Threat Intelligence, Network Security

Cyber threat developments in 2015

It was a tumultuous year with several interesting developments in computer security and the lack thereof. Notable events included the growth of encryption-based ransomware, a series of several high-profile breaches impacting major retailers and the exposure of several highly sophisticated state-sponsored espionage attacks. We anticipate that these threats will continue to mutate in the coming year.

Ransomware will spread to other platforms: the enterprise, the cloud, and mobile devices.
Ransomware is now one of the most successful forms of cybercrime. Although Cryptolocker has been largely disabled, Cryptowall and other forms of ransomware are spreading to multiple vectors. Personal computers are not the only places where valuable data is stored. We've already seen ransom attempts on mobile devices using compromised credentials, and we expect these attacks to become more sophisticated. We also anticipate that cybercriminals will broaden their ransomware attacks to include the cloud and more enterprises.

The theft of celebrities' personal photos illustrates the vulnerability of data stored in the cloud. What if that cloud data was encrypted rather than stolen, and the encrypted version automatically overrode all the original copies? We've also seen the ease with which attackers can penetrate corporate defenses to steal credit card and customer data. Again, what if, instead of stealing that customer database, the backup system were disabled and the database was encrypted? Large companies probably have robust enough backup systems to deal with this, but there may be many small and medium sized businesses that do not.

Government takedowns of drug marketplaces will continue, but the internet drug trade will continue while the Tor network still exists.
The efforts that went into the takedown of Silk Road and Silk Road 2 demonstrate that Tor remains a high priority for law enforcement. We expect that law enforcement agencies will continue to focus their efforts on the platform. Underground drug marketplaces are also vulnerable to hacking and bitcoin theft. These sites' owners may also simply shut up shop, keeping all the bitcoins that were held in escrow. However, there is a lot of money to be made in the business, and as each site is taken down, another will spring up. The eventual survivor(s) will be operated out of countries such as Russia, which are beyond the reach of U.S. law enforcement. So long as the Tor network provides anonymous secure communications and bitcoin allows for anonymous payments these marketplaces will continue to operate.

The Tor network will suffer a major DDoS attack.
The Tor network was created to allow dissidents in oppressive countries to access the Internet anonymously. While it is still used for this purpose, it is also used for a range of criminal activities such drug dealing, money laundering and bank fraud. The Tor network is attracting the attention of important people. Sooner or later someone is going to decide that the world would be a better place without Tor and give the order to take it down. There are only a limited number of Tor endpoints where the network connects to the rest of the internet and these are publicly listed. Launching a coordinated distributed denial-of-service (DDoS) attack on these would be well within the capabilities of any major botmaster or nation state.

More nation states will start building elite cyber espionage teams.
In the past year we have seen evidence of widespread cyberespionage for military, political, and commercial purposes. The big players in the game are currently the U.S., UK, China, Russia and Israel. Regin, Flame, Stuxnet, Sandworm, BlackEnergy and Hikit are all examples of highly sophisticated malware from these countries. Targets included businesses, activists and industrial control systems as well as the more traditional military and intelligence targets of state sponsored espionage. It is clear that nation state cyberespionage teams are working to further their country's commercial interests as well as advancing their political goals.

The barriers to entry in this game are minimal, as is the downside if you get caught. You don't even have the embarrassment of seeing your spies put on trial in a foreign country like the bad old days of the Cold War. Your spies never leave their desks in Beijing or Cheltenham. All you need is a fast internet connection and a dozen or so great software engineers. While great software engineers are not that common, they are a lot easier to come by than nuclear scientists, so a nation wishing to increase their threat profile will find it far better to put together a cyberespionage team than a nuclear weapons program. We have already seen North Korea attacking Sony and the FBI recently issued a warning about Iran developing cyberespionage capabilities. We expect to see many other countries, both friendly and unfriendly, joining these would be nuclear powers in the exploring cyberespionage. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.