<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

The Cyber Threat Landscape: 4 Attack Vectors to Prepare for This Year

Posted by Christopher Parisi on Apr 10, 2017 10:00:00 AM

2017_ThinkstockPhotos-615238450.jpg

Last year we saw an unprecedented increase in attacks by nation states, hacker groups, and rogue players. This year the threats can only be described as more and more complex with every passing month and they’re knocking on your network door. Here are the top 4 threats you need to do to prepare for:

Threat #1: Ransomware

In 2017, ransomware will remain the top threat of networks in both private and government enterprises. Attacks are increasing and have affected one in five businesses in the U.S. in 2016.

The risk is especially acute for small businesses. The chance of businesses closing due to a ransomware attack where data cannot be retrieved is over 60 percent.

Ransomware’s family introduced two new members this year.

  • Doxware: This variant not only encrypts data but holds it hostage. If the ransom is not paid you could find your confidential data on public display for the entire world to see.
  • Popcorn Time: If the option of a payment is not possible, you can send the malicious code to two of your friends as payment to get your data back.

Here’s how to protect your clients from this threat: Use an endpoint protection solution that includes a sandboxing program that scans documents and other attachments for malicious code before allowing the user to open them. Employee training is also effective in curbing malware. Look for a vendor that does social engineering awareness training.

Threat #2: Distributed Denial of Service Attack

Distributed Denial of Service Attacks (DDoS) increased 125 percent in 2016. The largest attack to date involved an attack on a French cable and internet provider in Q4 of 2016. The attack occurred at a rate of 1.2 terabytes downloaded per second. If you compare the cable providers attack against an attack on Krebs Security several weeks before, it was an increase of 50 percent.

DDoS bot armies can be rented for as little as $38 dollars per hour and cause $40,000 or more per hour in business disruption.

Protect yourself and your clients by using DDoS appliances that detect and defend against network flood and application layer attacks. Appliances like these use real-time analysis and behavioral analytics to defend against this threat.

Threat #3: Malware

Cyber threat reports in Q3 of 2016 show that 18 million new malware samples were captured.

In 2017, malware will evolve with the current geo-political environment into an unprecedented complex cyber threat landscape as nation states and hacker groups combine to carry on activities. The monetary resources of nation states and the technical skills of hacker groups are creating new and dangerous alliances to carry out attacks on government, corporate, and political targets.

Malware easily avoids detection by mutation variants that don’t match existing signature files rendering antivirus software ineffective. Now these “zero day” attacks happen daily and have evolved to “zero hour” attacks.

One way to protect your customers is to use behavioral analysis-based appliances and web services that use sandboxing and processor-level activity detection to pick up where the latest signature file-based antivirus products fall short.

Threat #4: Phishing

Phishing technique variants include spear phishing, clone phishing, and whaling depending on the selected target.

These techniques deal with the human factor of a business. Through the use of social engineering and email spoofing, employees are manipulated into giving out sensitive information for what an employee assumes is a legitimate reason. Often these imposters use phone calls, emails, or legitimate-looking websites to collect information from unsuspecting victims.

Facebook, Twitter, Instagram, and Pintrest provide a treasure trove of information for hackers to perform reconnaissance on a target to gather information such as birthdays, hobbies, and even the name of the family dog. All of which can be manipulated into making the hacker appear familiar.

In these cases, you can protect networks by educating employees to recognize suspicious- looking emails with typographical errors, poor grammar, or foreign origins. The human factor is often an overlooked aspect of network security.

Final Note

Security has moved from a defensive position with traditional tools such as antivirus and antispam solutions relying on known threat databases to proactive techniques that use behavioral analysis and threat inspection. These tools bring the fight to the hacker and the malware they create.

Tech Data Security is here to offer you solutions and strategies to keep your customers’ security strong and up to date. The cyber threat landscape is always changing, as are the tools and knowledge to combat it. Take the first step to ensure that you and your customers have access to our extensive line of world-class security vendors and services. Click on the link below to see what Tech Data can do to grow your security business, and keep your customers protected.

Tech Data Security

About the Author

Chris Parisi is a pre-sales engineer and architect for Check Point security products. He conducts pre-sale consulting and training for Tech Data partner resellers and managed service providers, along with compliance training for security requirements for PCI, SOX and ISSA BMPs. Chris is currently working on Check Point Certified Systems Administrator Certification and CISSP Certification. 

He is a liaison between technical administrators and decision makers during Check Point implementation projects, and designs solutions for customers based on RFP and recurring sales.

References:

https://www.forbes.com/sites/riskmap/2017/01/30/whats-in-store-for-global-cyber-security-in-2017/#27e5de5463be

http://www.pandasecurity.com/mediacenter/pandalabs/pandalabs-q3/

https://blog.barkly.com/cyber-security-statistics-2017

http://cybersecurityventures.com/ddos-attack-report-2017/

http://www.techdata.com/techsolutions/security/

Tags: Cybersecurity

Subscribe to Email Updates