On the Eighth Day of Christmas, the Industry Predicted…Attackers Making Money

Written by

In Asian cultures, the number eight is considered to be a lucky number as it sounds like the word meaning to generate wealth. Thank you Wikipedia.

In our eighth prediction, we will take a look at the miscreant attackers and predictions on what they will be up to in 2017, and how they will find ways to make more money.

Unsurprisingly, the consensus is that things will get worse, be it using ransomware or social media as the weapon of choice. According to RiskIQ VP EMEA Ben Harknett, “modern threat actors move fast” so “seconds will count more than ever”.

He said: “We are increasingly hearing of attack campaigns from instances of domain infringement used for phishing and malware campaigns that go live the day the account is created and only last for a few hours.” The breaches that we have seen in 2016 show a lower level of sophistication than demonstrated in the Target breach (for example), but lower sophistication is still allowing for success for attackers.

Sian John, Chief Strategist of EMEA at Symantec believed that the money will be earned at the very top, where rogue nation states will finance themselves by stealing money. “There is a dangerous possibility that rogue nation states could align with organized crime for their personal gain, such as what we saw in the SWIFT attacks. This could result in down time for countries’ political, military or financial systems,” she said.

So attackers will be more organized, and in some cases state-funded. What will the targets be? Aaron Shelmire, Anomali senior threat researcher believed that the cloud would be the target, specifically as cloud-based methods of persistence and compromise have been presented at many security conferences in the past year.

He predicted that in 2017, he expected to see the leading security organizations begin to catch malicious actors breaching their cloud management infrastructure, and malware purpose-built to capture cloud services credentials.

“After the malicious actors gain access to cloud infrastructure, we expect to see new methods of persistence established via the cloud management profiles,” Shelmire said. “This activity will present a significant challenge for understanding intrusion timelines.”

The tools exist on the internet’s underground to enable attacks to happen, so arguably the level of sophistication and dedication on the side of the attacker does not need to be so persistent. Mike Scutt, analytic response manager at Rapid7 predicted a lot more script-based malware and an increase in the use of native operating system tools to execute malware, persist, and perform recon in 2017.

While the websites that host the malware and phishing snares are only live for a matter of hours, the malware persists and an improvement in detection and response will only improve things in 2017.

>> On the First Day of Christmas, the Industry Predicted...More Ransomware

>> On the Second Day of Christmas, the Industry Predicted…Poor Routine IT Practices

>> On the Third Day of Christmas, the Industry Predicted…More Political Disruption

>> On the Fourth Day of Christmas, the Industry Predicted…CIOs to Reclaim Ownership of Data Initiatives

>> On the Fifth Day of Christmas, the Industry Predicted…More Social Media Attacks

>>On the Sixth Day of Christmas, the Industry Predicted…a Big Year for IoT

>>On the Seventh Day of Christmas, the Industry Predicted…More Mention of AI

>>On the Ninth Day of Christmas, the Industry Predicted…GDPR Compliance

What’s hot on Infosecurity Magazine?