The next big threat facing the enterprise is destructive malware disguised as a simple ransomware attack, according to Kaspersky Lab's APT Trends report for Q2 2017, released Tuesday. The report also noted the rise of attacks targeted at energy companies, and a growing complexity of cyberespionage efforts.
The concept of destructive malware disguised as ransomware was seen most prevalently in this time period with the May 12 WannaCry attack and the June 27 ExPetr attack, the report said. WannaCry's high profile and quick spread made cashing out on the attack problematic for the attackers, which seems to indicate that its real goal was simply to destroy data, the report said. ExPetr, also thought to be ransomware at first, "turned out to be purely destructive" as well, the report said.
It was also alleged that both WannaCry and ExPetr were nation-state backed. That, along with the growth of attack by Russian-, English-, Korean-, and Chinese-speaking attackers, helped to highlight the trend of collateral damage caused by cyber warfare, the report said.
However, threat actors in Asia could be heavily impacted by the standards set at the 19th Party Congress, which will take place later in 2017.
Another key trend the report highlighted for the remainder of the year was the growth of attacks targeting energy-related companies and organizations. Countries like Norway and Saudi Arabia may become targets for cyberattacks due to their control of oil and gas.
Cyberespionage efforts by lower-tier attacks will continue to become more complex and grow in size, the report noted. Companies may see the emergence of previously-unknown actors as their capabilities become more varied and proficient.
On the political side of things, "misinformation campaigns" will continue to pose a threat, especially with the upcoming German and Norwegian elections coming up. Additionally, governments without strong cyber operations will use "lawful surveillance" tools to spy on certain users.
"We continue to witness the development of overzealous attackers with no regard for the health of the internet and those in vital institutions and businesses who rely on it on a daily basis," Juan Andres Guerrero-Saade, senior security researcher at Kaspersky Lab, said in a press release. "As cyberespionage, sabotage, and crime run rampant, it's all the more important for defenders to band together and share cutting-edge knowledge to better defend against all threats."
The 3 big takeaways for TechRepublic readers
- Destructive malware disguised as ransomware, like WannaCry and ExPetr, will continue to pose a threat to businesses this year, according to a Kaspersky Lab report.
- Cyberattacks targeting energy firms, especially in countries like Norway and Saudi Arabia, will also proliferate in 2017.
- The cyberespionage capabilities of low-level attackers will grow in both strength and capabilities, presenting a new threat to the enterprise.
- Ransomware: The smart person's guide (TechRepublic)
- Ransomware: An executive guide to one of the biggest menaces on the web (ZDNet)
- How the GoldenEye/Petya ransomware attack reveals the sorry state of cybersecurity (TechRepublic)
- Ransomware: More and smarter scams coming soon (ZDNet)
- Information Security Management Fundamentals (TechRepublic Academy)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.