Security threats are increasing - here’s three you may not have considered
There have been a myriad of cybersecurity threats so far in 2017 with the WannaCry ransomware and NotPetya attacks taking the headlines. The global impact of these two events have raised the awareness of cybersecurity risk publicly, and at a corporate level. However there are a range of cyber threats beyond ransomware which will pose a risk to businesses and their leaders throughout the remainder of 2017.
Many businesses are undergoing digital transformation and empowering their workforce through technology. If appropriate risk management controls are not in place to protect businesses, then they are inviting hackers in. Here are three additional cybersecurity threats which will likely cause some headaches over the next six months:
Steganography
Steganography is an art of hiding data in a covered media such as an image, audio, video, text. In a cybersecurity context, a file like an image can be stealthily encoded with information. For example, pixel values, brightness, and filter settings for an image are normally changed to affect the image’s aesthetic look. But hackers can also manipulate them based on a secret code with no regard for how the inputs make the image look visually. While cryptography works to obscure content so it can’t be understood, steganography hides the fact that content exists at all by embedding it in something else.
McAfee Labs’ June threat detection report notes that steganography is being used in more diverse types of attacks than ever, and an article published by Wired noted that it is possible that steganographic attacks aren’t necessarily on the rise, but being discovered more often. Malicious hackers can change their modus operandi over time to incorporate new methods and tools, always looking to increase the chance of a successful attack. Steganography presents an opportunity for cyber criminals to increase the effectiveness of phishing campaigns and socially engineered attacks.
Businesses are taking considerable efforts to provide cybersecurity training and awareness for staff, often focusing on how to detect a phishing email, and not clicking on the malicious link. When a phishing email contains an attack vector involving steganography, it removes the human element because once the file is received on the victim’s system the ‘hidden message’, or secret code, will be extracted and the victim’s system will be susceptible to exploitation.
Malicious applications
Malicious software on popular mobile platforms such as iOS and Android can pose a security threat to individuals and businesses. Some companies have, or are, implementing a bring your own device (BYOD) policy which allows employees to access company systems from a their personal devices. Any business with a BYOD policy will face difficulties in adequately controlling the security of those personally owned devices.
The threat of malicious applications was highlighted by Security researchers from G Data who recently found that there were over 750,000 new malicious apps made available in the first quarter of 2017 alone. Without policies and controls over the security configuration of employee’s personal devices, a BYOD approach to the workplace will increase financial risk and threat of sensitive information disclosure.
Business Insider reported that it is far more common for malware to be inserted into existing applications, and there are a number of different mechanisms through which criminals achieve this:
- Republishing: Applications are automatically downloaded, infected with malware, then republished to app stores.
- Malvertising: Advertisers provide packages of code to allow developers to incorporate advertisements into their applications.
- Acquisition: Some developers sell their applications outright, creating a risk that the new owner will release malicious updates that will be automatically installed.
- Infected development tools: Infected application development tools may be distributed and used to application authors.
Fileless malware
Fileless malware demonstrates how the threat landscape has evolved and become more difficult to navigate. Crowdstrike states there are three characteristics of a fileless malware attack. It begins with a fileless infection — a malicious coding that exists only in memory rather than being installed to the target computer’s hard drive. This allows the attacker to bypass most legacy antivirus (AV) solutions because they rely on scanning for malicious files. The malware will leverage a trusted system, application or process on the target computer to gain a foothold.
Secondly, once the attacker has control over the target computer, rather than attempt to download and execute a malicious file that could be detected, they can use the built-in tools that are part of the operating system’s administration functions to evade detection. This is a blind spot for legacy AV, whitelisting and even sandboxing solutions because those built-in tools are trusted and allowed to run in most environments.
The third characteristic of fileless infection is the attacker creating “back-doors” that are so hidden, they can’t be detected by most security tools. These back-door techniques can range from adding registry keys to simply creating a new user account for the attacker — which allows the attacker to easily bypass antivirus, firewalls, and whitelisting solutions — giving them access to the compromised system at will while remaining completely undetected.
Steganography, malicious applications, and fileless malware are three, of many, attacks a cyber actor may use for financial gain or to gain unauthorised access to an organisation’s information. For example, fileless malware has been used to target banks, malicious applications often have financial incentives, and steganography has been used for command and control infrastructure through social media websites.
The cyber threat landscape is dynamic, and therefore businesses should respond with a strategic and cohesive enterprise risk approach to protect their critical systems and information.
