly traded companies? Surprisingly, the value damages are lower than expected, as people forget ransomware incidents over time. This was highlighted by a recent study conducted by Comparitech researchers, who analyzed the historical share price data of 24 companies listed on the New York Stock Exchange. The results showed that after a successful ransomware attack:
Share prices plummet on average 22% immediately after an attack
Share prices usually begin to recover already within one day
Within 10 business days, the share price is back to outperforming the market
The share value increased on average 4.4% during the following six months
3. Vulnerability exploits in a supply chain weaponized for targeted, large-scale attacks. Vulnerabilities exploited by cybercriminals are a classic avenue of attack. However, the scale of these attacks is growing, as attackers are becoming better at infiltrating software that is delivered by a vendor to thousands of customers.
For example, in July 2021 the US-based Kaseya fell victim to a ransomware attack launched by a Russian ransomware-as-a-service hacker organization REvil, which demanded a ransom of $70 million. Kaseya provides IT infrastructure management solutions for Managed Service Providers (MSPs) and internal IT organizations and serves hundreds of customers worldwide.
In this attack, the hackers infiltrated Kaseya, gained access to its customers’ data, and demanded a ransom for returning it. According to expert insights, the attack was particularly serious because Kaseya is an MSP and its systems are used by numerous smaller companies that most likely have modest technical departments and capabilities to respond to cyber-attacks. The group claimed that their ransomware attack affected more than a million systems.
In this case, the malware was delivered via software updates – which are usually used to patch security flaws. Even more serious is the fact that the malicious actors behind the attack targeted systems that are typically used to protect customers from malware. Supply chain attacks abuse the trust placed on vendors and allow the attackers privileged access to companies.
All in all, it is extremely difficult to protect your business against a supply chain attack.
4. Misconfigured cloud assets will cause data leakage. Cloud services are used by countless organizations globally. This means that also countless misconfigurations are done around the world. When organizations take cloud services into use, there is the risk of failing to configure the system correctly due to its difficulty. The commissioning phase usually includes activating several critical security features, and if these are forgotten or not done properly, it can result in data assets being completely unprotected and leaked to the internet. It is often unclear where the responsibility for securing cloud assets lies, possibly leading to false assumptions on what is secured by default and what is open to the internet.
Assets leaked due to misconfiguration can include customer data, such as credit card information, social security numbers, or even passport details. For example, according to Truffle Security’s investigation in 2020, data leaks due to misconfigured AWS S3 storage buckets are very common. They discovered more than 4,000 unprotected S3 storage buckets with highly sensitive private data. These included SQL Server passwords, Coinbase API keys, Azure Blob, and MongoDB credentials.
5. Social media will drive ransom campaigns against companies. One thing is certain: social media is already taken over by bots. According to recent research by Carnegie Mellon University, nearly half or more of the accounts actively tweeting and retweeting about the novel coronavirus are likely bots. It is possible that social media-driven scandals created with the help of bots and deepfake videos are going to become more common.
One example might be that malicious actors create a deepfake video that shows a company CEO saying or doing something that jeopardizes the interests of the company and demand a ransom in exchange for not releasing it. If the company is worried about the video leaking and being perceived as authentic, this might lead to them having to pay to keep it away from the media.
We already have the technology. For example, can you tell whether this is the real Tom Cruise or not?
Interested in learning more about how to detect, protect, and respond to threats? Take a look at our Cyber Defence Center services.