The cyberthreat landscape has evolved over time, and 2017 saw an increase in attacks over the 90 million intrusions recorded in 2016. While threats such as ransomware are not new, this year saw a major paradigm shift in which malicious actors aimed to disrupt services as much as they sought monetary gains. Similarly, attacks against critical infrastructure built upon similar incidents from previous years to reach new heights, while incident reporting gaps emerged between businesses located in different geographies.
To wrap up yet another year of headline-grabbing security breaches and disruptive cyber outages, let’s take a look at some of the key trends that emerged in 2017.
The Rise of Ransomware
Some attacks are stealthy, while others are more obvious. Historically, the theft of data benefited from being unobserved. Data was secretly siphoned from computer systems for months or even years while the information was collected and sold to malicious actors.
But the rise of ransomware has thrust cybercrime directly into the spotlight with a more direct approach to causing mayhem. Ransomware announces itself to victims with simple on-screen text explaining that their data has been encrypted but remains intact. A ransom is demanded in exchange for an encryption key to unlock the data. Consumers are generally offered a relatively affordable ransom amount with the thought they will simply comply with the demand and be able to recover their files quickly.
Ransomware attacks such as WannaCry took a different approach, going after public institutions on a global scale. The most widely affected entities were health care facilities in Europe, which were shut down for days. WannaCry demanded only $300, but the online wallet set up to receive payment proved to be unreachable, putting the intent in question: The attack seems to have been motivated by a desire to disrupt operations rather than to collect money. Even though the WannaCry attackers failed to monetize their exploit, estimated losses totaled more than $1 billion due to downtime.
The Shocking Vulnerability of Electrical Grids
As the focus of cyberattacks expands beyond financial gains, industrial control systems are being disrupted. In two separate attacks, the first in late 2015 and the second in late 2016, threat actors compromised the electrical grid in Kiev, Ukraine, shutting down power in the region and putting energy providers that deploy smart grid technologies on high alert.
Dozens of U.S. power companies were compromised in 2017, with some attacks causing shutdowns and disruption of distribution. Attackers took over systems that controlled valves, pipes and conveyor belts in what may have been experimental activities or mere displays of what they could accomplish with a full-scale attack.
Breaches Beyond Borders
Given the growing volume of sensitive data exposed in cyberbreaches perpetrated against U.S. companies, it’s easy to assume that these organizations are the main targets of attacks from around the globe. But organizations everywhere are affected, in some cases more than their U.S. counterparts.
A survey by the Pew Research Center looked at 38 countries and found that South Korea is most concerned about cyberattacks originating from other countries, followed by Japan and then the U.S. Clearly, there are plenty of potential sources of cybercrime to protect against, and threat actors’ chosen targets may depend on location as much as the value of data.
Reporting Delays and Dwell Time
Quickly announcing a breach may seem like an obvious responsibility when public data is exposed and critical infrastructure is threatened, but the truth is that various factors often lead to delays in the release of this information.
One report noted that “companies in the European Union take three times longer than the global average to detect a cyber intrusion.” The firm calculated the region’s dwell time, defined as “the time between compromise and detection,” as 469 days, compared to a global average of 146 days. The reasons for this gap range from simply not detecting data theft incidents to outright coverups.
New Year, New Cyberthreat Landscape
It is crucial for business leaders around the globe and across all industry sectors to understand that threats are real and far-reaching. Security professionals should be aware of threats around the world and monitor developing situations to proactively guard their organizations from the next big, headline-grabbing security breach.