Cyber Highlights of 2017
Major Cyber threats in 2017
In this past year, several high-profile security events occurred ranging from data breaches to widely reported global ransomware issues. This moved the focus from other equally important matters that were identified this year such as backdoored cryptography, supply chain attacks and weak application security. Some companies still struggle to provide adequate training on cybersecurity topics to their employees and stakeholders, but these events raised the awareness of everyday consumers, employees and executives who expect better security from their own organisations.
Unfortunately, extortion campaigns and malware democratization trended this year. Particularly in the Central European region, our Cyber Intelligence Centre observed high activity level of extortion DoS groups targeting several Hungarian organisations (and others from neighbouring countries). We also observed massive phishing campaigns targeted at Hungarian financial institutions using weaponised malware that was available for purchase for as little as 20 USD.
However, 2017 was also the year of progress and sophistication. Through awareness and risk driven decisions our professional services helped organisations improve their C-suite ability to execute proper measures when meeting digitalization challenges and equipped these entities with key capabilities such as 24x7 alert management, threat intelligence services and application source code review.
What to expect in 2018?
The Privacy regulatory landscape is changing in Europe and GDPR shall have an impact on privacy risks and cyber resiliency as well. Companies have to implement new methods and technologies to prevent, detect and correct data breaches, encrypt and anonymize data according to the new regulations.
Threat actors will seek easier alternatives as organisations become more resilient and this will likely increase the possibility of insider threats and supply chain attacks. For example, there are known and active groups in the CE region who recruit individuals with physical access to ATM machines or ATM machine components.
As mobile phones hold more and more data, they are also becoming targets of attackers. There may be an increase in the use of credential theft malware targeted at Android mobile users. Particularly, our centre has observed the proliferation of Trojans targeting financial institutions in the region, and while most financial organisations do a good job at protecting their clients, these threat groups have the advantage of time and resources that they leverage to bypass mitigations such as SMS-based multifactor authentication. Companies need to respond by improving their mobile application ecosystem with better architectural patterns and improved security checks.
In 2018, organizations may also experience an increase in other relevant risks such as hacktivism and extortion campaigns (i.e. ransomware, data wipes, DDoS) as they gain momentum in the Central European region. Additionally, recent observations indicate that malicious actors may increasingly start targeting weaknesses and backdoors in embedded cryptographic systems and increasingly start to track misconfigured cloud environments in order to abuse organisations security and infrastructure.