Senior Research Analyst
Courtney Falk is a senior research analyst for Optiv’s Global Threat Intelligence Center (gTIC). Courtney analyzes tools, standards and intrusion sets in order to improve state of the art threat intelligence and help Optiv clients stay ahead of potential attacks.
The Most Important Threats for Your Organization to Watch
The Optiv Cyber Threat Intelligence Estimate 2017 is a yearly report that reviews important events of the past calendar year, and uses them to make projections for the coming year. Professionals from Optiv’s Cyber Threat Intelligence practice and the Global Threat Intelligence Center (gTIC) collaborated to identify the most important threats to watch.
The Estimate is organized into three high-level categories:
- Industry verticals. Some industries are more prone to certain technological threats or threat actors than others. For instance, energy companies dealing in petrochemicals may find themselves on the receiving end of threats from ecologically-minded hacktivists more than media companies or other industries.
- Threat actors. Different threat actors pursue different motives and generate different impacts in the public sphere. Last year, many were surprised by the high-profile ransomware attacks that were conducted on members of the healthcare industry.
- Tools and techniques. Threats in the tools and techniques category cut across threat actors and industries. This year saw a colossal DDoS attack conducted using Internet of things (IoT) devices. For years, security experts have warned that the convenience and utility of IoT needs to balance with increased security risk.
There exists two common themes that run throughout the Estimate:
- The first of those themes is the maturation of threats. Several steps of the attack chain are seeing commodification. Prospective attackers can buy malware, hire phishers to craft a campaign, and rent a botnet for infrastructure. Years ago an attacker would need to develop or steal those capabilities individually. This is commodification in action; criminals specializing in certain fields and selling their goods and services to other criminals in a market environment.
But not all maturation causes an increase in complexity. Over the past year, some criminals actually simplified their modus operandi. Recent high-profile successes in ransomware attacks were noted by potential victims and criminals alike. Organizations now have a heightened awareness to the possible impacts ransomware attacks could have on their bottom lines. Because there is a prevalent sense of fear, criminals now realize that they don’t actually need to create or execute on successful attacks. In fact, some criminals are now able to extort organizations by threatening with ransomware without having any intent to carry out the attack. Ransomware is an extremely low-risk, high-reward type of crime. Operating on margin, these extortionists only need a small fraction of their victims to pay because it is simple and cheap to send threats to a large number of potential victims.
- The second core theme is cross-pollination. Gone are the days when a threat actor could be pigeonholed based on their actions. Hacktivists would deface websites with ideological screeds. Cybercriminals would steal a consumer’s credit card and buy a television with it. Now threat actors have learned from one another. It used to be a hacktivist trend to break into an organization’s network, steal sensitive information, then publicly air that dirty laundry to name and shame their victim. Nation-state actors took note of the effectiveness of this approach and attempted the same in the American and French presidential elections.
The Cyber Threat Intelligence Estimate presents a wide range of threats relevant to all organizations. By utilizing the insight of Optiv threat intelligence analysts, organizations can better understand the threat landscape in which they find themselves, and better prepare for the threats that they might face.