Using fake news for corporate extortion

Contributed Article
February 4, 2019 5:05 am

REGIONAL TRANSFORMATION OUTLOOK 2019

The elections were influenced, fake news prevails, and social media followers are all foreign government–controlled bots. At least that is how the world feels sometimes. During this period a game of cat and mouse has ensued, as automated accounts are taken down, adversaries tactics evolve, and botnet accounts emerge looking more legitimate than ever before. In 2019, we predict an increase of misinformation and extortion campaigns via social media that will focus on brands and originate not from nation-state actors but from criminal groups.

Nation-states leverage bot battalions to deliver messages or manipulate opinion, and their effectiveness is striking. Bots often will take both sides of a story to spur debate, and this tactic works. By employing a system of amplifying nodes, as well as testing the messaging including hashtags to determine success rates, botnet operators demonstrate a real understanding of how to mold popular opinion on critical issues. Next year we expect that cybercriminals will repurpose these campaigns to extort companies by threatening to damage their brands. Organisations face a serious danger.

Due to the ease with which criminals can now outsource key components of their attacks, evasion techniques will become more agile due to the application of artificial intelligence. In recent years, we have seen malware using evasion techniques to bypass machine learning engines. Clearly, bypassing artificial intelligence engines is already on the criminal to-do list; however, criminals can also implement artificial intelligence in their malicious software.

We expect evasion techniques to begin leveraging artificial intelligence to automate target selection, or to check infected environments before deploying later stages and avoiding detection. Such implementation is game changing in the threat landscape. We predict it will soon be found in the wild.

Raj Samani Chief Scientist and McAfee Fellow, Advanced Threat Research.

Key takeaways

  • Nation-states leverage bot battalions to deliver messages or manipulate opinion and their effectiveness is striking.
  • Expect evasion techniques to begin leveraging artificial intelligence to automate target selection.

REGIONAL TRANSFORMATION OUTLOOK 2019

Follow the cloud

In the past two years, enterprises have widely adopted the Software-as-a-Service model, such as Office 365, as well as Infrastructure- and Platform-as-a-Service cloud models, such as AWS and Azure. With this move, far more corporate data now resides in the cloud. In 2019, we expect a significant increase in attacks that follow the data to the cloud. During the last couple of years we have seen many high-profile data breaches attributed to misconfigured Amazon S3 buckets. This is clearly not the fault of AWS.

Based on the shared responsibility model, the customer is on the hook to properly configure IaaS and PaaS infrastructure and properly protect their enterprise data and user access. Complicating matters, many of these misconfigured buckets are owned by vendors in their supply chains, rather than by the target enterprises. With access to thousands of open buckets and credentials, bad actors are increasingly opting for these easy pickings.

Key takeaways

  • Based on shared responsibility model the customer is on the hook to properly configure IaaS and PaaS infrastructure.
  • Many of the misconfigured buckets are owned by vendors in their supply chains rather than by target enterprises.
  • With access to thousands of open buckets and credentials bad actors are increasingly opting for easy pickings.

REGIONAL TRANSFORMATION OUTLOOK 2019

Targeting the smart home and its devices

As technology fans continue to fill their homes with smart gadgets, from plugs to TVs, coffee makers to refrigerators, and motion sensors to lighting, the means of gaining entry to a home network are growing rapidly, especially given how poorly secured many IoT devices remain.

But the real key to the network door next year will be the voice-controlled digital assistant, a device created in part to manage all the IoT devices within a home. For now, the voice assistant market is still taking shape, with many brands still looking to dominate the market, in more ways than one, and it is unclear whether one device will become ubiquitous.

If one does take the lead, its security features will quite rightly fall under the microscope of the media, though not perhaps before its privacy concerns have been fully examined in prose. Last year we highlighted privacy as the key concern for home IoT devices. Privacy will continue to be a concern, but cybercriminals will put more effort into building botnets, demanding ransoms, and threatening the destruction of property of both homes and businesses.

This opportunity to control a home’s or office’s devices will not go unnoticed by cybercriminals, who will engage in an altogether different type of writing in relation to the market winner, in the form of malicious code designed to attack not only IoT devices but also the digital assistants that are given so much license to talk to them.

Next year we expect to see two main vectors for attacking home IoT devices: routers, smartphones and tablets. The Mirai botnet demonstrated the lack of security in routers. Infected smartphones, which can already monitor and control home devices, will become one of the top targets of cybercriminals, who will employ current and new techniques to take control.

Malware authors will take advantage of phones and tablets, those already trusted controllers, to try to take over IoT devices by password cracking and exploiting vulnerabilities. Infected IoT devices will supply botnets, which can launch DDoS attacks, as well as steal personal data. The more sophisticated IoT malware will exploit voice-controlled digital assistants to hide its suspicious activities from users and home-network security software. Malicious activities such as opening doors and connecting to control servers could be triggered by user voice commands.

Raj Samani Chief Scientist and McAfee Fellow, Advanced Threat Research.

Key takeaways

  • Cybercriminals will put more effort into building botnets, demanding ransoms, threatening destruction of property of homes and businesses.
  • Malware authors will take advantage of phones and tablets to try to take over IoT devices by password cracking.

REGIONAL TRANSFORMATION OUTLOOK 2019

Industrial control and IoT edge devices prime targets

Triton malware that attacks industrial control systems, has demonstrated the capabilities of adversaries to remotely target manufacturing environments through their adjacent IT environments. Identity platform and edge device breaches will provide the keys to adversaries to launch future remote ICS attacks due to static password use across environments and constrained edge devices, which lack secure system requirements due to design limitations.

An edge device is any network-enabled system hardware or protocol within an IoT product. We expect multifactor authentication and identity intelligence will become the best methods to provide security in this escalating battle. We also predict identity intelligence will complement multifactor authentication to strengthen the capabilities of identity platforms.

Identity is a fundamental component in securing IoT. In these ecosystems, devices and services must securely identify trusted devices so that they can ignore the rest. The identity model has shifted from user centric in traditional IT systems to machine centric for IoT systems. Unfortunately, due to the integration of operational technology and insecure edge device design, the IoT trust model is built on a weak foundation of assumed trust and perimeter-based security.

Most IoT edge devices provide no self-defense isolating critical functions, memory protection, firmware protection, least privileges, or security by default so one successful exploit owns the device. IoT edge devices also suffer from break once, run everywhere attacks — due to insecure components used across many device types and verticals.

IoT security must begin on the edge with a zero-trust model and provide a hardware root of trust as the core building block for protecting against hack and shack attacks and other threats. There will be an increase in compromises on identity platforms and IoT edge devices in 2019 due to the adoption of smart cities and increased ICS activity.

Raj Samani Chief Scientist and McAfee Fellow, Advanced Threat Research.

Key takeaways

  • Most IoT edge devices provide no self-defense isolating critical functions, memory protection, firmware protection.
  • One successful exploit owns the IoT edge device.
  • The identity model has shifted from user centric in traditional IT systems to machine centric for IoT systems.
  • Due to the integration of operational technology and insecure edge device design, the IoT trust model is built on a weak foundation.

Tags: