Content, Content

Optiv: Nation State Attackers Moving From Stealing Data to Social Media Meddling

Credit: Pixabay

Expect the allure of big money scores to spike the use of cryptomining malware and cryptocurrencies by cyber gangsters in 2018, said Optiv, a Top 100 MSSP, in its new cyber intelligence report.

That’s one of six predictions for 2018 found in Optiv’s annual Cyber Threat Intelligence Estimate (CTIE) report, culled from some 7,000 cyber-security trouble tickets the MSSP manages each year for its clients. The report, which covers threats to specific types of organizations by vertical or industry, threats that focus on a specific technology vulnerabilities, and threats by a specific actor or actors, is intended to provide Optiv’s clients with a tool to adapt their strategic plans to defend against cyber attacks.

There's one finding among many that's perhaps more disquieting than the others: New cyber nation state attackers are forming. More on that in a minute...

The five additional predictions:

  1. An increase in IoT botnet exploits until IoT technology becomes more secure.
  2. Continued threats from bundled, cost-efficient exploitation packages.
  3. Continued attempts from nation-state actors to execute cyber-social attacks, including activity revolving around the 2018 US midterm elections.
  4. Progressing DDoS attacks will continue to be a problem for organizations of all sizes due to the willingness to pay ransom and the thousands of IoT devices connected to the internet each day that have weak security protections. In 2017, China, the U.S. and South Korea experienced a sharp increase in attacks.
  5. End users continue to be the best line of defense. Training and knowledge sharing is key.

The report also produced findings on new bad actors, cyber-social hacks, critical infrastructure, healthcare IoT, phishing and brand risk:

New bad actors. Nation states such as Lebanon and the Netherlands are rising in the ranks of nation-sponsored attackers. Lebanon spied on thousands of people across 20 countries via an Android malware campaign, and the Netherlands infiltrated Russia’s Cozy Bear liar and uncovered the hack of the Democratic National Committee during the 2016 U.S. presidential election.

Cyber-social. Nation state-sponsored attacks are expanding from “cyber-physical,” where the objective is to compromise data or critical infrastructure, to “cyber-social,” where the goal is to use social media to influence the opinions and actions of large populations of people. Russian cyber-social attacks on European and American elections set the template for nation states and hacktivists.

Critical infrastructure. The utilities and energy industries experienced high indicators of attack activity without any high-profile breaches. This suggests that attackers have access to critical infrastructure but are waiting to exploit this access.

Healthcare IoT. The healthcare IoT is particularly problematic due to the increasing numbers of networked medical devices and the potential damage that could occur should those devices become compromised.

Phishing. Email phishing remains the top malware delivery mechanism. While modern email security solutions can detect and stop emails with malicious attachments, they are still largely ineffective in detecting hyperlinks to malicious websites.

Brand risk. Brand security threats were the second most common source of alerts for Optiv during the year – behind phishing attacks, but ahead of typical security concerns such as data leakage and web vulnerabilities. These alerts were generated in response to the presence of “phony, misleading or malicious sites,” raising the importance of brand risk in the hierarchy of enterprise security concerns.

Optiv also correlated some threat actors, or types of cyber attacks to certain vertical markets. For example, the MSSP said, nation-state actors tend to zero in on government agencies or utilities and energy targets. Bad actors look to steal credit card numbers from financial services & insurance companies or install malware on the critical systems used by healthcare companies.

“Knowing something about the client’s industry helps focus requirements and targeting that result in better intelligence products,” Optiv said in the report.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.