It’s still early enough in the New Year to make predictions about cyber threats and malware attacks in 2017.
First, I think ransomware attacks will likely decline by the end of the year. Ransomware is malicious software that extortionist hackers use to lock a target’s computer with encryption and then demand payment to unlock the computer.
Criminally obtained funds from a single type of ransomware has yielded as much as $325 million, according to McAfee Labs Threats Predictions. This gives cyber extortionists the funds for research and development to overcome anti-ransomware technologies.
McAfee Labs forecasts that the effectiveness of ransomware attacks will be reduced partly due to initiatives like “No More Ransom!” and the development of anti-ransomware technologies.
Ransomware attacks might also decrease due to their widespread use in recent years and the increasing costs to mount them due to law enforcement action. There is also hope that continued law enforcement actions, including arrests and the accompanying loss of hackers’ funds, will make ransomware operations too expensive to continue.
The issue will come down to which side will overcome the other.
‘Drone Jacking’ Places Threats in the Sky
Drones have become the new tool for shippers, law enforcement, news photographers and farmers. And new uses for drones are being developed all the time. Dronejacking too is new and the threats to drones are increasing.
The McAfee Labs report states, “Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home, business, or critical infrastructure facility and attempt to hack into the local wireless network.”
The DEFCON 2015 hacking convention showed the proof of concept that an individual could take control of a toy drone. While a small toy drone is interesting, the software in it is similar to the software in more expensive and larger drones. “Dronejacking” has now entered our vocabulary and threat matrix and should be of concern to all cyber defenders.
With drone shipping, high-value items and medicines could be diverted from their intended address to another landing area. A dronejacker could sit in a pickup truck, direct a targeted drone to land in the pickup bed and steal the drone’s cargo.
Such illegal activities would precipitate a technology race for shippers to put encrypted trackers on drones to thwart hacker attacks. Drone hackers, of course, will try to develop new tools to destroy drone communications and control. In the end, it will be up to industry to build better safeguards into the drone systems and ground stations
Depending on the industry, the development of useful drones will determine when we will see the first spectacular drone hack. The first one will be for underground notoriety but after that, drone jackings will be for criminal profits. Look for drone jacking in the news near the end of 2017 or in first half of 2018.
Another prediction is that if captured drones are destroyed or lost, shippers will soon find drones too expensive to use and end the practice. An end to drone shipping would also eliminate use of the word drone jacking.
Machine Learning Accelerates Social Engineering Attacks
The McAfee Labs report warns “that cybercriminals are leveraging machine learning to target victims. We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017.”
Hackers routinely access corporate networks and collect a great deal of information on their executives and key financial personnel. Machine learning tools to conduct complex analyses are publically available, creating the opportunity for cyberattacks far more sophisticated than simple target selection. Such attacks could include probes into decision makers’ business plans, proprietary information and ancillary activities such as executives’ vacations, travel or ill relatives.
The FBI calls these well-researched cyber attacks Business Email Compromise (BEC) scams. The hackers target personnel with financial responsibility or authority to write checks. For example, by analyzing hacked corporate data, the hackers learn that the CEO is taking a trip out of the country.
The trip includes many hours of air travel, poor communications and time zone changes. That is when the threat actors send an email in the executive’s name to a company financial officer to cut a large check and send it to an account number that belongs to the threat actors.
The McAfee report further states: “Cybercriminals know that sending a well-crafted email to a financially responsible team member, purporting to be from a leader of an organization and indicating urgency, results in a meaningful success rate in completing fraudulent transactions.”
This information is all mined and analyzed with machine learning tools. These tools are much quicker and give the best advantage for threat actors because machine learning keeps improving.
Machine learning use in criminal activity and BEC will increase in 2017. The money made by organizations using machine learning and the ability to crunch large data sets will give actionable intelligence for criminal activity. This will cause an increase of the use of machine learning for crime. In the end, machine learning is cost-effective, with a business case shown by FBI statistics that “more than $3 billion has been stolen, with victims in all 50 states and 100 countries.”
Cyber Espionage Will Continue to Target Intellectual Property and Stat Secrets
“Cyber operations from China are still targeting and exploiting U.S. government, defense industry, academic and private computer networks,” U.S. Cyber Command Admiral Michael S. Rogers said last April during testimony before a Senate committee.
The McAfee Labs report agrees with Adm. Rogers. “Cyber espionage will always be present, either as part of a nation-state’s intelligence operations or run by organized groups that will hunt for proprietary intelligence and offer it for sale.”
The greatest threat will be to U.S. government organizations and defense contractors. Cyber espionage against defense organizations and contractors will continue to be a weak link exploited by adversary nation states. In the past, a spy passing off a duffel bag of classified material to his foreign handler was considered a successful spy operation. Today, with small hard drives or thumb drives, the theft of terabytes of data is not unusual.
In the last three years, there has been an increased focus by the federal government to protect classified information from traitors and cyber theft. With this emphasis, there may be more successful apprehensions like that of former NSA contractor Harold T. Martin, who has been charged with stealing 50 terabytes of classified information over a 20-year period.
Technology created some of the vulnerabilities, and technology is fixing some of the vulnerabilities. The expectation is that the duel between cyber criminals and cyber defenders will be a draw or a tied game at the end of 2017.
Police and Hackers Will Have More Successes in 2017
No one will predict an overwhelming success for either side of the battle. The police have learned and created successful takedowns in 2016 of Botnets, DDoS and ransomware attacks. But until the threat actors evaluate the risk as too high, they will not stop their attacks.
About the Author
James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.
Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job”.