A new year always brings predictions. When it comes to cyber security, the over-arching prediction from experts is that threats will only get more complex. That means the security team will have to be even sharper than they were in 2017.
Here’s a roundup of what a number of cyber security solution providers see for the next 12 months:
—Artificial Intelligence will change cyber security
“Machine learning has the potential to allow companies to model normal behavior much more accurately and effectively than a human could,” says Theo Van Wyk, chief security architect, of Toronto-based Scalar Decisions. “This can then form the base model from which anomalous behavior can be identified.”
In addition to identifying intentional malicious activity, he explained, it can also identify user behavior that is unknowingly creating a security risk even though the user does not have any malicious intent. This information can be used to coach and train users to raise their security awareness, thereby improving the company’s security posture.
Van Wyk says machine learning presents the potential to fast-track automation. Many security teams are actively implementing automation activities where and when possible. The most successful automation activities have traditionally been when very scripted and predictable tasks were automated. The utopian vision for AI, he adds, is to increase the complexity of the tasks being automated by adding a level of decision making capability.
But he warns machine learning is not a silver bullet and has a number of caveats that have to be kept in mind. “The effectiveness (and usefulness) is greatly affected by both the design of the algorithm and quality of the dataset available on which the algorithms are trained.”
–AI will not improve security
AI holds great promise, but in cyber security, it’s still more hype than reality, says Brian Nesmith, CEO and co-founder of Arctic Wolf Networks. “AI needs good data to learn and develop its predictive capabilities, so in many cases bad data leads to false positives, which are still a huge problem in cybersecurity. Like the boy who cried wolf, too many false alarms leads to bad overall cyber posture and a team that is more likely to ignore warning signs when the threat is real. In 2018, AI will not be the magic bullet. Instead we will see the growth of a more effective model which combines human touch with machine intelligence to reduce the number of false positives and improve time to detection.”
–Stolen NSA/CIA hacking tools will continue to be exploited
An underground economy has been created on the Dark Web to buy, sell, and repurpose new exploits from NSA and CIA leaks, says Dave Masson, manager of Darktrace’s Canadian division. Every day hackers are now capable of launching sophisticated and large-scale attacks on corporations – from ‘worming style’ attacks like WannaCry and NotPetya, to advanced spear-phishing that mimics victims’ writing style and behavior to trick them into inadvisable actions. “As sophisticated and machine speed attacks become more common with the proliferation of these advanced tools around the cyber-criminal community, it will become an even greater challenge for security teams to keep up. Cyber security will no longer be a challenge that can be addressed by humans alone. The focus will shift from who is behind an attack, to how to use AI to become more resilient to attacks, irrespective of their source or threat vector.”
—Cyber fraud and financial crimes converge
Cyber thieves have stolen $35,000 USD per minute from financial institutions during the past six years, notes Vanita Pandey, vice-president of product marketing at San Jose, Calif.,-based ThreatMetrix. “With our own data showing fraudulent account creations up 240 percent in Q3compared to the same period in 2015, we believe 2018 will see cyber fraud combine with traditional financial crimes, such as the use of “money mules.” Look for fraudsters to use automated bot attacks to apply for fraudulent loans or hijack existing accounts and transfer the money to other countries. Hired hands or unwitting accomplices withdraw the money and deposit it elsewhere to hide perpetrators’ tracks.”
She also warns cyber security pros to keep watching for blended attacks. Earlier this year, she notes, IDT Corp. was hit by a cyber attack that leveraged two separate cyber-weapons stolen from the NSA. Hackers used ransomware as a smokescreen for an attack that stole employee credentials—giving them free rein of the company’s data. More than 10,000 computers worldwide have been hit by these same weapons, which are virtually undetectable. “This is a nuclear bomb compared to WannaCry,” Pandey notes IDT CIO Golan Ben-Oni told the New York Times. “The world isn’t ready for this.” ThreatMetrix agrees.
–Reputation management is coming
In the face of fake news, the industry will develop a reputation management scheme that will allow individuals to verify their identities through an operation that records an interaction only a person can have, says Simon Gibson, Fellow Security Architect at Gigamon. This reputation scheme will be universal and follow an individual across platforms, domains and online venues, even if the person wishes to remain anonymous.
“You sitting in front of a computer reading this, then discussing it with someone in the office, might be a factor or unit you could record. The more units a person has applied to the scheme, the more likely the account is tied to a real human versus a bot or ad page. If a scheme has a lower score, the account and its content are less likely to be viewed as trustworthy. The biggest issue with this approach, however, is that people will try to game it. Given this, it has to be created in a way that can’t be manipulated.”
–Malicious domain registrations will increase
With enterprises increasingly on the lookout for malware spread through email, attackers will be looking for other vectors. Proofpoint notes already there has been a 20 per cent year-over-year increase in suspicious domain registrations. These domains are likely intended for fraud, typosquatting, spoofing, and other malicious schemes, and it expects this trend to increase due to widespread adoption of email authentication. Industry-wide efforts to roll out email authentication services will result in significant increases in malicious domain registrations as threat actors move away from less effecting spoofing to registration of lookalike domains.
–Ransomware will pivot from traditional extortion to new targets (I)
Good news, bad news: The profitability of traditional ransomware campaigns will continue to decline as vendor defenses, user education and industry strategies improve to counter them, says McAfee. But, it adds, attackers will adjust to target less traditional, more profitable ransomware targets, including high net-worth individuals, connected devices and businesses. Look out for cyber sabotage and disruption of organizations among new variations of cybercrime business models. In response organizations may increasingly add cyber insurance.
“While much about the motives behind WannaCry and NotPetya are still debated, the use of pseudo ransomware is likely to continue, partly due to the ease with which as-a-service providers can make such techniques available to anybody with the means to pay,” says Raj Samani, chief scientist and head of McAfeeAdvanced Threat Research. “Such attacks could be sold to parties seeking to paralyze national, political and business rivals, which raises perhaps the biggest, unavoidable ransomware question of 2017: Were WannaCry and NotPetya actually ransomware campaigns that failed in their objectives to make significant revenue? Or perhaps incredibly successful wiper campaigns?”
–Ransomware will pivot from traditional extortion to new targets (II)
Indegy expects that a new, more damaging type of ransomware will specifically target industrial controllers. Early in 2017, researchers at the Georgia Institute of Technology designed a cross-vendor ransomware worm known as LogicLocker capable of targeting PLCs (programmable logic controllers) that are exposed online.
According to their report, “LogicLocker uses the native sockets API on a Schneider Modicon M241 to scan the network for known vulnerable targets, namely Allen Bradley MicroLogix 1400 PLCs and Schneider Modicon M221 PLCs, and infect them by bypassing their weak authentication mechanisms, locking legitimate users from easily recovering the PLC, and replacing the program with a logic bomb that begins to dangerously operate physical outputs threatening permanent damage and human harm if the ransom is not paid in time.” Since this proof of concept now exists, Indedgy expects to see a threat in the wild in 2018.
–Mobile apps will increasingly be targeted
Hackers will progress from small footprint ‘front door’ malware and Man-in-the-Middle attacks to attacks that access all of an app’s or a company’s data via the ‘backdoor’, says Domingo Guerra, co-founder and president of Appthority. The next big breach won’t happen because hackers take over a single phone, he says, it will happen because they gain access to massive amounts of sensitive corporate data collected by the apps. It just happened to Uber, where hackers stole the data of almost 60 million users and drivers because they found the Uber developer’s username and password to access Uber data stored in an Amazon server. That’s why he believes forward-thinking organizations have to put proper mobile defenses in place.
–Travel sites in the crosshairs
Marty Kamden, chief marketing officer of NordVPN, says the company is seeing hackers have discovered that travelers who book their trips online share their passport and credit card data, which can be stolen. “This marks the move towards specific online breaches, targeting groups of people – such as travelers, online Christmas shoppers, and others,” he says.
Blockchain will emerge as a potential disruptor across many areas of technology, says Tom Kemp, CEO of Centrify.
He notes blockchain technology has started making serious waves–and not just in the world of crypto-currencies. Even U.S. defense contractor Lockheed Martin seems to be exploring blockchain-related cybersecurity options. “While we expect blockchain to emerge as a potential disruptor across many areas of technology in 2018, it will take several years before vulnerabilities can be addressed and the technology is considered mature enough to act as a basis for enterprise security.”
–Europe’s GDPR may encourage extortion
The EU’s General Data Protection Regulation comes into effect May 25, forcing organizations covered to better protect data of customers who give them personal data or face stiff penalties. However, Trend Micro believes the threat of having to pay those penalties to those who are victims of data ransom will be a lure to criminals. They’ll gamble organization would rather pay an extortion fee rather than risk punitive fines of up to four per cent of their annual turnover. This will drive an increase in breach attempts and ransom demands, says the vendor. It also expects GDPR to be used as a social engineering tactic in the same way that copyright violations and police warnings were used in past fake anti-virus and ransomware campaigns.
–Cyberwar becomes official
Cyberwar campaigns between North Korea and the United States will emerge from the shadows and escalate, directly impacting the public for the first time, predicts LogRhythm. The U.S. and North Korea have been quietly carrying out cyber attacks against each other for years and ramping up their digital aggression, says the company. Tensions will continue to escalate, and the public will be impacted for the first time.
–More IoT bad news
Brands have been quick to jump on the IoT bandwagon but they will have their hands full, says Ken Spinner, VP of field engineering at Varonis. “In 2017, we saw KRACK and BlueBorne exploit WiFi and Bluetooth, opening fresh holes in our already battered perimeters. Hackers will continue to leverage unprotected devices to spy on their users and break into home and corporate networks. Multiple botnets exploiting vulnerable IoT devices will be new minions in DDOS attacks, and threaten to take down news and government websites. Millions of consumers will fail to realize that their IoT devices and home networks are being exploited until they finally get to the bottom of why Stranger Things is so slow to download, and unplug their Internet-connected toothbrush. Manufacturers will start to address these security faults or risk losing to the companies that bake-in security from the start. GDPR may save the day in the long run–forcing businesses to reconsider personal data collection via IoT, but we won’t see this effect until at least 2019.
The first US$1B claim against a cyber insurance policy will be filed, says Ray Rothrock, CEO of RedSeal Inc. As a result providers will take a page from health insurance’s playbook and require companies to get cyber check-ups as part of negotiating rates.
—The last word
In addition to all the other types of attacks, “massive Denial of Service (DoS) attacks will increase and cripple businesses and the Internet itself, says Kathie Miley, chief operating officer at Cybrary. “2018 will be a doozy.”