Security, Strategy and Innovation Specialist
Security Solution Specialist
The threat landscape is constantly evolving. We’ve all heard this, and maybe said it too, but what does it actually mean, and why is it happening? In this blog we will explore this point, before highlighting four new types of attack that we believe everyone should be aware of; crime-as-a-service (CaaS), state-sponsored attacks, AI-powered attacks and ransomware IoT attacks.
Crime and technology are far more intertwined than many of us may believe. In Europol’s 2017 report, they make the simple yet thought-provoking point that while document fraud and money laundering do not directly affect the majority of the population, they facilitate most, if not all, other serious and organised crime. They also point out the simple yet underestimated fact that criminal organisations are far more flexible than businesses: they adopt new technology more quickly and build brand new business models around them at a pace legitimate businesses can only envy.
A combination of these sophisticated tech-savvy Organised Crime Groups (OCGs) and the population’s reliance on abundant data make it clear why the threat landscape is constantly evolving: we are connecting more people, places and things to the internet every day. We reap benefits in our daily lives and within our industries. However, every time we connect a new device we are also increasing our potential attack surface.
The effect of attack surface expansion is two-fold; more and more devices gives hackers additional points of potential entry, and the wider pool of data increases their potential profit. Hackers can swiftly adapt their business models to exploit these vulnerabilities; but can businesses quickly adapt to defend themselves? Increasing breach figures would suggest not. First and foremost, businesses need to realise their responsibility in ensuring they build and install these devices in a secure environment, and they need to step up and devote the necessary resources to become more agile, and proactively and dynamically protect both themselves and their customers.
To give us a better idea of what we’re up against, let’s delve into some of these new types of attack.
Criminals are becoming increasingly sophisticated and seeing the benefits of working in similar ways to commercial businesses, with complex organisational structures spread across the globe; 7 out of 10 Organised Crime Groups are now typically active in more than three countries (Europol 2017). In much the same way as you would buy an item of clothing, groceries or a new device, customers can now go online and buy things like malware coding, Distributed Denial of Service (DDoS) or money laundering services. As these services become increasingly accessible and specialised, we need to make it harder for them to be successful so their businesses become less profitable, not ours!
The second new type of attack to highlight is state-sponsored attacks. The motivations of these go far beyond money, into the realm of politics; they’re “targeted, sophisticated, well-funded and have the potential to be incredibly disruptive” (CSO, 2018). They’ve been happening for years, but this latest wave is designed to acquire intelligence or target voting systems to manipulate public opinion. They are challenging democracy as we know it. People working in and around these industries particularly need to be trained to spot this type of attack, and nations need to collaborate and share intelligence to protect themselves and each other.
AI is another area that has great potential to transform industries, but again, it brings the threat of more sophisticated attacks, and 91% of security professionals are concerned. While security professionals are advancing their use of AI in cybersecurity to protect against threats, hackers are fighting back and starting to create automated tools that can learn how to hide malicious files from anti-virus software, just by changing a few bytes, or narrow down the number of possible passwords by looking at demographics and geographies. Who will win the AI arms race?
IoT devices don’t always hold a lot of valuable data. But don’t underestimate the potential of a ransomware attack on these devices, especially in large organisations and certain industries. As we ramp up the efficiencies in infrastructure with smart sensors, as we impressively automate our factories, we also need to make sure that security comes first. As the web of devices grows bigger, the potential for an effective ransomware attack increases. If hackers manage to exploit sensors on the power grid, and then demand a ransom or they’ll shut down the entire grid, that would be hugely worrying.
As our reliance on data, networks and information systems continues to increase exponentially, increasingly-sophisticated malicious actors are rapidly adapting their business models to exploit any vulnerability. Cybercrime is not only threatening the day-to-day digital life we’ve grown accustomed to, but with the emergence of state-sponsored attacks, it is also beginning to challenge the idea of democracy itself.
It’s a race; but who is going to win? Are you Ready?
Around the globe, our network reaches 182 countries.
We provide the physical network and the management and control function.
Gartner names Vodafone as a Leader in its 2019 Magic Quadrant for Network Services, Global.