|
Getting your Trinity Audio player ready...
|
Sophos, a technology security company providing services across Europe, Africa and America says with variety of cyber security attacks in 2016 ranging from a high-profile DDoS using hijacked Internet-facing security cameras to alleged hacking of party officials during the US election, there is the tendency for increased attacks in 2017.
The company further said that cybercriminals are getting better at exploiting the ultimate vulnerability – humans, and ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves.
According to the company in its review report, financial infrastructure is at greater risk of attack as use of targeted phishing and “whaling” continues to grow. “These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts.”
“We also expect more attacks on critical financial infrastructure, such as the attack involving SWIFT-connected institutions which cost the Bangladesh Central Bank $81 million in February. SWIFT recently admitted that there have been other such attacks and it expects to see more, stating in a leaked letter to client banks: “The threat is very persistent, adaptive and sophisticated – and it is here to stay”, Sophos observed.
“There is also exploitation of the internet’s inherently insecure infrastructure. All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky. “
Also of concern to the company is increased attack complexity. Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organization’s network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively.
On more attacks using built-in admin languages and tools, the company anticipates more exploits based on PowerShell, Microsoft’s language for automating administrative tasks. “As ransom ware becomes ubiquitous and endpoints grow more diverse, organizations must refocus on endpoint protection. But signature-based solutions are no longer enough on their own, and can miss zero-day attacks. Choose solutions that recognize and prevent the techniques and behaviors used in nearly all exploits.”
Modestus Anaesoronye
