Karim Hijazi is CEO of Prevailion, a cyber intelligence company that monitors and detects active threats by infiltrating hacker networks. Hijazi is also a former director of intelligence for Mandiant and a former contractor for the US intelligence community.
Ransomware has taken the spotlight lately following a string of brazen attacks on major U.S. companies.
And as bad as this kind of malware is, businesses and investors can expect to face a growing number of sophisticated cyber threats that could be even more disruptive and difficult to prevent.
Here are five emerging threats to watch:
Tani Currin holds an "anti-selfie" mask during the Black Hat USA 2014 hacker conference at the Mandalay Bay Convention Center in Las Vegas, August 5, 2014. REUTERS/Steve Marcus ·Steve Marcus / reuters
Wiper malware
“Wipers” are a type of malware that can be even more destructive than ransomware because they are designed not for extortion — they're for the sole purpose of erasing data.
Wipers haven’t been widely used up to today, but that is likely to change. As nation-states become more active and emboldened in cyberspace, we can expect to see more digital clashes that involve destructive cyber attacks.
There is nation-level precedent: Iran has been implicated in an ongoing series of wiper attacks against Israel amid an outbreak of cyber skirmishes between the two countries that escalated in 2020.
Iran has also been implicated in other wiper attacks over the years, including the 2012 ‘Shamoon’ attack on Saudi Aramco, which destroyed over 30,000 computers, and the 2014 wiper attack on Las Vegas Sands Corp. North Korea also used wiper malware in its infamous attack on Sony Pictures back in November 2014.
And wiper malware is an equal playing field, meaning that it will not be limited to state actors. While wipers have less financial value for criminals, they are a potent weapon for terrorists, political activists, and lone wolves who are only interested in causing damage.
The logo of Aramco is seen as security personnel stand before the start of a press conference by Aramco at the Plaza Conference Center in Dhahran, Saudi Arabia November 3, 2019. REUTERS/Hamad I Mohammed ·Hamad I Mohammed / Reuters
Evil AI
The emerging field of artificial intelligence (AI) could be a future gold mine for cybercriminals and nation-state hacking groups.
AI will lead to smarter and autonomous malware that can adapt to changing circumstances and learn how to improve its tactics to pull off more advanced attacks.
Researchers have also recently demonstrated that early-stage AI is already significantly better than humans at launching phishing attacks and crafting viral tweets and social media phishing that can infect users.
It will also make it easier for hackers to hijack online accounts by predicting passwords and beating CAPTCHAs.
While “deepfake” videos are well known by now, an even more compelling use case for cybercriminals will be audio deepfakes which impersonate CEOs to trick employees into sharing sensitive information or authorizing payments.
Furthermore, deepfakes could potentially trigger political crises and incriminate innocent people.
A woman in Washington, DC, views a manipulated video on January 24, 2019, that changes what is said by President Trump and former president Obama, illustrating how deepfake technology can deceive viewers. (Photo by Rob Lever/AFP) ·ROB LEVER via Getty Images
Firmware attacks
For the last 25 years, most cyber attacks have targeted software — rarely venturing below the operating system level of a device.
That is now beginning to change.
Hackers are figuring out how to target “firmware” with malware in order to gain God-level access to these devices and even physically sabotage them. A recent survey found that 83% of enterprises have already started to experience firmware attacks.
So what is firmware?
For high-functioning electronics, like a computer or smartphone, firmware is the code that runs beneath the operating system and is the bridge between the software and the hardware.
However, it is even more critical for lower-functioning “embedded devices” (i.e., the Internet of Things or Industrial Internet of Things) where firmware is often used in place of an operating system.
In a nutshell, if a hacker can gain control over the firmware, they can control the device. That is especially alarming for the embedded devices and industrial controllers that are used in safety-critical systems like the power grid, water treatment plants, nuclear plants, manufacturing, oil and gas pipelines, etc.
Downtown Los Angeles is seen behind an electricity pylon through the morning marine layer in Los Angeles, California, U.S., August 20, 2019. (REUTERS/Lucy Nicholson) ·Lucy Nicholson / reuters
An attack on the firmware of those devices could lead to dramatic incidents of physical sabotage. For instance, this is how a hacker could trigger a months-long power outage, disrupt the water supply, cripple manufacturing plants, and even ‘brick’ gas station pumps, ATMs, hospital ventilators, and office buildings.
These types of attacks are not as far-fetched as they may sound: In 2016, Russian hackers used a special malware called “CrashOverride” to disrupt Ukraine’s power grid.
Supply chain hell
Supply chain attacks have become a buzzy term as of late, thanks to the high-profile breaches of SolarWinds, Microsoft Exchange, Kaseya, and Codecov.
The reality is that we are still in the early stages of supply chain exploitation, and these attacks will become more frequent, sophisticated, and brazen in the coming years.
Advanced nation-states like Russia and China will go further by breaching more sensitive, “backbone” IT services — think ISPs, chipmakers, app stores, security tools, source code libraries, etc. — to better infiltrate and persist inside of critical companies and organizations in the U.S.
Microsoft President Brad Smith testifies during a Senate Intelligence Committee hearing on Capitol Hill in Washington, U.S., February 23, 2021. Drew Angerer/Pool via REUTERS ·POOL New / reuters
Cybercriminals will do the same with lower-hanging fruit, such as retail systems and e-commerce platforms, and have already been busily exploiting supply chains: Various Magecart gangs have wreaked havoc on e-commerce sites by exploiting the open-source Magento platform.
In the coming years, hackers will also infiltrate millions of Internet of Things (IoT) devices (from smart thermostats to cars) by exploiting their software/firmware supply chains, such as source code libraries or the update processes of key vendors.
Far from being a minor inconvenience, these attacks could lead to widespread physical disruption if the hackers use that access to disable the devices.
5G+ and space-based internet
While many consumers may be somewhat underwhelmed by the current 5G rollout, internet connectivity is undergoing dramatic changes that will take time to develop.
This is just the beginning of a new future where wired-connection Internet speeds will be available via wireless delivery methods, ranging from cellular towers to satellites and high-altitude vehicles.
The capacity for higher, faster wireless speeds also has a downside: Hackers will learn to exploit the higher bandwidth, and we can expect to see a wide range of attacks such as increasingly powerful botnets, data theft at a massive scale, and device-on-device attacks.
Botnets are large networks of enslaved devices which a hacker uses to disrupt services and Internet connections by overwhelming them with a flood of bogus data requests. In 2016, a college student was able to knock out a huge slice of the Internet by creating a simple botnet consisting of thousands of insecure IoT devices.
And since future data transfer speeds will only continue to multiply (5G is already expected to be 10 times that of 4G speeds), these botnets will become exponentially more powerful.
Future botnet attacks could be used to disrupt Internet services for a large percentage of the population. They could endanger public safety by blocking emergency services throughout a state. They could even hold entire countries for ransom, similar to the 2016 attack on Liberia.
An example of a botnet operation. (FBI.gov)
Data theft will also get a boost. The higher data transfer speeds will make it easier for hackers to harvest and exfiltrate large quantities of stolen data before victims are able to shut them down. This means data breaches will become significantly more expensive for companies and harder to recover from.
As devices become smarter and more autonomous in the wake of these greater connection speeds, hackers will also leverage these capabilities to attack other devices. For instance, a hacker who breaches a smart traffic light could then use that access to hack into every car that passes by.
Similarly, an infected self-driving car could be used to infect other vehicles within range of its radio signal. A compromised drone could be weaponized to sniff out other connected devices as it flies overhead and spread an infection over vast distances.
A prototype of Goodle's own self-driving vehicle is seen during a media preview of Google's prototype autonomous vehicles in Mountain View, California September 29, 2015. (REUTERS/Elijah Nouvelage) ·Elijah Nouvelage / reuters
This tactic could also be used by hackers for targeting high-level executives and government officials as well as for carrying out more sophisticated “island hopping” attacks to breach corporate networks through overlooked transient connections between various smart devices.
The bottom line is that cybersecurity will become increasingly complicated in the coming years, as hackers develop greater capabilities to launch attacks. Ransomware will continue to be a serious problem for the foreseeable future, but there are many new attacks that are equally concerning and are likely to catch many companies off-guard.
—
Karim Hijazi is CEO of Prevailion, a cyber intelligence company that monitors and detects active threats by infiltrating hacker networks. Hijazi is also a former director of intelligence for Mandiant and a former contractor for the US intelligence community.
