Darktrace tech director’s five predictions for cyber security in 2017


Dave Palmer, director of technology at cyber security company Darktrace, outlines his predictions for the year ahead… 

More than $80 million stolen from a Bangladesh Bank; five hundred million Yahoo! accounts swiped; nineteen thousand emails from Democratic party officials leaked in the run-up to the election; and a denial of service attack that brought down much of the Internet… 2016 has been a momentous year for many reasons – and particularly for cyber-attacks.

But this year’s cyber-attack headlines in reality offer just a glimpse of a cyber war that is waged on a grand scale every day, between hackers and security personnel. 2016 proved more than ever that if someone wants to get into your network badly enough, they will.

Here are my cyber security predictions for 2017.

Darktrace tech director’s five predictions for cyber security in 2017 Click To Tweet

Attackers will not just steal data – they will change it 

Today’s most savvy attackers are moving away from pure data theft or website hacking, to attacks that have a more subtle target – data integrity. Attackers will use their ability to hack information systems not just to make a quick buck, but to cause long-term, reputational damage to individuals or groups, by eroding trust in the data itself.

The scenario is particularly worrying for industries that rely heavily on public confidence. A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organisations at particular risk. Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises.

These “trust attacks” can also be expected to disrupt the financial markets. An example of this is falsifying market information to cause ill-informed investments. We have glimpsed the potential of disrupted M&A activity through cyber-attacks already – is it a coincidence that the disclosure of the Yahoo! hack happened while Verizon was in the process of acquiring the company?

And these attacks even have the power to sway public opinion. Hillary Clinton’s election campaign suffered a blow when tens of thousands of emails from her campaign were leaked, with fingers pointing to the Kremlin. An even graver risk would be that a nation state or other sophisticated group could not just leak emails, but manipulate them to create a false impression that a candidate has done something illegal or dishonourable.

While the result of this year’s US presidential election may seem stranger than fiction, tomorrow’s cyber-attacks will make it harder than ever to separate the real from the false.

More attacks and latent threats will come from insiders

Insiders are often the source of the most dangerous attacks. They are harder to detect, because they use legitimate user credentials. They can do maximum damage, because they have knowledge of, and privileged access to, information required for their jobs, and can hop between network segments. If you are a disgruntled employee looking to do damage, your best chances are through a cyber-attack.

But insider threats are not just members of staff with a chip on their shoulder. Non-malicious insiders are just as much of a vulnerability as deliberate saboteurs. How many times have you clicked on a link without checking the actual email address? Or contravened security policy in order to get your job done quicker, such as using Dropbox when your company has forbidden it? In 2017, we can no longer reasonably expect 100% of our employees and network users to be impervious to cyber-threats which are getting more and more advanced – they won’t make the right decision, every time.

Organisations need to combat this insider threat by gaining visibility into their internal systems, rather than trying to reinforce their network perimeter. We don’t expect our skin to protect us from viruses – so we shouldn’t expect our firewall to stop advanced cyber-threats which, in many cases, originate from the inside in the first place.

Just in the past year, immune system defence techniques have caught a plethora of insider threats including: an employee deliberately exfiltrating a customer database, a week before handing in his notice; a games developer sending source code to his home email address so that he could work remotely over the weekend; a system administrator uploading network information to their home broadband router – the list goes on.

In 2017, we are going to see more insider threats. And yet at the same time, due to the increasing sophistication of external hackers, we are also going to have a harder time distinguishing between insiders and external attackers who have hijacked legitimate user credentials.

The Internet of Things will become the ‘internet of vulnerabilities’ 

According to Gartner, 13.5 billion connected things will be in use in 2020, with more than half of major new business processes incorporating some element of IoT. And yet these smart devices are woefully insecure in many cases – and offer a golden opportunity for hackers.

2016 has seen some of the most innovative corporate hacks involving connected things. In the breach of DNS service Dyn in October, malware spread rapidly across an unprecedented number of devices including webcams and digital video recorders. But many hacks of IoT this year have gone unreported – they include printers, air conditioning units, video conferencing cameras, and even a coffee machine.

Many of these attacks used IoT devices as stepping stones, from which to jump to more interesting areas of the network. However, sometimes the target is the device itself. This year, one of the most shocking threats that we saw was when the fingerprint scanner that controlled the entrance to a major manufacturing plant was compromised – attackers were caught in the process of changing biometric data with their own fingerprints, in order to gain physical access.

In another attack, the videoconferencing unit at a sports company was hacked, and audio files were being transferred back to an unknown server in another continent. Want to be a fly on the wall in a FTSE100 company’s boardroom? Try hacking the video camera.

Consumer devices will be held to cyber ransom

Ransomware, like Cryptolocker, has plagued companies around the world – experts reckon that these attacks have increased fivefold in 2016 alone. They encrypt critical files at a speed that is virtually impossible to keep up with, and leave companies facing hefty fees for their release.

Hospitals have suffered particularly at the hands of ransomware attacks. They are prime targets, as they have become digital jungles, full of everything from life-saving medical equipment and critical patient records, through to patient devices and staff computers – and yet their cyber defences have been slow to catch up. This year saw the Hollywood Presbyterian Medical Center in Los Angeles pay the equivalent of $17,000 in Bitcoin to extortionists, after their computers were taken offline for over a week.

In 2017 and beyond, we will start to see the beginning of a new type of extortion on a micro level, as consumers are targeted across a range of connected objects. Imagine getting home and turning on your smart TV, only to find that cybercriminals are running a ransomware attack on your device. Would you pay £50 to unlock it? Or what if the new GPS system in your car got hacked when you were late for a meeting – how much would you pay to unlock it?

Artificial intelligence will go dark

Artificial intelligence is exciting for many reasons – self-driving cars, virtual assistants, better weather forecasting, the list goes on. But artificial intelligence will also be used by attackers to wield highly sophisticated and persistent attacks – attacks that blend into the noise of busy networks.

We have already seen the first glimpses of these types of attack. Polymorphic malware, which changes its attributes mid-attack to evade detection, has reinforced the obsoleteness of signature-based detection methods. And a next generation of attacks are now emerging that use AI-powered, customized code to emulate the behaviours of specific users so accurately as to fool even skilled security personnel.

In 2017, we can expect AI to be applied to all stages of a cyber-attacker’s mission. This includes the ability to craft sophisticated and bespoke phishing campaigns that will successfully dupe even the most threat-conscious employee.

Next year’s attacker can see more than your social media profile – they know that your 10am meeting with your supplier is being held at their new headquarters. At 9.15am, an email with the subject line ‘Directions to our office’ arrives in your inbox, apparently from the person that you are meeting, as you get off the train – do you click the map link in the email?