How hackers are making the worst-case security scenario ever worse

Threats, ransom demands and public taunting of executives by hackers are all on the rise, warns report, changing what worst-case scenario really means.
Written by Danny Palmer, Senior Writer
Black glove keyboard hacker

Cybercriminals are becoming more disruptive.


Cybercriminals and hackers are becoming more disruptive, increasing engaging in cyberattacks with aims ranging from destroying businesses, to stealing data to taunting executives while holding them to ransom.

That's the warning in a new report by FireEye, which has been compiled data from advanced threat investigations by the cybersecurity firm's consultancy arm Mandiant.

The report, titled M-Trends 2016, warns that 2015 saw a significant rise in disruptive attacks, defined by FireEye as attacks such as CryptoLocker which holds data to ransom, blackmailing businesses with threats to delete or steal data, or damaging systems by modifying critical business data.

"In 2015, we continued to be reminded that there is no such thing as perfect security," says Kevin Mandia, SVP and president at FireEye.

"Based on the significant number of incidents that Mandiant investigated in 2015, threat actors are finding inventive and disruptive ways to skirt even the best defences, resulting in informational, financial and reputational loss," he adds

But while almost all cyberattacks could be described as disruptive on some level, the particular types of attack identified in the report were meant to bring attention to the attack or to the attacker's cause, be they operating on the behalf of a nation-state, hacktivism or just good old self-interested extortion.

The nature of these attacks, the report says, means that they often resulted in the public release of confidential data, causing embarrassment and reputational damage to the company and for some, the disruption even resulted in the lost of capability to function as a business due to what's described as "the crippling loss of critical systems".

"We've investigated multiple incidents where attackers wiped critical business systems and, in some cases, forced companies to rely on paper and telephone-based processes for days or weeks as they recovered their systems and data," said the report.

There were numerous examples of these types of event during 2015, says the report, which resulted in executive resignations, costly ransoms, and expensive system rebuilds. The bad news is that it's expected that this is only going to continue to get worst during 2016.

"Disruptive attacks are likely to become an increasing trend given the high impact and low cost," the report says, adding that "attackers take steps to draw attention to their malicious activity or the information they have stolen".

These types of attacks are disruptive enough of themselves, but FireEye claims that even more damage is being done because many executives consider them as an implausible worst-case scenario, so plans on how to react to such an event are not in place.

"Put simply, no one previously expected to have half the workforce lose access to their computers within a short amount of time," says the report, although it adds more organisations are beginning to take steps towards detailing plans because "public events over the last few years have altered the notion of what comprises a worst-case scenario".

Read more on cybersecurity

Editorial standards