“The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by potential state-sponsored actors and cybercriminals. Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months.”
- Josh Ray, managing director, Accenture Security
On July 25, the iDefense arm of Accenture Security issued a news release summarizing findings from its new 2017 Cyber Threatscape Report. The above quote comes from that release, and aptly summarizes the “brave new world” of evolving cybersecurity threats.
The Top Five Threats of 2017 (So Far…)
The new iDefense report identifies five developments as top cybersecurity threats in 2017. Here are brief descriptions and commentary by Accenture, as taken from the report news release.
- “Reverse Deception Tactics – Increasing cybercriminal use of deception tactics including anti-analysis code, steganography [hidden, secret messages], and expendable command-and-control servers used for concealment of stolen data. Greater public reporting on cyber threat activity and attribution may accelerate this denial and deception trend, increasing the cost of cyber defense efforts and resource allocations.
- Sophisticated Phishing Campaigns – Cybercriminals continue to craft familiar lures—subject lines mentioning invoices, shipping, resumes, wire transfers, missed payments— but ransomware is displacing banking trojans as one of the most prevalent types of malware delivered via phishing techniques.
- Strategic Use of Information Operations – Escalation of espionage and disruption activity from state-sponsored actors may likely continue in response to fulfilling strategic collection requirements and geopolitical triggers such as economic sanctions, military exercises and religious conflicts.” And even targeted attacks that appear to have been state-sponsored, like NotPetya, can have ramifications for enterprises around the world.
- “Alternative Crypto-Currencies – Bitcoin continues to be the currency of choice among cybercriminals, however, the need to better conceal transactions is forcing cybercriminals to either develop and leverage bitcoin laundering techniques or adopt alternative cryptocurrencies.” In addition, some attacks, such as NotPetya, were only masquerading as ransomware. The real goal was massive disruption. In such cases, even paying the ransom doesn’t guarantee receipt of a working decryption key in return. (See “Petya and Weaponized Malware: Is Ransomware the New DDoS Attack?” and “Webinar Q&A: Petya and Weaponized Malware.”)
- “DDoS-for-Hire Services – Distributed denial of service (DDoS)-for-hire services have given way to a thriving DDoS-for-hire botnet ecosystem leading to threat actors gaining greater access to increasingly potent and affordable DDoS-for-hire tools and services.”
How Best to Prepare? Start with the Basics
In the release summarizing the iDefense report, Accenture’s Josh Ray also offered some hope, along with some guidance. “While the occurrence of new cyber attack methods is not going away, there are immediate actions companies can take to better protect themselves against malicious ransomware and reduce the impact of security breaches.” Here are the actions Accenture recommends.
- “Adopt proactive prevention – Recognize phishing scams through prevention training and awareness programs. Make it easy for employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.
- Elevate e-mail controls – Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution.
- Insulate your infrastructure – Remove or limit local workstation admin rights or seek out the right configuration combinations (e.g. virus scanners, firewalls). Regularly patch operating systems and applications.
- Plan for continuity – To avoid paying any ransom have a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested.”
These recommendations echo those of such respected bodies as the Center for Internet Security (CIS), the Australian Signals Directorate (ASD), the International Organisation for Standardization (ISO), and the UK’s National Cyber Security Centre (NCSC). They—and Ivanti cybersecurity experts—agree that timely patching of operating systems and applications, along with effective control of applications, devices, and admin rights, can rapidly and dramatically improve any enterprise’s security posture. (See “Beyond WannaCrypt/WannaCry: Wanna Know What’s Next?”)
Many of these same bodies and the Ivanti team also agree that user education and engagement are critical elements of effective cybersecurity. Regular, frequent education, testing, and encouragement can transform users from points of vulnerability and unauthorized network access into worthy defenders against phishing and social engineering. (See “Three Things You Can Do Now to Increase User Contributions to Cybersecurity at Your Enterprise.”)
Ivanti: Help—and Discounts!
Ivanti stands ready to help you to improve patch management of your client operating systems and applications and your data center servers. If you use Microsoft System Center Configuration Manager (SCCM), we can extend it with third-party application patching. Ivanti solutions can also help you gain greater control over your applications, users’ devices, and admin rights. And for a limited time, you can acquire combinations of select Ivanti cybersecurity solutions at discounts up to 30 percent. More details are available online, as are free trials of Ivanti patch management offerings.
Beyond these critical areas, Ivanti can also help you to combat ransomware and other malware more effectively, even as those threats continue to evolve. Explore our solutions for cybersecurity and other critical IT management functions online. Then contact Ivanti, and let us help you prepare for future cybersecurity threats, starting now.