SANS took the main stage at RSA Wednesday morning to talk about the seven most dangerous cyberattacks and what they expect to see in the coming years. The panel, moderated by Alan Paller, consisted of SANS researchers Ed Skoudis, Johannes Ullrich and Michael Assante.
The four issues that stood out:
1. The rise of ransomware and crypto-ransomware
Cryptography, Skoudis explained, was invented to help secure information. But now that same technology is being used by ransomware to hijack data for nefarious purposes. And, even scarier, these criminals actually get companies and organizations to pay them for the privilege of getting their data back. We’ve seen this type of attack carried out against hospitals, scarier still, because lives hang in the balance.
How to prevent: Skoudis recommended practicing the foundations of good network security. Contain networks so that if one area is compromised, the rest are not vulnerable. Limit permissions, so that information doesn’t flow more freely than necessary. And, of course, prepare for the possibility of being hit – for instance, who will decide if or what you will pay the ransomer?
As most ransomware comes in through phishing attempts, I would add that educating employees on phishing is a good way to prevent ransomware infections.
What to do if you are a victim: Skoudis wasn’t too optimistic on this one. Basically, your options are to pay and get your data back, or not pay and lose the data. For many companies, the second option isn’t really an option at all. So, he suggests remembering you are in a negotiation. These criminals would rather have something than nothing. Make your company sound “small and poor” and then negotiate for the smallest payment possible.
2. IoT attacks
For a long time, we all recognized that our IoT devices are vulnerable, but we weren’t concerned. Why, we asked, would someone want to hack my thermostat? For what gain? Well, it turns out our IoT devices aren’t just insecure, they are also a complex infrastructure of Internet-enabled devices that can be used to spread DDoS attacks. Eventually everything will be online, and we need to make these devices more secure, or we are only making our world more vulnerable.
How to prevent: The best thing we can do is to change our default passwords and shut off remote access to these devices if it isn’t needed. Skoudis also recommended putting them on a separate network from the rest of your home or company. And finally, we need to push to make it possible/easier to patch devices when security defects are found.
What to do if you are a victim: Again, there wasn’t much optimism here. The answer is shut it off and reconfigure.
3. Attacks on industrial control systems
This has long been a subject of FUD in the security community, but we are seeing SCADA/ICS attacks take place in the wild today. The attacks on Ukraine over the past few years demonstrate the ease at which cyber-terrorists can take down the power grid.
4. Insecure libraries (components)
We’ve talked a lot about how the proliferation of vulnerable components is spreading risk at an alarming rate. So I was glad to see that this was added to the list.
Stay tuned for more from RSA …