Cyber Security Threat Landscape

Introduction

The cybersecurity threat landscape covers emerging and leading cyber threats, as observed in the year 2018. The main dangers of cybersecurity have remained unchanged over the past few years. The year 2018 showed a rise in the data breaches and denial of service attacks compared to the previous year (Turc, 2018). Crypto-jacking also emerged in the same year and proved to be a severe threat to resources used to mine cryptocurrency.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

Analysis of Threat Landscape in 2018

The top threats are malware, web application attacks, web-based attacks, and denial of service attacks. Other forms of threats include spam, data breaches, botnets, information leakage, identity theft, ransomware, insider threats, crypto-jacking, and physical manipulation (Turc, 2018). The global risks in 2018 were mostly the same as those in 2017 with very slight changes in position. The one that was exceptional in terms of being used more was data breaches, which moved up in the list. Crypto-jacking also made its first appearance in the threat landscape. The mostly used vector for malware attack was phishing messages sent through email or direct messages (Turc, 2018). Another threat that has been on the rise in state-sponsored hacking that mainly targets banks and large retailers. The method used has, however, changed from malware deployment to social engineering approaches. The lack of security in the internet of things is first becoming a concern with the cybersecurity threat shifting from ransomware to crypto mining as the primary method of financing. Cybercriminals still used malware in their attacks, unlike state-sponsored attacks that used social engineering. 30% of data breaches used malware in 2018 to carry out their attacks (Turc, 2018). Mobile malware has also grown in the threat landscape. In a web attack, SQL injection is still the most used form of web attack, with a success rate of 51% (Turc, 2018).

What Has Changed Since 2017

2017 was an productive year in terms of cybersecurity threats with news of Russian hackers influencing US federal elections to damaging businesses in the US, amounting to $1.3 million (Turc, 2018). There were also global ransomware threats such as the WannaCry indicating the diversity present in cybersecurity threats. However, 2018 saw things change in terms of cybersecurity and advanced persistent threats. The first thing that changed in 2018 is the intensity of the internet of things (IoT) attacks, which increased compared to 2017, which came with a change in motivation. The changes were due to the increase in the number of connected devices. The increase in the number of IoT devices paralleled with an increase in the number of attacks directed to them (Turc, 2018). The motivation of the attacks came from hackers knowing that the internet of things contains more critical and sensitive data.

Ransomware also increased, reaching a pandemic point in 2018 compared to 2017. In 2018, ransomware developers were better at how they produced and deployed the tool. They offered the means to anyone willing and able to purchase them. A report released by security analyst carbon black indicated that ransomware grew more sophisticated, more targeted, and was more comfortable to use in 2018 than in 2017. New ransomware techniques were also developed in 2018, such as data exfiltration and corruption. State-sponsored security threats also increased in 2018 compared to 2017. There were more hacks against the power grid in the USA, showing the vulnerability of the infrastructure. Another change that occurs in 2018 is the emergence of crypto-jacking. The increase in cryptocurrency prices created an interest in hackers to crypto mining. Crypto-jacking is designed to target devices by running in the background and funnels the mined cryptocurrency to the hacker. Crypto-jacking has been profitable to the hackers in 2018, netting them $2.5 billion in the first half of 2018 (Turc, 2018).

Common Tactics, Techniques, and Procedures to Include Threat Actor Types

The term tactics, techniques, and procedures (TTP) are used to describe and analyze an advanced persistent threat (ATP) or can be used to profile a given threat actor. The term tactic refers to how a hacker decides to carry out their attack. Technique refers to the technological approach used by the adversary to achieve their intermediate results. Procedures apply to the organizational strategy of the attack. By understanding the tactics, techniques, and methods of the attacker, one can develop ways to fight them and help predict an upcoming attack. It also helps to identify the blind spot of the organization and device countermeasures in advance.

Some of the tactics used include gathering information for preliminary compromise, carrying out the settlement, performing a later movement, escalating privileges, and deploying persistent measures (James, 2018). Some ATP does not change their tactics while others modify them depending on the situation to perform a whole or part of the attack. For an attack to be successful, ATP use various techniques during the attack. The techniques are used to simplify the initial compromise, maintain control and command centers, hide data exfiltration, and move within the target's infrastructure (James, 2018). The techniques used in an attack mainly involve tools for gathering information. Some of the tools used include social engineering used with the help of a software tool to breach the first line of defense. Another technique used is the abuse or exploitation of configuration issues in a system that is vulnerable. Encryption and networking is also another technique used to obfuscate data sent to the attacker. These techniques help the attackers cover their tracks. Procedures are a sequence of actions used by APT attackers to execute their attack. It varies depending on the nature of the attack. Examples of procedures used include collecting initial data about a target, identifying the key individuals and enumerating externally exposed systems, gathering contact details, and additional data about vulnerable systems and documenting collected data.

Exploit Vectors, and Vulnerabilities Threat Actors Predicted to Take Advantage Of

The main job of information security professionals is to protect their organization's systems and data. For them to be successful, they need to understand the exploit vectors, and vulnerabilities threat actors take advantage of. Although monetary gains are the driving forces of cybercrime, not all are money motivated. Some are commercial or political to make a name for themselves. Threat actors exploit by analyzing and inspecting the target they are interested in. They do this by employing sniffing, malware, emails, and social engineering. Encoding is also another method used by threat actors to invade a network. They achieve this by encoding and aligning the best tools to exploit the vulnerability. The third way is installation, where they disrupt the security and place malware. After this, they utilize the data and information they obtain for their benefit. The common vectors used are malware that introduces malicious codes into computers, causing damage (James, 2018). They achieve these using worms, viruses, and trojans. Another vector is keyloggers that collects the things typed through the keyboard (James, 2018). Social engineering is another vector used to collect information from a person or organization. It involves phishing where one tricks a person into obtaining confidential information (James, 2018). Spam also gets used where unsolicited messages are sent repetitively. Vulnerabilities refer to the weaknesses in the system and make attacks possible. Some of the vulnerabilities taken advantage of by threat actors include lack of proper building access control, SQL injection, cross-site scripting, failing to encrypt essential data, clear text transmission of sensitive data, and failure to check authorization of confidential information (James, 2018).

Conclusion

Cybersecurity is essential as it helps an organization protect its systems, programs, networks, data, and devices from cyber-attacks. The cybersecurity threat landscape refers to the methods used to analyze the tactics, tools, vectors, and techniques used in cyber-attack. The attacks are continually evolving with the internet of things making it even more possible to have cyber-attacks due to it having a lot of sensitive data. Ransomware and malware are some of the significant vectors used by hackers to obtain data from organizations. State-sponsored cyber attacks are also on the rise as governments seek to obtain financial advantage from banks APT is also on the rise with and can stay undetected for a long time.

References

James, L. (2018). Making cyber-security a strategic business priority. Network Security, 2018(5), 6-8.

Turc, M. (2018). Growing Pains: The 2018 Internet of Things Landscape. Mattturck. Com.