On the threat side, we asked experts how the danger to businesses and other organizations has changed over the last few years. Steven Grossman, Bay Dynamics’ Vice President of Program Management, told us we’re seeing more credential-based threats. “A few years ago everybody was talking about APTs,” Grossman said. “APTs and malware are still important, but compromised credentials are a lot more dangerous.” He offered the SWIFT-related bank fraud cases as examples, and said they were far from being outliers. “Pick your heist. Ultimately, however they got into the organization, they bounced around with credentials they'd compromised." Being able to monitor and protect those credentials is vital.
Testing companies offer a distinctive perspective on threat evolution. We spoke with NSS Chief Executive Officer Vikram Phatak and Senior Director of Cloud Management Brian Soldato. They’re seeing (“obviously”) a tremendous growth in ransomware. “We started seeing this about a year ago as attacks shifted from malware looking for credentials to ransomware. We're going to see a lot more of that. Put yourself in the bad guy's shoes,” they said. “You compromised 100,000 systems five years ago. Now in 2016, they pretty much have everyone's data, so their ROI is much lower.” The criminals needed new ways of monetizing their capability. So they turned to selling paycard data to other criminals, but that business is peaking as well. “Ransomware is an obvious next step. The big things will be hitting hospitals and places that have money. If you're a hospital and your CAT scannner's offline, how much is that worth to you? You have reputational risk, financial risk, and—potentially—loss of life. Those are hot, soft targets for ransomware.”
NSS Labs also thinks the Internet-of-things will soon be seeing ransomware. “Not your pool, your garage, or your thermostat. That's a nuisance. But the supply chain will be a huge target for ransomware. It's like the old protection racket. Nice window, shame if it got broken.”