2017 Predictions Mid-Year Threat Check

istock 464959546

The first half of 2017 has shown us that cyberattacks are now smarter, more automated, and more sophisticated than they’ve ever been. Fortinet’s 2017 security predictions called on companies, vendors, and all of us in the digital economy to take more accountability for security, and this year has demonstrated again and again why that approach is absolutely necessary. 

Today, consumers have access to unprecedented levels of information and entertainment at their fingertips, but much of the background technology that makes that happen has become invisible to the average user. Meanwhile, new attacks, growing in numbers and sophistication, are being designed to take advantage of these pervasive but largely hidden services. 

A lot of the attacks we’ve seen in recent months share a common denominator: adversaries are spending less time developing new ways to break into systems and more time on the delivery and stealth mechanisms for their attacks. They’re relying on so-called hot exploits – vulnerabilities that, for a variety of reasons, haven’t been broadly patched or updated. In fact, many exploits today target vulnerabilities that are five or more years old. Another common reason is that networks contain old and outdated technology that is no longer supported, which means that the only option when a vulnerability is discovered is to replace that device. Unfortunately, since many enterprises do not manage a complete inventory of the devices on their network, replacing these legacy systems often gets overlooked. 

IoT devices and infrastructure simply complicate the problem. Not only do they introduce more platforms into an already crowded network, they also tend to be highly mobile, which creates a new management nightmare when it comes to patching them. And because so many IoT devices have software and communications protocols hard-coded into them, there are actually few patches to apply to vulnerable systems because many simply can’t be patched. 

Not only are IoT manufacturers notorious for connecting millions of mass produced-devices to the internet using poorly written and highly vulnerable code, but this code is also shared freely between manufacturers. Which means a single vulnerability can be compounded across hundreds of different devices from dozens of different manufacturers. 

This past year we saw the Mirai shadownet exploit this very problem with a massive, worldwide DDoS attack that took down a huge segment of the Internet. More recently, a new IoT-based shadownet known as the Hajime ransomworm has been launched as a more sophisticated successor to Mirai, with several complex cybertools built into it. Among other weapons, Hajime includes an embedded tool designed to remove firewall rules used to detect the ransomware. 

Hajime also uses a more robust P2P command-and-control system than the single command and control server than Mirai did. This extra resilience makes the system more difficult to maintain, but once hackers solve that problem, their reach expands exponentially. This is part of an ongoing trend of iterative improvements of successful attacks. The Petya ransomware, for example, which followed on the heels of Wannacry, was more sophisticated than its predecessor.

Just like IoT-based shadownets, ransomware has also gotten smarter this year. While scalability has proven difficult in the past, tools like Hajime have begun to automate the process of building a smart infrastructure to deliver the threat. Ransomware has also evolved to target more industries, expanding out from healthcare to industrial systems and energy providers. And we’re also seeing an increase in swarms of targeted micro attacks, made possible with smarter automated tools, that making targeting consumers easier. 

How much would you pay to regain access to your laptop, your smart TV, or your home security system? Would you pay money to turn your refrigerator back on? Multiply that by millions of users and you can see why automation has made this is an attractive new attack vector. Automation means that attacks are not only coming at us faster, and at a larger scale, they also reduce the time between breach and impact, and can even learn how to avoid detection. 

We can no longer afford to hand correlate threat data to detect threats or respond at anything less than machine speeds. In the ongoing cyberwar, enterprises today need to be able to fight automation with automation, which means they need to deploy integrated expert security systems that can automatically collect, correlate, share, and respond to threats in a coordinated fashion, anywhere across the distributed network ecosystem, from IoT to the cloud. 

All this leads back to the discussion about accountability. Successful attacks are often directly linked to poor security hygiene. It’s critical for security teams to promptly patch vulnerable systems and to replace outdated devices. 

Speed and efficiency are important factors in the success of businesses, but they work against good security practices. There is zero tolerance for device downtime, meaning outdated and vulnerable systems are often not tracked, updated, or replaced. 

Hackers can use an unpatched server as the conduit for their attacks that shut down life-saving services. And as networks mesh with smart city services, the potential for trouble skyrockets. 

We need a faster process to address these threats. Cyberthreats are growing at digital speed, while resolutions, like manufacturers building safeguards into their products, are proceeding at a snail’s pace. Manufacturers need to start building security into their products and systems from the start. We need more accountability. The clock is ticking, however. Because the next step is to hold manufacturers accountable for selling solutions that can be easily exploited. Recent legislative and regulatory efforts by state and federal authorities, such as the new ‘Internet of Things (IoT) Cybersecurity Improvement Act of 2017,’ and California Senate Bill 327, are designed to hold IoT device makers more accountable for consumer data security. The alternative is to continue to feed the growing cybercriminal economy. If the sense of responsibility to design safe and secure products isn’t enough incentive for some organizations, the thinking goes, the threat of fines and lawsuits will be. 

We are at an important crossroads with regards to the emerging digital economy. Threats are compounding at digital speeds, but in the frenzy to build and deploy new technologies, resolutions – like manufacturers building security safeguards into their products – are proceeding at a snail’s pace. We need to start building security into tools and systems on day zero. We need alignment on ways to effectively see and combat new cybercrime. If we fail to rise to these challenges, the effects could be economically catastrophic. 

You can read Fortinet’s full mid-year 2017 threat landscape predictions update on the Fortinet Blog.


Copyright © 2017 IDG Communications, Inc.