Experts believe hackers are constructing an IoT botnet platform to launch cyber-attacks that could cause the destruction of a targeted organisation, and even interrupt the internet itself.
This scenario is being termed a ‘destruction of service’ (DeOS) attack and the irreparable damage would be caused by completely wiping the backups of an organisation. Experts have observed recent instances of IoT botnet activity that has pointed toward the new attack capable of shaking the foundations of the internet.
Without backups to regenerate an organisation following a major cyber-attack, an extinction event would likely take place, creating a completely different perspective on the importance of capable cyber defences.
The information on this huge potential risk has been provided in the 2017 Mid-Year Cybersecurity Report from Cisco. Other findings involve the risk of spyware and adware for the enterprise, ransomware-as-a-service, business email compromise (BEC), and rising rate and volume of phishing attacks.
Spyware has been found to increase malware infections within organisations, while also being able to steal important data. Ransomware-as-a-service is highly threatening, as the capability broadens the base from which an attack can be delivered, with ordinary people simply paying for the ability to attack a chosen target.
The success of business email compromise is another sign that psychologically driven attacks are formidable, with the Crime Complaint Center revealing that $5.3 billion was stolen in this way between 2013 and 2016. This kind of attack entails the attacker acting as another entity asking for the transaction of funds.
Steve Martino, Vice President and Chief Information Security Officer, Cisco said: “As recent incidents like WannaCry and Nyetya illustrate, our adversaries are becoming more and more creative in how they architect their attacks. While the majority of organizations took steps to improve security following a breach, businesses across industries are in a constant race against the attackers. Security effectiveness starts with closing the obvious gaps and making security a business priority.”
Word of potential ‘destruction of service’ attacks that could impact the internet should act as yet another firm wake up call to organisations that have not yet placed a focus on cybersecurity. With regulation such as GDPR soon arriving, and now a risk of business extinction, there must surely be no argument against strengthening cyber defences.
David Ulevitch, Senior Vice President and General Manager, Security Business Group, Cisco said: “Complexity continues to hinder many organziations’ security efforts. It’s obvious that the years of investing in point products that can’t integrate is creating huge opportunities for attackers who can easily identify overlooked vulnerabilities or gaps in security efforts. To effectively reduce Time to Detection and limit the impact of an attack, the industry must move to a more integrated, architectural approach that increases visibility and manageability, empowering security teams to close gaps.”
This article is from the CBROnline archive: some formatting and images may not be present.