2018’s Biggest Attacks Will Stem from Known Vulnerabilities

Credit to Author: Martin Roesler (Director, Threat Research)| Date: Tue, 05 Dec 2017 13:00:12 +0000

Trend Micro just released its annual predictions report for next year. In this, we outline 8 ways the threat landscape is expected to evolve in 2018. While the predictions touch on a wide range of issues – from IoT to cyberpropaganda – the underlying theme is this, 2018’s biggest attacks will stem from known vulnerabilities.

This prediction stems from all the big security events in 2017, like the WannaCry incident, that were based on known vulnerabilities. By studying the leaked information from Shadow Brokers, criminals had access to a list of vulnerabilities that a state-funded intelligence service actively and successfully exploited. Based on this, it is easy to foresee that criminals will make use of these vulnerabilities, too.

The biggest difference between an unknown vulnerability, one only known to an intelligence service, and a known vulnerability is that the potential number of attackers using it gets exponentially higher. So once a vulnerability is publicly known, the clock starts ticking, and it’s just a matter of “when” it will hit users.

There are a wide variety of ways known vulnerabilities can be exploited to damage businesses and individuals. Vulnerabilities will be used for different motivations depending on the business model of the attacker. An intelligence service might use it for a hack, while a money driven criminal might use it to install ransomware.

In 2017 I was impressed by the number of known vulnerabilities successfully exploited in attacks. We saw Pawn Storm, for example, which implemented highly sophisticated attacks with many new, but not widely known vulnerabilities. Volume-wise, however, WannaCry was the obvious chart breaker, leveraging just one known vulnerability made available via the Shadow Brokers files. This one bug allowed the actor to create a worm-like ransomware that spread organically across the globe. That attack also further exposed the vulnerability in SMBv1, which continued to be exploited in future attacks. The combination of how Pawn Storm uses vulnerabilities, with how WannaCry and other thoroughly exploited one vulnerability, is exactly why virtually patching is so important.

To be prepared for this trend to continue, business leaders must accept the inevitable – if you have known vulnerabilities in your system, they will be targeted. Being aware that vulnerabilities exist in a corporate environment means it’s just a matter of time till someone makes use of them.

Companies need address this in two ways:

1. Actively reduce the attack surface. Reduce the number of vulnerabilities in your enterprise as best as possible, for example, by virtual patching.

2. Be prepared for that day an attempted attack is successful. Have disaster recovery procedures in place, meaning the plan has been tested and executed for training. Also, part of the plan should address the fundamental question, “to pay or not pay,” which will be an important guideline for defense teams. It is always better to make those decisions before a major incident occurs.

Read our full list of predictions for 2018 in the report. Have any predictions of your own for 2018? Share them with us on Twitter @TrendMicro.

http://feeds.trendmicro.com/TrendMicroSimplySecurity