Last week it was Dyn. I won't rehash; the story is still pretty fresh on our minds, but this isn't going away folks. You've heard me talk about the 'new normal'. It goes like this:
- Ransomeware is a normal part of business... and a cost of doing business. The VP of a North American Business unit (in a 325,000 person company) reported to me that he'd been hit personally with ransomware. In another example, it was the CEO of a 300 person aluminum extrusion company. If you don't have protections in place, be ready to pay.
- APT isn't as Advanced as it used to be. The computing footprint has expanded into cloud offerings, mobiles, and virtualized. At the same time, many of the tools that used be new are now point and click. Uses of previously identified APT infrastructures are showing up in places beyond the defense industrial base, and have become largely pervasive.
- DDoS is being demonstrated on a regular basis, and can be done through a service provider for hire. As an example, we reported recently (in Red Sky Alliance) on a Bulgarian company that provides DDoS services for state actors in Nigeria. It was reported in a Russian forum (yes, we read Russian language forums) that the company, during a sales call demonstrated its DDoS capabilities to the Russian government contractor "Rostec" by attacking and downing the Ukrainian Ministry of Defense sites and the Russian edition of Slan.ru. It is not clear what role Rostec plays with the Russian government, only that there is an effort to coordinate DDoS efforts in Russia, and that an external company was being looked at to provide those services.
- And last, the introduction of insecure Internet of Things devices is going to multiple all of these issues exponentially. Heck, it already has.