The year 2019 is likely to see an increase of state actors taking aim at the private sector in foreign companies, continuing an ongoing trend over the past several years, according to the 2019 Cyber Threat Outlook published by defense industry firm Booz Allen Hamilton on Monday.
The report cites economically-motivated attacks, that aim to “steal information, such as intellectual property and corporate bidding strategies, to help an adversary’s domestic industry,” as well as DDoS attacks against private and public resources, and information warfare strategies that “attempt to inflame or generate public relations and legal controversies to harm targeted sectors and companies with investor, regulatory, consumer, or political backlash.”
SEE: IoT security: A guide for IT leaders (Tech Pro Research)
Criminals mount these attacks in a variety of ways, including by exploiting weaknesses in consumer devices and protocols, as well as by manipulating group behavior through maliciously applied sociology.
Here are three ways state actors are targeting businesses, and how to stay safe, according to the report.
1. IoT devices
Internet of Things (IoT) devices are effectively network-attached purpose-built computers, and these computers require the same level of security attention as any desktop or laptop on your network. State-sponsored attacks are increasingly leveraging IoT devices to build botnets, which then tunnel connections through Tor for pseudo-anonymity, and are used for DDoS attacks such as VPNFilter, for which the Ukrainian Security Service claimed Russian state actors were building in an attempt to destabilize the Champions League finals held in that country.
According to the report, this strategy is made easier as “15 percent of IoT device owners don’t change their devices’ default passwords, and 10 percent of IoT devices use one of the same five passwords for administrative access.”
AI-generated or edited video, commonly called “deepfakes,” use machine learning to create plausible forgeries used to depict events that never occurred.
“The incorporation of malicious deepfakes could be a valuable tactic for increasing the effectiveness of cyber operations intended to spread false information, discredit or damage the reputation of targeted organizations, or even create political turmoil and spur international conflict,” the report stated. “Weaponized leaks-in which data is stolen and released publicly, sometimes with falsified data blended in-have increasingly been leveraged in influence operations.” Additionally, deepfakes can be further weaponized by being inserted in stolen legitimate data.
3. Wireless connectivity
Wireless communication protocols in use today are built with a security-first mindset, though vulnerabilities do exist. Legacy systems, such as municipal alarm systems, have been demonstrated as vulnerable, as security researchers have found that control packets can be captured, modified, and replayed. Likewise, DTMF-based systems, like one hacked in Dallas, are inherently insecure.
Security in wireless connectivity can be a life-or-death matter. As the report notes, “In April 2018, the U.S. Food and Drug Administration (FDA) issued an alert to patients using a particular heart implant to update their device firmware, as the implants were found to be vulnerable to wireless cyber attacks using ‘commercially available equipment.'”