Cybercrime is on the upswing, and no industry is immune. The volume of cyberattacks is growing at an unprecedented rate, and attacks are severe – 96 percent of firms experienced at least one severe exploit according to a recent Fortinet Threat Landscape Report.
One reason for this acceleration in the attack cycle is that successful malware spreads further and faster than ever before. This is due in large part to the expansion of the potential attack surface, resulting in a dramatic increase in the volume and sophistication of attacks across mobile devices, the Internet of Things, and cloud services. In addition, since malware is a commodity that can be bought, it makes it easy for criminals and would-be hackers to enter the world of cybercrime, as they don’t need to have sophisticated programming skills.
(Image: Pixabay)
Today’s complex attacks now often span across malware families and use advanced techniques to target multiple attack vectors simultaneously. This enhanced focus on innovation, combined with the increased speed and volume at which new threat variants are being released into the wild, allows cybercriminals to stay a step ahead of new efforts by vendors to improve their delivery of updated signatures and patches. As a result, these criminal efforts are successfully catching far too many organizations unprepared.
Because the sophistication of cybercriminal techniques and tactics are quickly changing and evolving, cyber security requirements are having to evolve as well. There are several new types of cybercrime that IT decision-makers should pay attention to:
- Cryptojacking – This is an important new trend among cybercriminals, whereby they hijack CPU cycles of compromised devices to mine cryptocurrencies without user knowledge. The latest iteration involves injecting malicious JavaScript into vulnerable websites so simply browsing an infected site can enable attackers to hijack CPU cycles to perform cryptomining on behalf of a cybercriminal, or delivering that malware via phishing campaigns. While earlier versions of such attacks initially hijacked all available CPU, causing machines to become virtually unusable, new, more sophisticated attacks now monitor device CPU and limit the amount of processing power they leverage, often using 50 percent or less of available processing power at any given moment to evade detection.
- Hivenets – In 2017, massive IoT-based botnets such as Mirai and Reaper were developed and deployed, causing unprecedented damage to organizations. As these attacks continue to be further developed, cybercriminals are beginning to upgrade these botnets so they can interoperate in ways that allow independent decision making, and arm them with a wide variety of malware that allows them to match attacks to discovered vulnerabilities. These developments seem to be driving the adoption of swarm-based technology to create increasingly more effective and autonomous attacks. The result (which would be a hivenet rather than a simple botnet) could leverage peer-based self-learning to target vulnerable systems at an unprecedented scale effectively.
- Crime-as-a-Service – Part of the reason behind the increase in attacks is the growing availability of Crime-as-a-Service offerings on the dark web. These easily accessible services no longer require criminals to have sophisticated programming skills to create their own malware or launch cyber-attacks. In addition, the connectivity provided by the Internet offers more opportunities for organized crime, allowing various criminal groups to engage despite being geographically dispersed. Advanced services are also being offered on dark web marketplaces that allow criminal developers to upload attack code and malware to an analysis service for a fee to assess its ability to penetrate systems and evade detection using machine learning. This technology can also be used to modify such code on the fly to make these cybercrime and penetration tools even less detectable. These resources allow criminal application developers to quickly refine their technology to circumvent better security devices used by a targeted company or government agency.
Addressing the Need for Training
Because the threat landscape continues to evolve rapidly, organizations are having a hard time keeping pace with the evolving cybersecurity skills required to manage their complex environments.
There are currently about 350,000 open cybersecurity positions in the U.S., and Cybersecurity Ventures forecasts a global shortage of 3.5 million cybersecurity jobs by 2021. This shortage of skilled cybersecurity professionals means that many organizations looking to participate in the digital economy will do so at great risk.
Training and certification must be leveraged to help close this gap in critical cyber skills. In addition to the development of specific cybersecurity personnel, every employee in an organization has a responsibility to be security aware to help keep their organization safe, and training plays a critical role here as well. The biggest gating factors, however, have been having the right level of training and the prohibitive costs associated with being trained and certified.
Education is Everyone’s Responsibility
Removing or reducing these gating factors will require a cooperative effort between the public and private sectors, including educational institutions. To address a challenge as broad as cybercrime, that impacts literally everyone who connects to the Internet, it is everyone’s responsibility to foster the development and continuing education of cybersecurity talent to close the skills gap before it becomes a crisis.
It is also critical that organizations institute a security awareness program for all employees so that they have the tools and training to be cyber-aware. Effective security requires people, technology, and processes. However, despite the best technologies and processes, the human factor can often be the weakest link. Simply clicking on a malicious email attachment or connecting a device to an infected home network and then taking that same device to work can set off a chain reaction of infection that could potentially lead to a breach of company and consumer data. As connected devices and applications continue to become critical components of our work and personal lives, the impact of poor security practices is having further-reaching consequences than ever before. As a result, all workers, regardless of their job duties, must understand that they are the first line of defense against a cyberattack.