From the hacking of the Democratic National Committee (DNC) to major data breaches at the FBI and the theft of NSA cyber weapons, 2016 was an alarming year for cybersecurity.
Now get ready for more of the same in 2017. Cybersecurity experts from government, industry and academia all see more trouble ahead.
1 Foreign Government Hacks
Future historians may look back at 2016 as the year cyber came out of the shadows. The CIA concluded in early December that Russia meddled in U.S. presidential politics through sophisticated spear-phishing attacks on the Democratic National Committee’s email system and then leaking the results to the media. The FBI agreed, and President Obama expelled Russian intelligence agents and imposed other sanctions against Russia on December 29.
“We’ve seen an increase in overt Russian aggression in 2016 and we expect that to continue in 2017,” wrote cybersecurity experts at the security firm FireEye, Inc., in its annual report on future cyber threats, Questions and Answers: the 2017 Security Landscape. “The attacks on the Democratic National Committee and other election-related organizations are clear examples of Russian aggression.”
Don’t bet on Russia stopping now that the election is over. “Russia has a well-funded cyber capability and excellent operational security to hide the source of their attacks,” FireEye says. Russia used tactics it had tried and proven against Ukraine, the Baltic states and others in Europe. Such cyber activities are inexpensive, effective and provide plausible deniability, even as they enable Russia to wield influence in the domestic affairs of rivals.
FireEye warns that Iran, North Korea and “dozens of government intelligence and military agencies worldwide” are arming with offensive cyber capabilities, encouraged by Russia’s success.
“We expect more of these nation-states to sponsor cyber operations that target regional rivals, terrorists living abroad, regime critics, major corporations, and Western governments,” the company says.
China appears to be the one bright spot in the international cyber scene. Since signing a 2015 agreement between President Obama and Chinese President Xi Jinping, (prompted by China’s hacking OPM’s database of 4 million security clearance records) “We have observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S.,” FireEye experts report.
Under the agreement, the United States and China promised timely responses to requests for information and assistance concerning malicious cyber activities and to cooperate on investigations of cybercrimes and efforts to mitigate malicious cyber activity emanating from their territory; they also agreed not to conduct or knowingly support cyber-enabled theft of intellectual property, such as trade secrets or confidential business information,
2 Botnets attacks and attacking the Internet of Things
The Internet of Things (IoT) poses great promise for improved citizen services, but also risks that state and local governments are only beginning to understand.
Spending on the IoT is projected to more than double in 2017, reaching about $2 billion, according to MachNation, a Nevada-based consulting firm and governments intent on developing smart cities will be among those investing, MachNation analysts say.
Technology forecasters at Georgia Tech project even greater growth, as well as risk, in 2017 Emerging Cyber Threats, Trends & Technologies. “Devices and technologies used to manage smart cities will become much more commonplace, with the global smart city technology market estimated to be worth $27.5 billion annually by 2023.”
Alain Louchez, managing director of Georgia Tech’s Center for the Development and Application of Internet-of-Things Technologies, says rapid growth also means rapid risk. “As we become more interconnected and the Internet becomes more pervasive, you increase the risk for hacking or ill will or malevolent attack,” he explains. “You expose yourself to the possibility of a cascade of catastrophic failure.”
Threats range from local mischief-makers to nation-states launching destabilizing attacks, according to FireEye. “In 2017, we expect more nation-states to target both critical infrastructure such as power plants and consumer devices, such as home appliances – to coerce other nations by disrupting government functions, instilling fear and holding physical systems hostage not for ransom, but as political bargaining chips.”
Security firm McAffee sounds a similar alarm: “With billions of IoT devices coming online during the next several years, the threat of cyber attacks is very real,” the company says. “IoT adoption will greatly increase the attack surface. Weak security and rookie mistakes by IoT device manufacturers will compound that problem.”
IoT devices, from security cameras to smart appliances and wireless routers, function much like basic computers, but many lack firewall protections and are too basic to run anti-virus and anti-malware software. Those that feature password protection are often unprotected because installers fail to change default passwords. That makes them easy targets to be co-opted and turned into “botnets” – digital robots that can are used to launch attacks.
Distributed denial of service (DDOS) attacks on internet infrastructure in late 2016 included several that utilized malware called Marai and another utilizing something called Leet. The two operate differently but each was able to use thousands of devices to generate similar effects: bombarding targeted servers with junk internet traffic at rates exceeding 650 gigabits/second.
McAffee says the successful attacks by networks of bots on U.S. digital infrastructure in 2016 heightened awareness. But it may take years for technology vendors to incorporate comprehensive security fixes. Some under development include “new encryption options, security and privacy embedded in silicon, device control systems to automatically manage and secure IoT devices, and behavioral monitoring of IoT devices.”
3 Intelligence Sharing of Cyber Vulnerabilities
Sharing information about cyber vulnerabilities and cyber attacks as soon as they’re discovered is a proven method for blocking future attacks. But potential legal liabilities and embarrassment over having been hacked has made agencies and companies hesitate to admit to cyber deficiencies. That might be about to change.
McAffee security experts predict that “2017 will be the year in which threat intelligence sharing makes its most significant strides.”
“Sharing threat intelligence shifts the balance of power away from the adversaries and back to us, the defenders,” writes MacAfee’s Jeannette Jarvis.
The Cybersecurity Information Sharing Act Congress, passed in late 2015, paves the way for easing concerns about sharing threat information, she says. The act “provides legal foundations for sharing threat intelligence between the U.S. government and the private sector,” and between private sector entities. It also provides liability protection to the entities that share, Jarvis says.
So worries about unintentionally releasing private individuals’ information, losing competitive advantage and alerting the public that it has indeed been attacked, should abate.
“We should see much more threat intelligence sharing in 2017,” Jarvis predicts.
Or maybe not. Jimmy Lummis, associate director at Georgia Tech Cyber Security, says actual sharing remains weak, “especially between the government and private sectors.”
A number of “hurdles bar the way,” among them the “large number of false positives” that make security professionals’ jobs harder. He’s also less sanguine about liability concerns: In 2017, “information sharing will continue to be a major issue for both companies and governments,” Georgia Tech forecasters predict.
4 Information Manipulation
Stealing data – whether Social Security or credit card numbers, or the secrets of stealth jet fighters – has been a staple of cybercrime. But cybersecurity experts increasingly worry not just about stolen data, but also about altered data.
“The integrity of information will be one of the biggest challenges global consumers, businesses and governments face in 2017,” says John Worrall of the security firm CyberArk. Suddenly, “information from previously venerated sources is no longer trusted.”
When the Office of Personnel Management was hacked in 2015, exposing millions of records related to security clearances, one of the principal concerns wasn’t just what was exposed, but the chances that investigation records might have been altered, or that fake records may have been introduced. Similarly, penetrating a bank’s computer systems might enable cyber criminals to alter transaction records, creating accounts or transferring large sums of money without detection. Even trusted audio files may no longer reflect reality.
“This will move to the next stage where information can no longer be trusted at all,” Worrall writes in an assessment of what’s ahead in 2017.
U.S. intelligence officials also warn that information manipulation attacks are coming. James Clapper, director of national intelligence, warned as early as 2015 that “the next type of attack will involve deletion or manipulation of data as opposed to perhaps stealing it or denying service.”
Changing information in military databases, for example, could convince troop commanders to attack the wrong target – or not to attack at all. Altered data in control systems could shut down critical infrastructure. Agents with security clearances may suddenly seem to have suspicious relatives, nefarious acquaintances or shady activities. And new fictitious agents could be created out of thin air.
Mike East, vice president at cyber-defense firm CrowdStrike, Inc., predicts that “in 2017, the manipulation of data to remove its integrity will be significant enough to send companies under.”
The fundamental focus of such attacks may not be to steal money or infiltrate government systems, but rather to undermine trust. That’s the same effect generated by fake news and efforts to influence the U.S. election. Undermining trust creates instability, and that in itself can be an aim of foreign powers.
“Attackers aren’t just accessing information; they’re controlling the means to change information where it resides and manipulating it to help accomplish their goals,” writes John Worrall of CyberArk, on CSO. “It will be easier than ever to piece together real information stolen in a breach with fabricated information to create an imbalance that will make it increasingly difficult for people to determine what’s real and what’s not.”
In Europe, the German and Estonian governments accuse APT 28, one of the two Russian hacking groups identified by U.S. intelligence as behind the DNC attack, with meddling in their internal politics using the same kind of spear phishing techniques.
More to Come
While IT trends come and go, cyber however, is forever. The internet infrastructure will continue to evolve, but hackers and security experts are locked in a game of hide-and-seek, in which the growing volume of connected systems and communications traffic makes finding attackers ever more difficult.
Security is often reactive, a step behind the threats. Writes FireEye: “One sobering thought is that the threat activity we expect to hear about in 2017 may be taking place right now, with adversaries already inside many of the systems and networks.”
Cyber threats aren’t usually identified right away, but rather operate under the radar for months or even years undetected, much like moles in old-fashioned Cold War spy novels.
“Most of the events that will make headlines in 2017 – and the many that won’t – are already underway,” FireEye says.