We must ensure we are prepared to face the emerging cyber security threats to businesses; new cyber threats are being discovered every day and the volume of attacks is increasing; in 2017 we saw the number of reported cyber-attacks double compared to the previous year, reaching a staggering 159,000 attacks; factoring in unreported incidents, estimates put it as high as 350,000 in 2017. Therefore, we will all need to be aware of the emerging cyber security threats and that is why we at Ingram are proud to be working closely with the global leaders in cyber security so that our partners can deliver the best in innovating cyber defence to their end-users.
1) Blueborne and the Internet of Things. As the Internet of Things takes root in offices and homes all over the world, so too does this expose us to a new vulnerability. Blueborne specifically targets Bluetooth devices that have internet capability; your phone is an obvious example but the IoT means more and more items are joining the list. Bluetooth devices usually have little or no protection along with high permissions into paired devices, as such a Blueborne attack seeks to exploit this and use the Bluetooth device to gain access to the rest of the network; this kind of attack can give hackers control of your system within seconds.
2) Crime-As-A-Service (CaaS) Criminal organisations are expanding their capabilities and becoming even more sophisticated in their efforts online but they aren’t just limiting their capabilities to their own use. CaaS is growing and anyone with minimal technical capability can access the Dark Net's marketplaces to procure themselves a “hacker for hire”. A Distributed Denial of Service (DDoS) attack can cost as little as $7 per hour and cost businesses upwards of $100,000 an hour in lost revenue. Would-be DDoS attackers can save costs and work thanks to the growing emergence of the IoT; your smart TV at home can easily be used as part of a zombie network and is much easier and cheaper to hijack than a desktop or laptop.
3) Fileless Ransomware 15 years ago saw the emergence of Drive-By Download attacks, where malicious software is downloaded without someone’s knowledge, either by hiding itself amongst another download or by masking the download itself. Now, this technology has evolved into what we are seeing today; Fileless Ransomware injects malicious code into a legitimate system process on a targeted system and then self-destructs itself to evade detection; this means that only the most advanced malware protection is able to combat this threat. A prominent example of this was Sorebrect; which was specifically designed to target enterprise’s servers and endpoints. It initially compromises the administrator credentials by brute forcing and then spreads itself to other devices connected to the network; potentially encrypting every computer on the network.
4) Nation-State Influence Cyber warfare between nation states is being stepped up; The WannaCry attack (more on that later) was tied back to a North Korean state actor and the UK and US released a joint technical alert warning that Russian hackers are targeting millions of devices globally with the goal of spying, stealing information and building networks for potentially devastating future cyber attacks. It is vital that all businesses have the very best in the world of cyber defence to protect against these nation-state actors.
5) Human error Not an emerging threat, but it is a threat that was recently brought back into the spotlight following the WannaCry Ransomware. WannaCry affected over 400,000 machines across 150 different countries; what made it particularly remarkable though was the fact that the exploit that WannaCry targeted had been patched by Microsoft months before, the problem was users hadn’t updated their devices leaving them exposed to the attack. This human error cost the global economy $4billion; Avast’s Software Defender ensures that updates are automatically installed so that incidents like this can be avoided.
As we pursue the infinite possibilities for cloud security, Ingram is seeking to work with the best innovators in Cybersecurity to ensure that our partners can offer the very latest in technology to their end-users. In partnership with Avast Business, we are proud to launch our Cyber Security Healthcheck for Resellers so that you can self-assess your cybersecurity offering to ensure that you are offering the very best to your clients. You can take the Healthcheck below.