The threat landscape in cyberspace is constantly evolving. High-profile events throughout 2016 showcased new and innovate attacks targeting individuals, nations and critical infrastructure.
Many of the most successful techniques continue to evolve and will be seen again in 2017, likely in new, nastier forms.
Researchers from the SANS Institute are looking ahead to 2017 and, based on trends, offered up the seven most dangerous new attack techniques for the coming year during the 2017 RSA Conference in San Francisco.
Ransomware itself is not new – the first known example, Gpcoder, was discovered in 2005. But as encryption techniques get stronger and more ubiquitous, innovative hackers are deploying ransomware attacks at an exponential rate, encrypting data and devices until the victim agrees to pay.
"There's been an explosion of ransomware, especially crypto ransomware," said Ed Skoudis, who leads SANS's pen testing and hacker exploits immersion training program. "They are so much more powerful now."
Skoudis noted that encryption is a powerful tool for securing data and systems, but hackers have shown that it can be just as effective as a weapon.
"It's an ideal way to attack," he said, as it can be deployed easily, doesn't require the attacker to gain command and control of the systems and forces the victim to make contact to get their systems and data restored.
"We expect many more [ransomware attacks] this year and in the years to come," he added.
Attack of the Internet of Things
After the Mirai botnet brought down a major internet infrastructure provider last year using a network of infected devices, the dangers of large-scale internet of things attacks became a reality.
"The Mirai worm really opened eyes," Skoudis said. Prior to that attack, many saw IoT hacks as a danger only to the devices themselves. After Mirai, IoT is now seen as a complex infrastructure that can be used as a platform for attack or the instrument itself.
Skoudis suggested this danger won't truly be addressed until we start thinking about IoT differently, when we stop calling it IoT and start referring to it as just "the internet."
Ransomware Meets IoT
For Skoudis, the third most dangerous development is the intersection of IoT and ransomware. As the most basic tools and appliances get connected, hackers will target those we need most and would be mostly likely to pay to have back.
Image not having heat in your home or not being able to turn on your car in the morning, Skoudis said. How much would you pay to have those things restored right away?
Industrial Controls Systems and Automation
There has long been talk in the hacker community around breaching energy grids through the industrial controls systems (ICS) that run power plants and manage distribution. However, until the attacks in Ukraine in 2015 and 2016, there had never been any evidence of this happening.
In both those instances, workers were able to restore operations using manual processes, said Michael Assante, director of SANS's ICS training program and technical director for the U.S. team that investigated the Ukraine attacks.
While these attacks were certainly disruptive, the nightmare scenario will occur when hackers gain access to a fully-automated power plant, Assante said, one in which the systems are so intertwined, so interdependent that it might take days or even weeks to remediate.
Random Number Generators
To date, there is no way to mathematically create a truly random set of numbers. But random number generators can get pretty close and the algorithms are used in almost every cybersecurity system in existence. Most of these rely on data inputs that can either simulate random events or categorize actual events to translate into effective encryption.
However, with the rise of IoT, many more small devices are being connected, devices that don't encounter enough real-life randomization to create random numbers, according to Johannes Ullrich, director of the SANS Internet Storm Center.
"At this point, it doesn't matter how good your encryption is; it all comes down to random numbers," he said.
Poor random number generation can cause many security issues, from poor WiFi connection security to compromised Bitcoin wallets, Ullrich noted.
The world is moving to the cloud. And while software-as-a-service is often a good business decision, it creates new security concerns, Ullrich said.
Problems arise when in-house security teams want to validate, inventory or otherwise track web services that aren't always available.
"How do we pen test something that only exists when we need it?" Ullrich asked.
In the past, organizations would download static libraries or set software that can be assessed and cataloged. With everything in the cloud, security becomes just as intangible.
Databases – as the wells that contain the data hackers are often after – are prime targets for intrusion and have been for some time. But new data types like XML and JSON introduce complex objects that can be difficult to authenticate.
"Complex data types like JSON and XML expose new deserialization threats and developers as well as system administrators are generally not yet skilled in securing these databases and in safely passing data to them," according to Ullrich.