Following another year of an upward trend in private sector cyber attacks, industry can expect to see rapidly changing ransomware variants and an emphasis from hackers on software-targeted supply chain attacks, according to a new Symantec [SYMC] report.
The software company released its annual Internet security report Wednesday, and detailed a 200 percent increase in malware attacks in 2017 aimed at disrupting supply chains.
“With each passing year, not only has the sheer volume of threats increased, but the threat landscape has become more diverse, with attackers working harder to discover new avenues of attack and cover their tracks while doing so,” Symantec officials wrote in their report.
While the number of reported major ransomware incidents remained consistent from 2016 to 2017, around 1,250 cases each year, the level of attack variants went up 46 percent.
“On the one hand, ransomware is a cheap and easy form of decoy or disruption. Not a lot of development work is required and, in many cases, variants aren’t written from scratch and instead adapted from preexisting threats,” Symantec said.
These are cases involving cyber actors exploiting legacy operating systems or known software vulnerabilities in industry networks to hold data hostage until a ransom is paid.
Symantec described 2017’s WannaCry and NotPetya global malware attacks as outliers in the larger ransomware trend, but potentially representative of the rapidly changing variants companies may face in 2018.
Boeing [BA] recently discovered the effects of a WannaCry attack on systems connected to commercial airplane production equipment, according to a Wednesday Seattle Times report.
Factors that may reduce ransomware risk in 2018 include more effective email filtering, developing improved intrusion prevention system detection and utilizing machine learning capabilities to identify potential ransomware activity, according to Symantec.
“A stabilizing of ransomware detections on the endpoint may not necessarily be an indication of drops in activity, but could also be indicative of the impact of improved upstream protection,” Symantec wrote.
Industry cyber officials should expect to face large software update supply chain attacks in 2018, according the company’s report.
Significant supply chain-targeted software attacks occured at least once per month in 2017.
“The actual number may even be higher considering some smaller cases may not have been publicly reported,” Symantec officials wrote.
Cyber actors are moving away from zero-day vulnerability exploitations to attacks focused on replacing legitimate software updates with malicious versions that spread throughout supply chain networks
Symantec predicts cyber attacks to the supply chain in 2018 will focus on faster distribution, infiltration of isolated targets, and more sophisticated coding to gain elevated privileges once it gains entry to the network.
“While supply chain attacks are difficult to protect against, there are some steps that can be taken including testing new updates, even seemingly legitimate ones, in small test environments or sandboxes first, in order to detect any suspicious behavior,” wrote Symantec.
Similarly, the company noted a 29 percent increase in newly discovered industrial control-system related vulnerabilities in 2017.
Looking towards the rest of this year, Symantec predicts companies utilizing mid-tier cloud computing providers may see the effect of recently discovered software vulnerabilities Meltdown and Spectre.
“Meltdown and Spectre can affect all kinds of computers, but the most worrying possible impact is in the cloud, because an attack on a single server could lead to the compromise of multiple virtual machines running on that server,” said the report. “Smaller and less-prepared cloud companies, such as smaller hosting providers, may struggle to respond, leaving their customers exposed.”