Cyber attackers are increasingly using destructive ransomware, alternative crypto-currencies and deception tactics to successfully hack into enterprises’ data and IT systems, according to a new report from iDefense, part of Accenture Security.
Accenture Security’s The 2017 Cyber Threatscape Report examines key trends during the first half of 2017 and also identifies the top cyber threat for 2017.
According to the study, cyber criminals are increasingly using reverse deception tactics, such as anti-analysis code, steganography, and expendable command-and-control servers, to conceal stolen data. Similarly, while bitcoin continues to be the currency of choice among cybercriminals, they are being forced to either develop and use bitcoin laundering techniques, or adopt alternative cryptocurrencies, to conceal their activities.
Sophisticated phishing campaigns with e-mails mentioning invoices and missed payments are still a popular method, but ransomware is now displacing banking trojans as one of the most prevalent types of malware delivered via phishing techniques.
Distributed denial of service (DDoS)-for-hire services have given way to a thriving DDoS-for-hire botnet ecosystem, which is leading cyber criminals gaining greater access to increasingly potent and affordable tools and services.
“The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by potential state-sponsored actors and cybercriminals,” said Josh Ray, managing director at Accenture Security. “Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months. While the occurrence of new cyberattack methods is not going away, there are immediate actions companies can take to better protect themselves against malicious ransomware and reduce the impact of security breaches.”
To combat cyberattacks, businesses should look to proactively train employees to recognise phishing scams, make it easy for them to report fraudulent e-mails quickly, and keep testing internally to prove the training is working. In addition, companies should ensure they have strong spam filters to scan incoming and outgoing e-mails to detect threats and filter executable files. Plus, they should remove or limit local workstation administration rights and regularly patch operating systems and applications.
To avoid paying a ransom in the event of a breach, the report recommends that all companies develop a strong ‘cyber resilience’ plan for recovery that is regularly reviewed, updated, and tested.