One constant in cybersecurity is the continual rise of sophistication and creativity of attackers. In 2016, we will see a fundamental expansion of their techniques, including the rise of integrity attacks.
The industry has become accustomed to traditional availability and confidentiality attacks, which are typically crude but often effective.
Denial of service attacks, for example, undermine the availability of websites, services, and resources. Flooding networks, deleting files, and redirecting traffic are some of the brute tactics. Such maneuvers have been around for a long time and are well understood. Security tools and services can control such risks.
Recent data breaches are a great example of confidentiality attacks, which have exposed the personal and business data of millions. Attackers tend to break in, grab all they data they can, and run. Not especially elegant, but it works. The security industry is rapidly gaining traction with tools and practices to prevent such compromises.
Integrity attacks are something new. They are more sophisticated, well planned, and executed. This effort to discreetly modify specific data or transactions and can be much more devastating.
The scale of impact is vastly different. It is not about selling credit card data or compromising ATMs for a few thousand dollars. Instead, it can create huge windfalls for organized criminals and advanced threats.
Last year researchers detected Carbanak, a malicious banking campaign that selectively modified a relatively small number of very specific transactions. This organized group stole $300 million to $1 billion in total from more than 100 banks, just by altering a few transactions. Successes like that reinforce continued activities and further investment by the attackers.
Modifying trusted communications is also on the rise. Even something as simple as taking control of a company’s email system can allow an attacker to conduct fraudulent transactions. Several incidents have emerged in which accounts payable departments have received “urgent” emails from executives to immediately send checks to overseas vendors. Completely fraudulent. The attackers were able to have an interactive discussion in email, successfully impersonating executives, to instruct funds to be transferred.
Ransomware, another example of compromising the integrity of just a few files that remain on a victim’s system, is also growing rapidly. Ransomware will be one of the scourges of 2016. CryptoWall, a popular ransomware package, fleeced more than $320 million last year from unfortunate victims who paid the extortion. Consumers, businesses, and even government agencies paid to have their access restored. The scale of ransomware has never been so great, and it continues to grow, fueled by its own success. The criminals benefit from the distinct advantages of this type of attack and will greedily continue for as long as they can.
When will these integrity problems be solved? Not for some time. They are just beginning to pick up. Integrity attacks are difficult to protect, detect, and recover from. The security industry has not yet adjusted to these emerging challenges, and attackers are taking advantage of the opportunity.
In 2016, sophisticated actors will pursue integrity attacks. This will be a challenging shift in the industry that everyone will have to work to overcome.