Last year, we reviewed threat reports from numerous companies and organizations. At the time, a couple of simple themes emerged: too many systems were unpatched, and phishing was a predominant means of intrusion. These themes are still present a year later, but some new trends have arisen to keep them company.
Ransomware is on the rise, insider threats are in resurgence, mobile devices and Macintoshes are increasingly vulnerable, and attacks on healthcare facilities, particularly hospitals, are on the rise.
Let’s look at these trends from three points of view: attack method, target platform, and target organizations – and discuss what to do about them. For those who want to dig deeper, a list of threat reports appears at the end of this post.
Attack Methods: Ransomware
Several reports note an increase in ransomware – malware that encrypts all of your files, or prevents you from using your computer until you pay a ransom. The best response to a ransomware breach is to have a good backup of your data and a fast way to restore a compromised machine. Home users tend to lack these safeguards, and are thus the focus of ransomware attacks.
However, environments with strict up-time requirements, such as hospitals and healthcare facilities, will often pay the ransom to get back up and running as soon as possible. A patient’s life and well-being are always the highest priority. Naturally, it’s best to prevent the attack entirely, so a strong endpoint protection system, coupled with network security systems (firewall, IDS/IPS, web gateways, etc.) are essential.
Attack Methods: Phishing
The sheer volume of malicious e-mail is ebbing, but phishing attacks are becoming more sophisticated. Attackers carefully craft e-mails based on research and information from social media, and target them at specific companies, divisions or groups within a company, or individuals. The goal is to induce the victim to open an e-mail attachment, (often a Microsoft Word or Excel file) that installs the malware. Consequently, researchers are seeing a rise in macro malware along with increasingly effective phishing campaigns.
Attack Methods: Insider Threat
The trusted insider is still a major attack vector, so strong identification and privilege management, along with data loss prevention (DLP) capabilities are a must.
Target Platforms: Applications, Mobile Devices, and Mac OS
As more and more people access networks with mobile devices, bad actors find more and more ways to compromise the applications they run. At the laptop level, the venerable Macintosh is becoming more vulnerable as well.
Target Organizations: Healthcare
Attackers are exploiting two major weaknesses at healthcare facilities and hospitals: medical devices and health records.
Health organizations use a huge variety of network-connected medical devices. Uptime on these devices is paramount, so system maintenance, which requires downtime, is often neglected. The result: unpatched software vulnerable to denial-of-service attacks. Hospital staff will do anything to restore devices to normal operation, and too often that means paying ransom immediately.
Healthcare records are extremely valuable to bad actors. Attackers can sell healthcare records for high prices on the Dark Web, or use them to blackmail victims.
So, what are the takeaways? With ransomware on the rise, we’re seeing a much more aggressive form of malware – a form that does not simply steal data, but actively interferes with your organization’s mission. If uptime is preeminent – as in hospitals or healthcare facilities – be sure to have tools, techniques, and procedures to restore systems to operation quickly.
Recognize the uptick in the insider threat, so be careful with privilege management, implement DLP, and make sure your users are properly screened. Phishing is more effective than ever, so implement mail protection systems, test your users, and remind them to watch for phishing e-mails. Don’t assume your Macs or mobile devices are safe, and protect them carefully with endpoint protection and encryption systems.
Threat Reports Reviewed for This Blog
CEO’s Guide to Cyberbreach Response, AT&T,
Blue Coat Systems 2015 Mobile Malware Report
Verizon 2016 Data Breach Investigations Report
McAfee Labs 2016 Threats Predictions
McAfee Labs Threats Report
IBM X-Force Research 2016 Cyber Security Intelligence Index
HPE Security Research Cyber Risk Report 2016
UBM 2016 Trend Report: Cybersecurity
F5 State of Application Delivery 2016 Report
Cisco 2016 Annual Security Report
Symantec Internet Security Threat Report, April 2016
Mandiant M-Trends 2016