Sean Duca, Vice President and Regional Chief Security Officer for Asia Pacific, Palo Alto Networks, reveals his top six cybersecurity predications in 2016.
Ransomware will continue to evolve its methods of propagation, evasion techniques and continue to hide its communication and the targets it seeks.
As reported by the Cyber Threat Alliance, ransomware has been very lucrative for cyber criminals to launch campaigns and in a short period of time derive large revenue streams.
Today, the value of credit card data is so low compared to ransomware, where higher value can be extracted from more victims.
Research by the Cyber Treat Alliance reported that CryptoWall v3, generated more than $325 million for the group behind it.
This will drive further versions of ransomware style attacks to be released allowing more cyber criminals to extort users to pay the ransom to get the decryption key for their data.
We predict to see this crossing over to other platforms, such as OS X and mobile operating systems.
2. Sharing of threat intelligence
Efforts have been around for years to share threat intelligence in some verticals and we predict that 2016 will mark a year where the private sector and security vendors look to share more of this than they ever have in Asia Pacific.
Today, many adversaries often write one piece of malware and send it to multiple organisations, with only minor changes made to make it undetectable.
However, if we, as a community, can force cyber adversaries to create multiple unique attacks each time, it will force their costs to go up. And if we can share the information, the defender costs go down.
The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks.
By knowing what kinds of actors are targeting you, the tools that they have available and the tactics they employ allows organisations to defend their networks more effectively.
Although the debate continues on how effective these regulations will be, Asian governments should look to foster the sharing of threat intelligence and organisations should think about how they can share in their vertical and go cross vertical in their efforts.
We should ensure that there are responsible privacy protections in place, for the purpose of identifying, preventing, mitigating and responding to cyber threats, vulnerabilities, and malicious campaigns.
The faster organisations can share this information, the better we can serve to protect each other and push the cost back to the attackers.
We expect this trend to continue, as more organisations begin to realise the benefits of sharing knowledge as a means to unify efforts to fight against cyber intrusions in Asia Pacific.
3. Secondary victim attacks
More and more we are seeing that when we know the motive of an attack, there is usually a secondary victim.
The 2015 Verizon Data Breach Report, highlighted that adversaries are using third-party websites to deliver their attacks. This often can mean that the person or organisation that experiences the initial breach isn’t the real target, but rather a pawn in a bigger attack.
From the perspective of an attacker, this allows them to take advantage of trust and use the resources of another company for their gain.
The most common method seen in Asia Pacific has been “watering hole attacks”, where an organisation’s website is infected with exploit code to try and infect visitors of their site. We predict that this will continue to rise with more reported incidents coming to light in 2016.