As large-scale cybersecurity attacks continue to proliferate in the enterprise, attackers are broadening their approach in order to strengthen their impact. A Tuesday report from Accenture Security outlined new methods that hackers are using to gain access, steal data, and make money.
According to a press release announcing the report, the results were collected from intelligence gathered from iDefense, a part of Accenture Security. In addition to the growth of the sheer number of attacks, they are also becoming more destructive and being utilized by other entities, such as nation-states, the release said.
"The first six months of 2017 have seen an evolution of ransomware producing more viral variants unleashed by potential state-sponsored actors and cybercriminals. Our findings confirm that a new bar has been set for cybersecurity teams across all industries to defend their assets in the coming months," Josh Ray, managing director at Accenture Security, said in the release.
SEE: IT security and privacy: Concerns, initiatives, and predictions [free download] (Tech Pro Research)
According to the report, here are the five most notable threats facing the enterprise in 2017:
- Reverse Deception Tactics - Tools like anti-analysis code, steganography, and command-and-control servers are being used to hide stolen data, the release said.
- Sophisticated Phishing Campaigns - Phishing emails, often used to deliver malware, are becoming more sophisticated with the addition of specific company information regarding billing, logistics, and more.
- Strategic Use of Information Operations - Cyberattacks and cyberespionage are growing tools used by nation-states and other actors to achieve political disruption.
- Alternative Crypto-Currencies - Bitcoin's popularity is forcing cybercriminals to improve their laundering techniques, or adopt different cryptocurrencies altogether.
- DDoS-for-Hire Services - Easy-to-use and affordable tools have made it easier than ever for attackers to offer Distributed denial of service (DDoS)-for-hire services.
"While the occurrence of new cyber attack methods is not going away, there are immediate actions companies can take to better protect themselves against malicious ransomware and reduce the impact of security breaches," Ray said in the release.
In order order to improve their stance against these threats, the Accenture report recommended that businesses take the following steps:
- Adopt proactive prevention - Properly training employees to recognize emerging threats can help an organization head off potential problems earlier and mitigate potential damage.
- Elevate email controls - Spam filters should be present and authentication should be robust to make sure email is protected. Companies should also scan emails for potential threats.
- Insulate your infrastructure - Patch your apps and operating systems when necessary, make sure firewalls and virus scanners are configured, and check your admin rights.
- Plan for continuity - A strong resilience plan that includes backups and it regularly updated can help hedge your bets against paying for ransomware.
- 5 ways to reduce insider security risks (TechRepublic)
- As new security risks continue to emerge, cloud security spending will grow to $3.5 billion by 2021 (ZDNet)
- 6 common enterprise cybersecurity threats and how to avoid them (TechRepublic)
- Microsoft warns of 'destructive cyberattacks,' issues new Windows XP patches (ZDNet)
- Information security incident reporting policy template (Tech Pro Research)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.