The Changing Cyber Threat Landscape
Over the course of 2017, the number of global cyber attacks continued growing at a rapid pace which also resulted in the reshaping of the cybersecurity arena. With the adoption of various technology, traditional threats such as generic Trojans, ransomware, and spambots received facelifts with military-grade coding and tactics. Threats including GoldenEye and WannaCry gave numerous organizations tears and forced many to down their shutters.
The effectiveness of these kinds of sophisticated threats can be analyzed by using lateral movement vectors that augment zero-day exploits such as EternalBlue and EternalRomance, allowing malware to ‘hop’ from one network to another across the globe. These targeted attacks are reshaping corporate and government digital security initiatives, while simultaneously causing fallout in the consumer space.
The past year witnessed the rapid rise of commoditization of cybercrime, with Ransomware-as-a-Service and Malware-as-a-Service becoming easily and widely available on the dark web. Furthermore, the year also witnessed the growth of advanced services, like FUD (fully undetected), which enable attackers to upload malware to an analysis service for a fee. The past year also witnessed a new generation of IoT-based attacks known as Reaper. Analysis revealed that the attack codes were armed with exploits spanning a variety of IoT vendors, including Linksys, NetGear, GoAhead, and Avtech. The growth of cyber attacks is simply an example of the sorts of the ongoing development of security exploits.