2019 Security Planning Guide Pt 1: Security Attack Trends
IT technology has been driving cyber security attack trends and cyber security defenses since the 80s. The attack surface has widened every time a major new technology has been deployed.
In the 80s, the private internet and PCs were launched providing a small, but new opportunity for hacking and cyber mischief. In the 90s, the real internet was launched along with Microsoft Windows. Email use and the network of PCs grows. The 2000s was the beginning of broad internet usage, social and shopping internet sites and portable phones. This sets the stage for early security attacks.
In the 2010s, everything changes. With the advent of faster internet, office applications move to the cloud along with your data. Cloud data centers take off along and your data moves to the cloud. Smart phones, portable devices, and IOTs proliferate leveraging cloud storage and applications. Now we have a distributed system to attack where more and more activity is done from mobile devices.
Cyber Security Attack Trends
The early attacks in the 80s utilized malware, self replicating worms and hacking mostly for the purpose of disruption. Early attacks were limited because the internet was proprietary (ARPANET) and small and used attacks like the Morris Worm (See Attack Trends Exhibit below)
In the 90s, with the advent of the real internet, email threats began, leveraging malicious links and later malicious document attachments to download malware to PCs. The Melissa and ILOVEYOU Macro viruses are examples of this type of attack and were the most costly to date ($5-8B of damages).
In the 2010s, many new attacks were launched leveraging the broad internet and large corporate networks. Cyber attack crimeware tool kits were available to every wannabe cyber criminal enabling low cost cyber attacks. Examples of the new wave of 2010 attacks include:
- Advanced Persistent Attacks (APTs)– These were complex, multistage attacks that collect social data (social engineering), make initial infections, download more malicious code, move laterally in your network, and ultimately extract data and quietly exit your networks. Operation Aurora is a good example attacking Google and other technology firms stealing source code and other information.
- Ransomware – Ransomware was one of the first equal opportunity attacks, attacking companies of all sizes. Similar to APTs, it is a multistage attack, but ransomware encrypts your data and asks for ransom. Today’s ransoms are about $500 per attack. Though starting in 2014. WannaCry in 2017 was famous for infecting more than 230,000 computers in 150 countries. It was a worm, so it leveraged your own network and the internet to spread widely.
- CEO Fraud – Leverages social engineering sites and spear phishing email attacks to impersonate your key executives to get mostly financial gain. Lack of internal processes in companies allow requests by fraudulent CEOs to be processed with large sums of money sent to overseas bank accounts never to be recovered.
- Supply Chain Attacks – By corrupting software updates of your operating system, operations and application software, malware is automatically updated into your software. Once downloaded, any attack is possible. Any software, in-house or in the cloud can be corrupted without you knowing it. This attack leverages your “trust” of your vendors and typically is automatically updated on your systems..
- Crypto Currency Attacks – With the advent of high speed computers and block chain technology, criminals are cryptojacking your servers and computers to create cyber currency at your expense (literally). Meanwhile, criminals have launched multiple attacks on the crypto currency ecosystem to steal crypto currency. Attacks on users, creators, and exchanges using traditional cyber attack methods gain access to crytpo currency wallets to steal currency without attacking the block chain itself.
- Cloud Application and Data Center Attacks – Faster internet has enabled cloud applications and cloud data centers. Every new application that moves to the cloud means you are trusting another vendor, their software and their security to protect your data. Users can access cloud applications and your data from anywhere as long as they have the users credentials. So how do you know who is accessing your data, what they are doing with it or even which applications they are using? These are the challenges of the cloud enabled world and will lead to a rise in cloud security attacks.