Companies that process and store sensitive data such as intellectual property (IP) and personally identifiable information (PII) are valuable targets for cybercriminals. These bad actors are adapting their data exfiltration strategies to take advantage of new vulnerabilities and capabilities presented by shifts in the technological landscape. These trends in advanced threats to sensitive data security provide a glimpse into the advanced methods used by cybercriminals to steal data and disrupt the operations of organizations and governments alike.
Advanced Threat To Sensitive Data #1 - Artificial Intelligence
Advancements in artificial intelligence (AI) have provided security companies with sophisticated methods for detecting and removing Advanced Persistent Threats (APT). Unfortunately, the very same advancements in AI technology that are being leveraged by security professionals can also be used by cybercriminals to create more sophisticated malware.
Maverick USA was down 3.3% for the second quarter, while Maverick Levered was down 2.1%. Maverick Long Enhanced was up 8%. Year to date, Maverick USA is up 31.8%, while Maverick Levered has gained 49.3%. Maverick Long Enhanced has returned 9.9% for the first six months of the year. Maverick Capital is a long/ short Read More
As a proof-of-concept of how AI technology can be used to enhance the capabilities of malware, researchers at IBM previewed an AI-powered tool known as “DeepLocker” at the 2018 Black Hat USA conference. Deeplocker’s unique capabilities allow it to remain dormant on infected systems until an exact target is identified through a combination of factors such as facial recognition, user activity, and geolocation.
Possible AI-driven malware capabilities include:
- Bypassing CAPTCHA: Through the power of AI, malware programs could be trained to bypass CAPTCHA-based authentication.
- Spear Phishing: An increased prevalence of AI-powered spear-phishing campaigns that use data mined from both publicly available sources as well as data from prior breaches.
- Increased Stealth: Machine learning algorithms could allow malware payloads to adapt their concealment ‘strategy’ by referencing historical data of incidents where the malware has been discovered.
#2 - Increased Use of Zero-Day Exploits
Zero-day exploits are vulnerabilities that have not yet been identified and patched. Zero-day exploits are a valuable attack vector for cybercriminals as they can take advantage of the vulnerability before security patches are developed and released.
Examples of zero-day exploits include:
- (2010) The Stuxnet Attack: The computer worm Stuxnet caused physical damage to systems used in Iranian nuclear processing facilities by targetting the programmable logic controllers (PLCs) used to control industrial processes related to processing nuclear material.
- (2011) RSA Data Breach: Cybersecurity company RSA falls victim to a phishing attack that exploited a zero-day vulnerability within Adobe Flash Player. The attack used spreadsheets with embedded flash files to install remote access tools that allowed attackers to gain access to RSA’s network, where they stole sensitive intellectual property related to their products.
- (2016) DNC Email Leaks: The Democratic National Committee fell victim to a politically-motivated attack that leveraged several zero-day vulnerabilities. The emails leaked from the attack contained details such as media interactions, financial contributions, and information regarding the political campaigns of Hillary Clinton and Bernie Sanders.
#3 - The Internet of Things
The prevalence of Internet of things (IoT) devices is expected to reach 75.44 billion units worldwide by 2025. IoT technologies provide a suite of added capabilities for a variety of industries including real-time monitoring, automation, and enhanced data collection.
Unfortunately, many IoT technologies are lagging behind in terms of their security. The prevalence of security exploits relating to IoT devices has sparked the tongue-in-cheek quip that “The ‘s’ in IoT stands for security”. The increasing prevalence of IoT devices can reasonably be expected to attract the attention of threat actors that are searching for exploitable vulnerabilities.
Common vulnerabilities of IoT devices include:
- Authentication: Hardcoded default passwords and a lack of multi-factor authentication capabilities.
- Patch Management: Many IoT devices and systems suffer from a lack of reliable methods for distributing critical security updates at-scale.
- Physical Security: To reduce the latency of data processing, IoT devices often use “edge computing” where data is processed in close physical proximity to the IoT devices. The devices themselves and the data they generate/process are at risk of breaches facilitated by direct physical access.
As the threat landscape surrounding IoT technologies continues to develop, purchasers must invest in IoT products that are purpose-built with security at the forefront. A combination of genuine demand for enhanced IoT security and developing government regulations will require existing IoT manufacturers to develop their products with security in mind.
#4 - Targeted Attacks Against Cloud Security
Cloud computing is a valuable asset for enhancing the flexibility and scalability of business operations. Thanks to advancements in cloud computing, companies can leverage the computing resources provided by dedicated cloud service companies rather than investing heavily in the deployment and maintenance of their own infrastructure.
The Cloud Vision 2020 Study from Logic Monitor anticipates that in the near future 83% of enterprises will use cloud-based platforms for their operations. The increased prevalence of high-value targets adopting a given technology is certain to attract the attention of bad actors - cloud computing is certainly no exception.
Cloud security vulnerabilities include:
- Third-Parties: Unless a company genuinely invests in deploying its own dedicated cloud infrastructure, the storage and processing of sensitive data will involve the use of a third-party cloud service provider.
- Remote Access: The ability to access data remotely is incredibly beneficial, however, it’s important to recognize that the increased accessibility for authorized users also provides an opportunity for external threats to access resources remotely.
The security market is quickly adapting to increased demands for cloud security solutions by offering advanced methods of authenticating users and monitoring their interactions with the data contained on these platforms. Advanced monitoring and response solutions are a must for detecting suspicious activity and preventing data breaches originating from both insider threats and cybercriminals using stolen credentials.
#5 - Ransomware
Ransomware is a type of malware that maliciously encrypts the data contained in an infected system in an effort to extort the victims of the attack. Once the data is encrypted, the ransomware program demands that the victim of the attack pays a ransom (usually in the form of a cryptocurrency) to the attacker in order to receive the encryption key necessary to regain access to their data.
High-profile ransomware programs include:
- WannaCry: WannaCry infected an estimated 230,000 computers worldwide and caused $4 billion in losses.
- CryptoWall: CryptoWall is notorious for enhancing its disruption capabilities with features for encrypting file names in addition to the files themselves, making the verification of internal file recovery measures increasingly difficult.
- TeslaCrypt: TeslaCrypt went above and beyond the encryption of files by detecting and deleting shadow volume copies of files, making recovery efforts far more difficult for users that did not maintain external backups. TeslaCrypt was also unique in its target selection - early versions of the ransomware targetted PC gamers by specifically disrupting files related to popular computer games.
The high demand for sensitive data has created underground economic opportunities for cybercriminals in the form of Ransomware-as-a-Service (RaaS) platforms. High-profile incidents of government bodies and healthcare organizations falling victim to ransomware attacks can be expected to increase in prevalence as these RaaS platforms have removed the knowledge-based barriers to performing ransomware attacks, allowing anyone with sufficient malicious intent and financial resources to execute their own attacks.
As technology continues to evolve, so will the threat landscape. The prevalence of underground entrepreneurs providing black-market resources for emerging cybercriminals to execute attacks without the need for significant technical knowledge will continue to pose a unique threat. Security professionals and business leaders alike will need to remain vigilant in ensuring that sensitive data is protected with a combination of industry-leading security tools and traditional cybersecurity best practices.