Organizations and critical infrastructure will likely experience a greater number of – and more destructive – cyber attacks, including physical damage perpetrated by highly funded rogue nation states and cyber criminals looking to disrupt business operations, make money or spy on targets, according to a new report from Accenture.
Specifically, the report predicts an escalation of Iran-based cyber-threat activity; a broadening attack of global supply chains; increased targeting of critical infrastructure; as well as new and growing avenues of financially motivated cybercrime.
The Cyber Threatscape Report 2018 examines trends in cyber threats observed and analyzed during the first half of the year and explores how cyber incidents might evolve over the next six months. The report is based on intelligence collection and analysis from Accenture Security’s iDefense threat intelligence operations, including research using primary and secondary open-source materials. It notes the increased prevalence of destructive attacks; the aggressive use of information operations by nation-states; the growth in the numbers and diversity of threat actors; as well as the greater availability of exploits, tools, encryption and anonymous payment systems available to malicious actors.
“Our threat intelligence teams have spent the last 20 years keeping close track of threat actors and cyber crooks and the creative ways they might try to break into networks,” said Josh Ray, managing director at Accenture Security. “To protect against these emerging threats and respond if they should fall victim to an attack, organizations must be proactive in thinking about business risk on a day-to-day basis. Learning from previous incidents and understanding what is coming next based on timely and actionable threat intelligence is key to keeping data and systems safe.”
The report outlines five key threats:
1. The Iranian cyber threat is real
Although Iran is generally perceived as an emerging cyber power, new evidence shows Iran-based threat actors and state-sponsored groups are expanding their malicious activities and capabilities. Accenture’s threat intelligence analysts have observed that the PIPEFISH cyber-espionage threat group continues to be highly active and is advancing its toolset. This threat group has been primarily targeting Middle Eastern organizations in the energy sector across countries such as Saudi Arabia, Qatar and United Arab Emirates for surveillance and espionage objectives. Newly uncovered malware from PIPEFISH has the ability to execute remote commands and to upload and download files from the victim’s system. Additionally, analysis has identified the emergence of Iran-based ransomware, indicating that Iranian cybercrime actors are likely to target global organizations by using ransomware as well as cryptocurrency miners for financial gain.
2. Nation-states look to exploit third- and fourth-party environments
Cybercriminal, espionage and hacktivist groups will continue to target supply chains, and the strategic business partners that contribute to them, for monetary, strategic and political gain. For instance, Accenture’s threat intelligence analysts believe that a China-based group of hackers known as PIGFISH is targeting organizations in multiple industries to fulfil collection requirements for various espionage missions and simultaneously gain access to additional supply-chain attack capabilities and resources. As cyber adversaries continue to use trusted third parties as vectors of intrusion, attribution and intent will become more challenging.
3. Critical infrastructure is a tempting high-value target for threat actors
The oil and natural gas industry will continue to be an attractive target for threat actors for the remainder of 2018. On the international front, Russian state actors could sponsor disruptive or espionage-related cyber operations or support hacktivists in the name of protecting the environment to contain new competition to its largest energy market. Another key factor is rising oil prices, which could create incentives for threat actors in North Korea to launch ransomware attacks and other financially motivated cyber threat activities, such as cryptojacking, in order to circumvent sanctions and raise money.
4. Radical shift in alternative cryptocurrency mining malware
The use of miner malware has been one of the largest growth areas in cybercrime this year, and its growth will likely continue into 2019. Recent observation of criminal underground activity has revealed a plethora of advertisements by malware authors and resellers for Monero miner malware. The variety of malware available ranges from generic and cheap entry-level malware to vast botnets of compromised devices infected with custom malware.
5. Advanced persistent threat (APT) operations becoming more financially motivated
While many APT-style cyberattacks are carried out for the purpose of espionage, financially motivated cybercriminals have been stepping up their game since as early as 2013. These prolonged, multi-stage cyberattacks are increasingly being carried out by cyber criminals who are expanding their capabilities to include traditional cyber espionage tools, techniques and procedures as well as the use of new malicious tools to attain financial rewards. The level of activities from financially motivated targeted attack threat groups like Cobalt Group and FIN7 will remain significant but lower in volume in 2018 than in 2017.