For those of you who thought we were winning the battle against cybercriminals, think again. 2016 saw a huge increase in cyber-attacks, including the biggest attack in history which brought down much of the US internet. The outlook for 2017 looks just as pessimistic – not just because of an increase in attacks but also because cybercriminals are beginning to exploit an even wider range of vulnerabilities.
How will cyber-attacks develop in 2017?
What should concern us most about the predictions for 2017 is not just the increase in the number cyber-attacks but the change in how they are carried out. Here are some examples of how things may develop in 2017.
Bringing down the internet with a kettle
As was widely reported in the news, October saw the world’s biggest DDoS attack on DNS company Dyn, causing some very high-profile companies, including Twitter and PayPal, to go offline. Whilst DDoS attacks are nothing new, what made this attack different was that it was launched using Internet of Things devices: fridges, watches, smart meters, etc.
The ease with which the attack took place was put down to the owners not changing the simple to crack, default passwords. Once in, hackers were able to infect the machines with malware that could launch the DDoS attack.
What’s worrying, is that most IoT products are vulnerable to infections that can be used to launch attacks against businesses. Until cyber security firms can find a way around this, the door is wide-open for criminals.
Cyber criminals to use machine learning
According to the McAfee 2017 Threats Predictions report, cybercriminals are now using machine learning to target victims of the Business Employee Compromise (BEC) scam (where fraudulent emails are used to con employees into transferring company funds into the criminals’ accounts).
BEC scammers use social engineering to defraud their victims, and their ability to pick the right targets and manipulate them is being improved through machine learning. The tools they need to perform the complex analysis are easily attainable as is the publicly available data required to build and train their malicious algorithms.
McAfee expects the ease at which cybercriminals can access machine learning will increase the numbers of social engineering attacks in 2017 and make it more likely that they are successful. It’s also likely that these attacks will be aimed at even more high profile business executives, CEOs finance directors, etc.
Bad ads to deliver malware
Techniques being developed by advertisers to ensure that ads can bypass ad-blocking apps are being used by cybercriminals as a means to distribute malware. Advertisers use hooks to make computers execute arbitrary code, enabling ads to show up without the user’s permission. According to McAfee, by 2017, malware distributors will be using the same techniques to massively increase the numbers of drive-by malware downloads on the devices of unsuspecting users.
Going for hardware
With the security industry focused on protecting software, 2017 will see cybercriminals turn their attention to hardware. Vulnerable hardware can undermine the security of the entire system and, as software security cannot defend it, the only real fix is to replace the hardware itself. This can obviously put some businesses at financial risk.
McAfee predicts that 2017 will see a hardware attacks being used much more by state-sponsored attackers as they have the ability to exploit systems that use legacy firmware as well as firmware on solid-state drives, network cards and Wi-Fi devices.
Ransomware to peak in 2017
Ransomware has increased from just over 2 million attacks in the first quarter of 2014 to almost 9 million in the third quarter of 2016. This rise is set to continue until at least the first half of 2017. One of the reasons for the rise is the various ways criminals can get their hands on the software. You can purchase Ransomware-as-a-Service, buy bespoke ransomware from the dark web, or even create your own from open-source ransomware code.
The focus of ransomware is also expected to shift during 2017 with more attacks expected on phones and other mobile devices. McAfee also expects to see DDoS being used as a method to ransom businesses who use the cloud.
The good news is that it is expected that there will be a concerted effort across all cyber security companies during 2017 to tackle ransomware which McAfee believe will see a levelling off of attacks in the second half of the year. However, this doesn’t mean companies can be complacent.
10 tips to secure your system in 2017
To defend against the increased threat of hacking in 2017, we highly recommend you take the following steps:
1. Update to the latest versions of your software
Vulnerable legacy software is an open window to cybercriminals who have the web monitoring tools at hand to find companies who are using old apps. Updating to the latest version instantly removes these vulnerabilities and stops hackers exploiting them on your system.
If you can, auto-update. It saves time and worry. Managed hosting can also be a great way to ensure this is done for your operating software.
2. Keep up to date with developers’ guidelines
For improved security, you should always follow your software developers’ guidelines for keeping their application safe. To make sure the procedures you put in place are current, ensure you are signed up for their email updates. This will also be helpful if a vulnerability is discovered and you need to take action quickly.
3. Switch to https with site-wide SSL or TLS
Last year we were encouraging people to enable site-wide SSL (Secure Sockets Layer) to securely encrypt links between a server and a client. This was to prevent hackers using ‘man in the middle attacks’ stealing personal data, credit card information and passwords during transmission.
Whilst SSL is still highly secure, there is now a new protocol called Transport Layer Security (TLS) which splits encrypted communication between two servers so, even if it is intercepted and unencrypted, only part of the data will be present.
Both SSL and TLS can be used with HTTPS.
4. Enable intrusion prevention systems
Intrusion prevention systems can be configured to offer robust protection for some of your applications and are included in cPanel and Plesk. The app, Fail2ban, for example, is included in Plesk and has predefined rulesets to defend WordPress.
5. Protect your site using the .htaccess file
If you use Apache, you can protect your site from attack simply by making changes to your .htaccess file. Adding a few lines of instructions can block unauthorised access to the database and admin area whilst preventing directory browsing and the access to files.
6. Ensure you use a vulnerability scanner
One way to make sure your site is consistently protected is to use a vulnerability scanner. Apps such as MTvScan, which we use at eUKhost, scan for software holes, malware and intrusions on your website, ensuring your website is thoroughly defended.
7. Backup your data – regularly
Losing your website and data can put you out of business if you cannot recover quickly enough. The best way to do this is to regularly backup your website and database files. This way, if you are hacked, you can restore your website relatively quickly and inexpensively.
The frequency at which you update your site or database will affect how often you need to back up. If you sell online and constantly take orders, for example, you may need constant backups so you do not lose recent sales.
8. Make sure your application firewall is enabled
To protect yourself against cross-site scripting and SQL injection attacks, you need to have a securely configured application firewall. This will ensure that you have a predefined ruleset that will block malicious HTTP requests which don’t conform to the rules.
At eUKhost, our Linux servers have the mod_security application firewall installed on both Plesk and cPanel, giving clients a number of custom rulesets which can be enabled.
9. Use a high-performance network firewall
A network firewall is another essential element needed to protect your website from sophisticated cyber-attacks. At eUKhost, we use a Next Generation Network Security (NGNS) platform from Fortigate. This enables us to:
- Identify and control network applications
- Protect your site from advanced threats
- Filter unwanted traffic using a web and content policy
- Improve control of wireless networks
- Run Intrusion Protection System (IPS) scans to actively monitor and prevent signature and behaviour threats
- Prevent data loss by monitoring behaviour that could lead to data loss
- Protect against malware in real-time
With its own OS and purpose-built processors, the Fortigate firewall offers the most advanced threat intelligence available to protect your network. It provides end-to-end security throughout the full attack cycle and has been independently validated to provide 99%+ security effectiveness. And for ease of use, it enables all monitoring and management to be undertaken from a single pane of glass interface.
10. Forget passwords – use a credential vault
Despite the sophisticated apps used to defend your system, the Achilles heel for many businesses is weak passwords. Too many businesses do not have strict enough password policies and this leads to staff having weak passwords or failing to keep them secure. This puts you at risk from both internal and external criminals.
The best way to stop this is to give users passwords which they do not know. A credential vault would create highly secure passwords for users and change them frequently. The users would not need to know the password, they’d just need to validate their credentials. Doing this would guarantee that the user can’t lose or give the password away.
2017 is going to see a shift in focus for cybercriminals. As security companies make progress in many areas, hackers will move their efforts to new vulnerabilities, including the Internet of Things, drive-by-malware distribution, DDoS ransoms and social engineering. Of course, many will continue to use existing types of attacks so we should not ignore these, either.
In addition, they’ll probably be a few software companies launching products or updates with giant security holes in them; so, keep an eye out for zero day vulnerabilities too.
eUKhost provides a wide range of effective security measures to protect our clients, including SSL, website backup, SpamExperts email protection, site monitoring and intrusion protection, Mtvscan vulnerability scanning, 24×7 support staff and Fortigate firewalls.
If you are concerned about your organisation’s website security or want to know how eUKhost can protect your organisation, get in touch on 0800 862 0380.