Were you one of the IT service desk workers that breathed a sigh of relief as 2014, the “Year of the Data Breach” slipped into history? As we venture even farther into 2015, you might want to take a deep breath and brace yourself. Assuming security experts know their stuff, 2014 was merely a dress rehearsal for things to come.
Hackers Get Slower, More Methodical
The hack attack is evolving. Attacks are increasingly more complex, as hackers are learning to bide their time and combine multiple attack methods to generate a grand, extended hack. The most common method is to use a combination of known and new malware that is released gradually. Hackers then watch to see what is detected and removed versus what goes unnoticed.
As IT workers faithfully identify and remove known malware, the unknown stuff goes unnoticed. Consequently, IT only sees all the trees (the identified malware), and fails to see the forest (the overall full-scale attack). In this way, hackers can hone their attacks to be more accurate, and launch an attack lasting months, with devastating consequences.
Ransomware to Rise
Another phenomenon is hackers infiltrating a system and then holding the data hostage for ransom. A typical attack goes like this: nobody notices anything awry until one day a message pops up declaring, “We can destroy all of your data in a single click. Pay X dollars within X time, or we demolish it all,” or something similar to this. Some businesses have closed their doors rather than pay the ransom, while others felt they had no choice. It’s already happened to the Bennington, Vermont Chamber of Commerce, and various businesses around Australia, Great Britain, and the United States.
Attacks Not Just Motivated by Simple Theft
Most of the hacks that made news last year (no need to list these, they were reported in graphic detail endlessly) involved simple identity theft. Not that it’s simple for the companies and individuals involved, but the motives were as uncomplicated as wanting to take something from somebody else. Beginning this year, hacks are going to morph beyond theft into more sinister plots for purposes like activism, political statements, and religious crusades.
This is evident in the Sony attack. Whether North Korea is responsible or not, the attack was motivated by activism, not theft. You’ll hear a lot more of the term “Hacktivism” as Muslim extremists, political groups (think Sarah Palin’s email hack), and activists working toward environmental change, animal rights, and other causes take to the Internet to punish, provoke, and push their enemies into compliance with their viewpoint.
The Bad Guys Take on Big Data
Hither unto, big data has been leveraged by the Good Guys to bring about great things like human genetic research, more efficient manufacturing processes, and better marketing practices. Unfortunately, the Bad Guys have also read these tech journals and blogs, and are toying with big data to do things like cross-reference user names with passwords to expand their hacking endeavors. The only good news here is that leveraging big data is no trivial task, and even the most well-funded and tech-savvy corporations have no easy go of it.
More of the Same Old Same Old
Experts do not believe that the data breach shenanigans that plagued 2014 are over yet. Nor do they think that the majority of users are yet savvy about opening phishing emails and malware. To compound this problem, identity thieves are getting really good at mimicking known businesses when sending out malware and phishing schemes. Expect more of this (sigh) throughout the year.
About Kyle Shepard
Kyle is a Senior Manager of the Customer Success team for ITSM at SolarWinds. He works directly with customers to provide ongoing support in service management strategy for their evolving goals. He speaks on webinars and other educational resources in ITSM. He also played college lacrosse.
Read more articles by Kyle