Each of the last several years has been dubbed the “year of the breach,” or more creatively the “year of the mega-breach.” But instead of continuing this trend and calling 2016 the “year of the uber-mega-breach,” Endgame’s team of engineers, researchers and scientists have pulled together their top predictions for the security industry. We anticipate a threatscape that will continue to grow in complexity and sophistication. And while policymakers are yet to acknowledge that cyber innovations like encryption, Tor, and intrusion software will not simply go away through legislation, global enterprises should recognize that the “year of the breach” is the new normal.
Increased Focus on the Cloud
Mark Dufresne, Director Malware Research and Threat Intelligence
Cyber attackers will increasingly interact with cloud services to acquire sensitive data from targets. Through compromising credentials and socially engineering their way into access, attackers will successfully gain control of sensitive data and services hosted by commercial cloud providers. In addition to data exposure, we may see companies that rely heavily on the cloud significantly impacted by ransom demands for restoration of cloud-hosted assets, potentially with new cases of outright destruction of data or services that are often perceived by users as backed-up and secured by their cloud provider. As part of their continuing effort to evade detection, adversaries will increasingly use these same cloud-based services for command and control as well as exfiltration in order to blend in with the noise in modern Internet-connected environments. Encryption and the heterogeneity of most environments makes drawing a distinction between legitimate and malicious activity very difficult. Attackers will increasingly take advantage of this heterogeneity, leading some organizations to increase investments in securing and controlling their perimeter.
Targeted Malvertising Campaigns
Casey Gately, Cyber Intel/Malware Analyst
State sponsored actors will continue exploiting the social dimension of breaches, focusing on susceptible human vulnerabilities in diverse ways, such as through targeted spear phishing or more widespread malvertising campaigns. Many of these widespread campaigns will become increasingly targeted given the growing sophistication of attacks. Spear-phishing is a very reliable method for a state-sponsored actor to gain a foothold into a given network. In contrast, malvertising is more of a 'spray and pray' approach - where attackers generally hope that some of the millions of attempts will succeed.
Attackers could also take a more targeted malvertising approach by dispersing a series of weaponized ads for a particular item – such as weight training equipment. When someone conducts a search for “barbell sets” those ads would be auto-delivered to the potential victim. If the ads were targeted to fit the output, mission statement or goal of a specific corporation, the chance of victimizing someone from that company would be greater.
Increase in Mobile App Breaches
Adam Harder, Technical Director of Mobile Strategy
The volume of payments and digital transactions via mobile apps will continue to grow as end-users continue to shift from desktops and the web to mobile platforms. Walmart is in the process of standing up a complete end-to-end mobile payment system, and 15% of all Starbucks revenue is processed through its mobile app. Unfortunately, more of these apps will likely fall victim to breaches this year. Consider all the apps installed on your mobile device. How many of these are used to make purchases or view credit/loyalty account balances? Several popular consumer apps - Home Depot, Ebay, Marriott, and Starbucks - have been associated with data breaches in the last 24 months.
Public Perception Shift from Security to Safety
Rich Seymour, Data Scientist
People are slowly coming to realize the lack of implicit security in the systems they trust with their data. Many users operate under the false assumption that security is inherently baked into private services. This isn't a paradigm shift for folks used to untrusted networks (like the manually switched telephone systems of the pre-rotary era), but people who simply assumed their information was stored, retrieved, and archived securely need to recognize that not only must they trust the physical security of a data center, they must also trust the entire connected graph of systems around it.
Based on some leading literature from last year, including the work of Nancy Leveson, expect to see safety become the buzzword of 2016. There also could be big things from the Rust community (including intermezzOS and nom) and QubesOS. As such, “safety” will likely be the new information security buzzword.
Malicious Activity Focused on Exploiting PII & Critical Infrastructure
Doug Weyrauch, Senior CNO Software Engineer
With the rise in frequency and severity of data breaches, including those at OPM and several health care companies, cyber criminals and hacktivists are increasingly using PII and other sensitive data for extortion, public shaming, and to abuse access to victims’ health records and insurance. Unlike credit card information, personal health and background information cannot be canceled or voided. If health records are co-opted and modified by a malicious actor, it is very difficult for a victim correct misinformation. And with the US Presidential election heating up this year, it’s likely one or more candidates will suffer a breach that will negatively impact their campaign.
As more stories surface regarding the cyber risks unique to critical infrastructure, such as in the energy sector, terror groups will increasingly target these systems. In 2016, there will likely be at least one major cyber attack impacting critical infrastructure or public utilities. Hopefully this propels critical infrastructure organizations and governments to actually put money and resources behind overhauling the digital security of the entire industry.