STM Publishes Cyber Threat Report

STM’s Cyber Threat Report prepared for the period of October - November - December 2017 was published on 20 January 2018

Issue 80

This report published quarterly by STM covered the last quarter of 2017 and touched upon the issues such as cyber-attacks, malware, cyber vulnerabilities and cyber security infrastructure. It was stated in the report that wide spreading of ransomware emerged through various applications, that attacks towards banking and financial systems and mobile technologies increased and that threats caused by data breaches stood out more in 2017.

The report also underlined that the utilization of artificial intelligence in the area of cyber security for defense purposes would continue to increase and it was mentioned that from the perspective of the activities conducted by STM, artificial intelligence may prevent the attacks during cyber threat hunting, secure code development and test stages, thus identify and abolish vulnerabilities before they cause any harm. Moreover, the report declared that with the utilization of artificial intelligence in patch management, which has been a major problem for years, the rapid and smooth execution of operations requiring intensive effort would be enabled as well as the test procedures prior the patch and whether or not the patch would cause any problems in another application.

The report envisioned that malware using artificial intelligence would become one of the greatest issues facing  cyber security world in the near future and malware capable of perceiving its environment will be able to shape decisions such as monitoring, data collection, muting and bypassing security products just like a human being according to the platform in which they exist. In light of these developments, it was underlined that the utilization of artificial intelligence applications as some sort of cyber weapon in the hands of attackers would be in question. 

Access to Personal Information through Malware “Meltdown” and “Spectre”

In the report, the common target of the malware “Meltdown” and “Spectre” that emerged at the end of 2017, was the storage isolation in processors such as Intel and AMD, no matter how the methods of attack varied; it was stated that as a result of the extensive usage of the aforementioned processors, this attack method affecting almost all of the current information systems allowed the attackers to reach sensitive data (password, username, etc.) in the systems of the victims. Many companies releasing updates for preventing “Meltdown” and “Spectre” attacks advised their users to update all the applications in the systems immediately and suggested that they follow the new updates to be announced.

Endoscopic Device Used in ATM Attacks

The report underlined that ATMs became the target of cyber-attacks with a quite interesting method in the last quarter of the year.  Endoscopic devices discovered 150 years ago were used in attacks by cyber attackers to trick the sensors of the ATMs to reach the money inside the machines with the help of the lights and cameras of these devices. The report additionally mentioned that as a result of the examinations made by security experts, following the detection of the attacks made with the endoscopy method, emergency embedded software update was released by the NCR to prevent these attacks and after the update no other attacks were reported. It was also stated that the internal communication of the cash distribution units of the ATMs should be encrypted to protect them from black box attacks. In this way, the commands sent directly to the cash distribution unit of the ATM by the attackers would be perceived invalid and merely the commands over the ATM software would pass the identity detection and be processed. 

STM’s 2018 Cyber Threat Forecasts   

In the cyber threat forecasts for 2018 section of the report released by STM; in addition to the fact that artificial intelligence applications are becoming popular among attackers, the attacks towards applications without servers would increase, IoT devices would more frequently be both the victim and the mediator of cyber threats, ransomware would continue to be a critical threat even if by altering its form, cyber security would be expanding its domain, attacks towards the healthcare industry and critical infrastructures would increase, and that cyber threats towards mobile devices and ultimately to crypto currencies would be more popular on the agenda. 

Ransomware Threat will not Decelerate

The report has foreseen that ransomware, which is the easiest way of making money from the victims of cyber attackers, would become one of the greatest threats in 2018, assessing that the quite active state of the Ransomware-as-a-Service under the crime menu of the CaaS (Crime-asa-service) has been a critical clue signaling the continuity of the threat of ransomware. According to STM’s Cyber Experts, in 2018 attackers will be tending towards targets that allow them to gain more money. Within this scope, as a result of their swift appreciation, crypto currencies will be very attractive to cyber attackers.