ARLINGTON, Va. (BUSINESS WIRE) Organizations and critical infrastructure will likely experience a
greater number of, and more-destructive cyberattacks, including physical
damage perpetrated by highly funded rogue nation states and
cybercriminals looking to disrupt business operations, make money or spy
on targets, according to a new report from Accenture (NYSE: ACN).
Specifically, the report predicts an escalation of Iran-based
cyber-threat activity; a broadening attack of global supply chains;
increased targeting of critical infrastructure; as well as new and
growing avenues of financially motivated cybercrime.
TheCyber
examines trends in cyber threats observedand analyzed during the first half of the year and explores how cyber
incidents might evolve over the next six months. The report is based on
intelligence collection and analysis from Accenture Security’s iDefense
threat intelligence operations, including research using primary and
secondary open-source materials. It notes the increased prevalence of
destructive attacks; the aggressive use of information operations by
nation-states; the growth in the numbers and diversity of threat actors;
as well as the greater availability of exploits, tools, encryption and
anonymous payment systems available to malicious actors.
“Our threat intelligence teams have spent the last 20 years keeping
close track of threat actors and cyber crooks and the creative ways they
might try to break into networks,” said Josh Ray, managing director at
Accenture Security. “To protect against these emerging threats and
respond if they should fall victim to an attack, organizations must be
proactive in thinking about business risk on a day-to-day basis.
Learning from previous incidents and understanding what is coming next
based on timely and actionable threat intelligence is key to keeping
data and systems safe.”
The report outlines five key threats:
Threat #1: The Iranian cyber threat is realAlthough Iran
is generally perceived as an emerging cyber power, new evidence shows
Iran-based threat actors and state-sponsored groups are expanding
their malicious activities and capabilities. Accenture’s threat
intelligence analysts have observed that the PIPEFISH cyber-espionage
threat group continues to be highly active and is advancing its
toolset. This threat group has been primarily targeting Middle Eastern
organizations in the energy sector across countries such as Saudi
Arabia, Qatar and United Arab Emirates for surveillance and espionage
objectives. Newly uncovered malware from PIPEFISH has the ability to
execute remote commands and to upload and download files from the
victim’s system. Additionally, analysis has identified the emergence
of Iran-based ransomware, indicating that Iranian cybercrime actors
are likely to target global organizations by using ransomware as well
as cryptocurrency miners for financial gain.
Threat #2: Nation-states look to exploit third- and fourth-party
environments
Cybercriminal, espionage and hacktivist groups
will continue to target supply chains, and the strategic business
partners that contribute to them, for monetary, strategic and
political gain. For instance, Accenture’s threat intelligence analysts
believe that a China-based group of hackers known as PIGFISH is
targeting organizations in multiple industries to fulfil collection
requirements for various espionage missions and simultaneously gain
access to additional supply-chain attack capabilities and resources.
As cyber adversaries continue to use trusted third parties as vectors
of intrusion, attribution and intent will become more challenging.
Threat #3: Critical infrastructure is a tempting high-value target
for threat actors
The oil and natural gas industry will
continue to be an attractive target for threat actors for the
remainder of 2018. On the international front, Russian state actors
could sponsor disruptive or espionage-related cyber operations or
support hacktivists in the name of protecting the environment to
contain new competition to its largest energy market. Another key
factor is rising oil prices, which could create incentives for threat
actors in North Korea to launch ransomware attacks and other
financially motivated cyber threat activities, such as cryptojacking,
in order to circumvent sanctions and raise money.
Threat #4: Radical shift in alternative cryptocurrency mining
malware
The use of miner malware has been one of the largest
growth areas in cybercrime this year, and its growth will likely
continue into 2019. Recent observation of criminal underground
activity has revealed a plethora of advertisements by malware authors
and resellers for Monero miner malware. The variety of malware
available ranges from generic and cheap entry-level malware to vast
botnets of compromised devices infected with custom malware.
Threat #5: Advanced persistent threat (APT) operations becoming
more financially motivated
While many APT-style cyberattacks
are carried out for the purpose of espionage, financially motivated
cybercriminals have been stepping up their game since as early as
2013. These prolonged, multi-stage cyberattacks are increasingly being
carried out by cyber criminals who are expanding their capabilities to
include traditional cyber espionage tools, techniques and procedures
as well as the use of new malicious tools to attain financial rewards.
The level of activities from financially motivated targeted attack
threat groups like Cobalt Group and FIN7 will remain significant but
lower in volume in 2018 than in 2017.
About Accenture
Accenture is a leading global professional services company, providing a
broad range of services and solutions in strategy, consulting, digital,
technology and operations. Combining unmatched experience and
specialized skills across more than 40 industries and all business
functions underpinned by the world’s largest delivery network
Accenture works at the intersection of business and technology to help
clients improve their performance and create sustainable value for their
stakeholders. With 449,000 people serving clients in more than 120
countries, Accenture drives innovation to improve the way the world
works and lives. Visit us at www.accenture.com .
Accenture Security helps organizations build resilience from the inside
out, so they can confidently focus on innovation and growth. Leveraging
its global network of cybersecurity labs, deep industry understanding
across client value chains and services that span the security
lifecycle, Accenture helps organizations protect their valuable assets,
end-to-end. With services that include strategy and risk management,
cyber defense, digital identity, application security and managed
security, Accenture enables businesses around the world to defend
against known sophisticated threats, and the unknown. Follow us
@AccentureSecure on Twitter or visit us at www.accenture.com/security .
Copyright 2018 Accenture. All rights reserved. Accenture, its logo,and High Performance Delivered are trademarks of Accenture.
Contacts
Accenture
Alison Geib, +1 703 947 4404
alison.geib@accenture.com
Do you think you can beat this Sweet post? If so, you may have what it takes to become a Sweetcode contributor...Learn More.