Anticipating security risks before they threaten your organization is increasingly a must have asset for today’s businesses, impacting everyone from the front lines of your operation to the board room. Know what’s on the way is about more than just throwing darts at a board, though. By leveraging broad, geopolitical intelligence on emerging trends and examining it through a security oriented lens, we can accurately forecast evolving threats before they hit an organization’s bottom line. That provides the opportunity to focus security resources on what’s truly important, implementing protective measures and keeping your people left of the boom. Here are five threat trends that my analyst team believes are important for security professionals to monitor and prepare for in the year ahead
1. The Evolving Jihadist Threat
Jihadist groups have encouraged grassroots jihadists living in the West to conduct simple attacks for many years now. Al Qaeda in the Arabian Peninsula began promoting the idea in 2009, and following attacks in Little Rock, Arkansas and Ft. Hood, Texas that year, launched the English-language magazine Inspire to recruit attackers and provide guidance on how to conduct such attacks.
The simple pipe and pressure cooker bomb instructions contained in Inspire Magazine’s first edition have been used in several attacks and plots to include the Boston Marathon bombing. The vehicular assault instructions contained in the second edition have also been used in many attacks. The Islamic State also began promoting the concept in Sept. 2014.
These simple attacks have become a nightmare for corporate security directors trying to protect travelers and facilities globally and most acutely in Europe. With the losses the Islamic State core is experiencing on the battlefield and the Islamic State/al Qaeda competition for primacy in the jihadist movement, we expect to see a continuation of this threat.
2. Surging left and Right Wing Violence in the U.S. and Europe
While certainly not a new phenomenon, political polarization has grown in recent years in the United States and Europe. While neither region has ever been truly free of political violence, the violence tends to run in cycles. We are moving into another very active cycle for both the extreme left and extreme right – and indeed the extremes are feeding off each other. This phase has been sparked partially by nationalism, immigration and anti-globalization, but a host of other social issues have contributed to the friction.
We anticipate an increase in ultra-nationalist and neo-Nazi recruiting and plotting, along with intensification in anarchist and other left-wing extremist activity and protests. This will result in street confrontations between the two camps that will result in crimes such as assault, murder increasingly violent protests and bombings. In addition to extremists targeting each other, right-wing violence will impact immigrants or perceived immigrants and the government. Anarchists will also target governments and corporate targets they perceive to be involved in globalization.
3. An Increasing Threat from Drones
While the use of unmanned aerial vehicles (drones) in lethal attacks by non-state actors such as the Islamic State and Hezbollah has garnered a great deal of attention, we continue to believe that it will be some time before terrorist actors in the West will be able to create improvised weaponized drones capable of carrying out mass-casualty attacks in the West. However, that doesn’t mean they won’t try and we expect to see plots or botched attacks in the coming year involving drones. Such an incident will likely cause far more panic than casualties.
Perhaps a more acute threat involving drones at the present time is their use as surveillance platforms by those planning attacks or direct action events against facilities or even business executives. We are unaware of drones being used in previous attacks in the U.S. or Europe, but due to the proliferation of drone technology, we believe it will happen. Security directors and executive protection teams will have to take efforts to detect drone activity attempting to surveil their personnel and facilities.
4. Improved, More Targeted Ransomware
While widespread ransomware attacks such as WannaCry and NotPetaya are creating a great deal of publicity, they have not generated much revenue for their authors. Indeed, despite infecting hundreds of thousands of computers across the globe, WannaCry only netted some $130,000.
By comparison, highly, tailored ransomware attacks against the properly selected single target have proved to be far more lucrative. For example, South Korean web hosting company Nayana was hit with a spear phishing campaign using Erebus ransomware in June that led the company to pay $1 million to unlock the 153 servers impacted by the attack. The Canadian cybersecurity and digital forensics company Cytelligence paid $425,000 to attackers after its production databases and backups were encrypted following a spear-phishing attack that targeted six of the company’s executives.
Targeted attacks are also less likely to be publicized and therefore not as quickly remedied as we saw with WannaCry. A large-scale ransomware attack can attract everyone's attention within hours because of its pervasiveness. It might take weeks or months to detect ransomware behind more discretionary attacks.
Criminals learn from the successes of other criminals, and we should expect to see an increase in the number of targeted ransomware attacks due to the large quantity of money extorted from Nayana and Cytelligence.
5. The Use of HUMINT to Facilitate Cyber Attacks
It is important to recognize that not all cyber threats are external. Indeed, some studies suggest that some 75 percent of cyber threats involve insiders. A substantial percentage of the attacks involving insiders are cases where the employee is unwitting, such as those involving phishing or social engineering. However, there is also a significant threat posed by knowing insiders. Cases in which an employee is recruited by a business competitor and takes intellectual property as they exit, have been well documented, but security managers also need to worry about internal actors who stay in place and serve as a persistent cyber threat.
Whether recruited using money, sex or some other approach, the persistent insider threat can prove far more damaging than the loss suffered by a one-time data dump. As I often note to security directors during presentations on this topic, “if I run Anna Chapman at the guys in your IT department, I will own your system.”
About the Author: Scott Stewart is vice president of tactical analysis for Stratfor Threat Lens, a product that helps security leaders identify, anticipate, measure and mitigate risks that emerging threats pose to their people, assets and interests around the globe.
