A new report from Accenture has identified the five top global cybersecurity threats. According to the Cyber Threatscape Report 2018 report, there is an increasing likelihood that organisations and critical infrastructure will experience a greater number of more destructive cyberattacks. This includes physical damage committed by highly-funded rogue nation states and cybercriminals looking to disrupt business operations, make money or spy on targets.
The report examines trends in cyber threats observed and analysed during the first half of 2018 and explores how cyber incidents might evolve over the next six months. The report is based on intelligence collection and analysis from Accenture Security’s iDefense threat intelligence operations, including research using primary and secondary open-source materials.
“Our threat intelligence teams have spent the last 20 years keeping close track of threat actors and cyber crooks and the creative ways they might try to break into networks,” said Josh Ray, managing director at Accenture Security. “To protect against these emerging threats and respond if they should fall victim to an attack, organisations must be proactive in thinking about business risk on a day-to-day basis. Learning from previous incidents and understanding what is coming next based on timely and actionable threat intelligence is key to keeping data and systems safe.”
Accenture predicts an escalation of Iran-based cyber threat activity. Analysts have observed the active and expanding PIPEFISH cyber-espionage threat group, who primarily targeting Middle Eastern organisations in the energy sector for surveillance and espionage objectives. Malware from PIPEFISH can execute remote commands and upload and download files from the victim’s system. Analysts have also identified the emergence of Iran-based ransomware, suggesting global organisations will be targeted by using ransomware as well as cryptocurrency miners for financial gain.
Cybercriminal, espionage and hacktivist groups will continue to target supply chains, and the strategic business partners, for monetary, strategic and political gain. Analysts believe that a China-based group of hackers known as PIGFISH is targeting organisations in multiple industries to fulfil collection requirements for various espionage missions and gain access to supply-chain attack capabilities and resources. As cyber adversaries continue to use trusted third parties as vectors of intrusion, attribution and intent will become tougher.
The oil and natural gas industry will continue to be a target. Russian state actors could sponsor disruptive or espionage-related cyber operations, or support hacktivists in the name of protecting the environment to contain new competition to its largest energy market. Rising oil prices could create incentives for threat actors in North Korea to launch ransomware attacks and other financially motivated cyber threat activities, such as cryptojacking, to circumvent sanctions and raise money.
Miner malware has grown this year, and it is likely to continue in 2019. Recent observation of criminal underground activity reveals that there is plenty of advertisements by malware authors and resellers for miner Monero malware. The variety of malware available ranges from generic and cheap entry-level malware to vast botnets of compromised devices infected with custom malware.
Advanced Persistent Threat-style cyberattacks are mainly carried out for espionage reasons. However, financially motivated cybercriminals are expanding their capabilities to include traditional cyber espionage tools, techniques and procedures as well as the use of new malicious tools to attain financial rewards through prolonged, multi-stage cyberattacks. The level of activities from financially motivated targeted attack threat groups like Cobalt Group and FIN7 remain significant but lower in volume in 2018 than in 2017.