SOLUTION BRIEF
5 Attack Vectors Businesses Should Prepare for in 2016 Businesses were threatened by 38% more cyber attacks in 2015 than they were in 2014, with theft of “hard” intellectual property rising by 56%, PricewaterhouseCoopers found.1 Cyber security isn’t just a hot-button issue because attacks are getting more sophisticated; businesses are also facing a wider range of threats that can put key data at risk. The need to prepare for a diverse range of attacks is critical, with five major attack vectors standing out in 2016.
1. Machine-To-Machine (M2M) Attacks The Internet of Things (IoT) has been gaining momentum in a wide range of sectors, giving organizations an opportunity to automatically move data between diverse sources. Spreading connected devices over key areas of operations lets them gather relevant data and deliver it to strategic apps and software systems that then take action on that information, streamlining operations. While the trend has taken an especially strong hold in sectors like automation, it has potential in a wide range of industries. Sources: 1 http://www.pwc.com/gx/en/issues/cyber-security/information-security-survey.html 2 https://blog.fortinet.com/2015/11/24/the-top-5-threat-predictions-for-2016-from-fortiguard-labs 3 http://www.kaspersky.com/about/news/virus/2016/Adwind
A recent Fortinet study explained that hackers using the IoT to complete M2M attacks, with malware focused on taking over these connected machines becoming especially prevalent as a way to take over point-of-sale devices. This use case gained momentum in 2015, and Fortinet expects attacks to get more sophisticated in 2016, with a huge focus being on using connected machines to gain access to the network and then gradually spread.2
2. Malware-as-a-Service (MaaS) If everybody’s using the cloud to get a competitive edge in the business world, then why wouldn’t hackers try to do the same thing? This seems to be happening as advanced malware solutions are being developed and deployed as a service, empowering anybody who wants to attack an organization to do so with sophisticated tools. According to a Kaspersky Lab report, the Adwind Remote Access Tool MaaS solution became especially notable in 2016. The cross-platform malware was found to be a part of attacks on approximately 443,000 targets ranging from individuals to commercial organizations during the period of 2013 through 2016.3 Kaspersky analyzed attacks taking place from August 2015 through January 2016 and found the malware was encountered by more than 68,000 users during that time.
Continued on next page
1-800-843-8733 • LearningTree.com
SOLUTION BRIEF 5 Attack Vectors Businesses Should Prepare for in 2016 (continued)
3. Ransomware Gaining entry into a system and encrypting data gives hackers an opportunity to hold that data hostage by promising to provide the encryption key only when a certain amount of money is provided as a fee. Holding data ransom in this way became the trendy thing for cyber attackers to do in 2016, with a wide range of consumers and businesses alike being impacted by such attacks. Furthermore, cybercriminals weren’t afraid to go after organizations providing public services, such as hospitals. One major instance of this type of attack took place in February 2016 at the Hollywood Presbyterian Medical Center, where ransomware took over systems and attackers held data hostage with the ransom reportedly set at millions of dollars. The hospital eventually got out of the situation by paying approximately $17,000 in the form of bitcoin.4
4. Distributed Denial of Service (DDoS) Like ransomware, DDoS attacks have become a trendy option, particularly as they are a popular tool for hacktivists. A DDoS attack is troublesome because it prevents a business from providing services, leading to major disruption, customer service problems and potential loss of revenue. DDoS attacks have become popular against new digital products as they release, such as video games, or as a way to disrupt online activities for political reasons. The U.S. government, for example, is a prime target for hacktivists, and one attack on the U.S. Congress took out the congress.gov, Library of Congress and U.S. Copyright offices for a period of three days in July, Softpedia reported.5 The attack came in the form Sources:
US1610 AtkVector
4 http://hollywoodpresbyterian.com/default/assets/File/20160217 Memo from the CEO v2.pd 5 http://news.softpedia.com/news/ddos-attack-takes-down-us-congress-website-for-three-days-506451.shtml 6 https://blog.cloudmark.com/2016/01/13/survey-spear-phishing-a-top-security-concern-to-enterprises/
of a DNS reflection attack that was initially slowed by protective measures but gradually escalated to a point that it made the sites inaccessible.
5. Phishing In many cases, phishing attacks are the cause of ransomware, a way for Malware-as-a-Service solutions to gain access to restricted systems or even a method to get a malicious app into a machine-to-machine network. Phishing scams use messages that look legitimate to get users to reveal important information or authentication details and use that information to gain access to networks without triggering any suspicion. According to a survey from CloudMark, spear phishing, a type of phishing attack aimed specifically at executives, is becoming especially popular. When polling IT decision-makers, approximately two-thirds told CloudMark that phishing is either their primary or among their top three areas of concern.6
Staying Ahead Of The Curve The diversity of ways organizations can be attacked makes safeguarding sensitive data and systems incredibly difficult. Continual training and skills development plays a critical role in helping technology teams stay ahead new threats. Strategic training initiatives give organizations the tools they need to keep their IT teams ahead of the threats they face every day.
Empower your staff and users to stay on top of these attack vectors. Learning Tree offers a comprehensive cyber security curriculum, providing you the training that fits your organization’s needs.
1-800-843-8733 • LearningTree.com