2016 Cyber Threat - Use To Advantage

Based on observations over the past year, here are Security Week’s predictions for threat activity in 2016.

1. Attribution remains murky. Last year both the variety of threat actors and the ability to neatly “classify” these actors into types became much more difficult as attack behaviors changed, and motivations and threats increased in their complexity. Actors no longer work in set groups, but combine with others, involve multiple individuals, and use facades to hinder attribution. This all but ensures that attribution will be even more challenging in 2016.

2. Ransom continues to rule. Extortion as a mode of attack became a popular tactic for threats actors in 2015, and on a few occasions attackers have taken it to the level of demanding that businesses shut down entirely. Having proven that this is a profitable enterprise, attackers will likely further innovate their business models based on ransom and extortion in 2016.

3. More attackers share the global stage. Advanced attack methods, such as custom malware or unusual attack vectors, were historically the domain of nation states with significant engineering capability; often those states that have or are developing a nuclear defense capability. In 2015, non-nuclear states and organized criminal groups adopted these techniques thanks to lower barriers to entry and the increased trade in espionage capabilities. We can safely expect that in 2016 non-nuclear states will continue to develop their cyber capabilities and compete on the global stage.

4. Criminals follow the money. Organized criminals are focusing more intently on high value targets that provide a large value single payout. This is in contrast to the traditional consumer-focused malware approach that these groups have exploited in the past. This is highlighted even more with the Carbanak/Anunak attacks. Examples of high value/low volume transactions that may be targeted in 2016 are payroll, mortgages, and investment transactions.

5. Hacktivists get more sophisticated. Hacktivists continue to be motivated by embarrassment of their targets, but their tactics are no longer simply DDoS, doxing, and defacement. In 2015 hacktivists stole and published data in order to attract awareness to their cause, continuing to embarrass their targets despite the collateral damage. In 2016 hacktivists will use more tactics, techniques and procedures that were previously considered the preserve of cyber criminals.

6. Dark web marketplaces scramble for leadership. Global law enforcement will continue to takedown large dark web marketplaces. This will likely lead to a fragmentation of the market and rival marketplaces scrambling for pole position. This means that in 2016 we can expect the dark web will move to employ overlay networks other than Tor.

7. Attacks on the retail industry evolve. Spurred by the recent requirements for EMV chip card compliance, cyber criminals will continue to develop more sophisticated Point-Of-Sale (POS) malware.

As I stated at the beginning of this article, the point of these predictions isn’t to present a ‘gloom and doom’ scenario. Instead, we can use this information to our advantage. That’s what cyber situational awareness is all about: bringing together relevant and contextual insights to prioritize threat protection and policies and administer takedowns in order to mitigate harmful events.

Information about malicious actors is an important component of cyber situational awareness, because it analyzes which malicious actors might be targeting an organization, why, and their methods of attack. It’s even more critical that this analysis be tailored specifically to organizations and their unique threat environments. With a better understanding of what the future may hold, organizations can gain an upper hand with the adversary, preventing, detecting and containing cyber-related incidents.

Security Week: http://bit.ly/1K9MBKF

« Commercial Opportunities To Be Found In Security Problems
UK Police Deploy Drone-Jamming Technology at Major Public Events »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alliance for Cyber Security

Alliance for Cyber Security

An alliance of all major players in the field of cyber security in Germany with a mission to strengthen Germany’s resistance to cyber-attacks.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

TCPWave

TCPWave

TCPWave IPAM is the world’s first acclaimed DNS/DHCP management software to pass the most stringent Information security tests.

ATIS Systems

ATIS Systems

ATIS Systems offers first-class complete solutions for legal interception, mediation, data retention, and IT forensics.

Identifi Global Recruitment

Identifi Global Recruitment

Identifi Global is one of the UK's leading Cyber Security & IT Recruitment specialists.

Greensafe IT

Greensafe IT

Greensafe offer various onsite and offsite data erasure services, aimed at increasing data security whilst reducing any risk of data loss during transit.

Enterprise Ethereum Alliance (EEA)

Enterprise Ethereum Alliance (EEA)

EEA is a member-led industry organization whose objective is to drive the use of Ethereum blockchain technology as an open-standard to empower ALL enterprises.

AuthLite

AuthLite

With AuthLite, you can keep using all your existing software, with added two-factor authentication security placed exactly where you need it.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

Hummingbird International

Hummingbird International

Hummingbird International, LLC offers services for the collection, audit, computer recycling and safe disposal of laptops, monitor/LCD, hard drives, and IT disposal.