Threat Intelligence

8/3/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Accenture Security Report Identifies Top Cyber Threats of 2017

Destructive ransomware, alternative crypto-currencies and increased use of deception tactics among threats driving even more lucrative criminal marketplace.

ARLINGTON, VA – With recent large-scale cyber attacks signaling a growing front in destructive threats and business impact, a new midyear report from iDefense, part of Accenture Security, reveals how threat actors are continuing to evolve their ability to avoid detection. Based on in-depth analysis, the report anticipates a growth in the number of threat actors who are rapidly expanding their capabilities due to factors such as the proliferation of affordable, customizable and accessible tools and exploits.

The 2017 Cyber Threatscape Report examines key trends during the first half of 2017 and explores how cyber incidents may evolve over the next six months. This report relies on iDefense intelligence collection, research, and analysis including research using primary and secondary open-source materials. It covers the increased prevalence of destructive attacks and adversary denial and deception tactics; the aggressive use of information operations by nation-states; growth in the numbers and diversity of threat actors; as well as the greater availability of exploits, tools, encryption, and anonymous payment systems available to malicious actors.

"The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by state-sponsored actors and cybercriminals. Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months," said Josh Ray, managing director at Accenture Security. "While the occurrence of new cyber attack methods is not going away, there are immediate actions companies can take to better protect themselves against malicious ransomware and reduce the impact of security breaches."

Other notable observations from the report include:

  • Reverse Deception Tactics – Increasing cybercriminal use of deception tactics including anti-analysis code, steganography, and expendable command-and-control servers used for concealment of stolen data. Greater public reporting on cyber threat activity and attribution may accelerate this denial and deception trend, increasing the cost of cyber defense efforts and resource allocations.
  • Sophisticated Phishing Campaigns – Cybercriminals continue to craft familiar lures—subject lines mentioning invoices, shipping, resumes, wire transfers, missed payments— but ransomware is displacing banking trojans as one of the most prevalent types of malware delivered via phishing techniques.
  • Strategic Use of Information Operations – Escalation of espionage and disruption activity from state-sponsored actors may likely continue in response to fulfilling strategic collection requirements and geopolitical triggers such as economic sanctions, military exercises and religious conflicts.
  • Alternative Crypto-Currencies – Bitcoin continues to be the currency of choice among cybercriminals, however, the need to better conceal transactions is forcing cybercriminals to either develop and leverage bitcoin laundering techniques or adopt alternative cryptocurrencies.
  • DDoS-for-Hire Services – Distributed denial of service (DDoS)-for-hire services have given way to a thriving DDoS-for-hire botnet ecosystem leading to threat actors gaining greater access to increasingly potent and affordable DDoS-for-hire tools and services.

Effective components for a business continuity plan include:

·       Adopt proactive prevention – Recognize phishing scams through prevention training and awareness programs. Make it easy for employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.

·       Elevate e-mail controls – Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution.

·        Insulate your infrastructure – Remove or limit local workstation admin rights or seek out the right configuration combinations (e.g. (virus scanners, firewalls). Regularly patch operating systems and applications.

·       Plan for continuity – To avoid paying any ransom have a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Dawn Kawamoto, Associate Editor, Dark Reading,  12/4/2017
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuth,  12/4/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.