10 months ago


predictions 2017

predictions 2017 government, as well as on critical infrastructure - that includes the grid and nuclear power plants. I like to call this the 'internet of insecure things', because as we've seen, these industries use devices that are completely vulnerable, ripe for attack. "We'll see additional attacks on domain name systems (DNS), like the recent hit on Dyn which caused a massive outage on the US west coast, taking down several major websites that are used on a daily basis. The next attack will be even more significant than what we've already seen, down to our reliance on centralised systems and the sheer vulnerability of DNS. "There's also a good chance we'll see a major cloud provider admitting to a background worm that's been there forever. We think of the underlying infrastructure providers as safe havens, but they're not. There are likely major flaws in systems we've all assumed are secure, similar to the Heartbleed vulnerability. While for some, the frequency of data breaches can create a state of fatigue and acceptance, organisations must resist the temptation to sit on their hands. Identity must be at the core of cybersecurity. That means taking responsibility for knowing what data is being accessed, by who and at any given time." THE BLIND SPOT Paul McEvatt, senior cyber threat intelligence manager in UK & Ireland at Fujitsu, focuses on how organisations still don't address the blind spot that exists with attacks over encrypted channels being missed, due to the lack of SSL inspection capabilities. "2016 saw a huge rise in attacks against enterprises using PowerShell. Microsoft PowerShell is a framework and scripting language that is installed by default on all Windows computers and attackers are using it as many organisations lack adequate protection in place for malicious use. As it's already part of the Windows system, it is easier for an attacker to use it as part of their attack cycle and difficult for network defenders to identify malicious use, if they're monitoring at all. Tools such as PowerShell Empire, frequently used by penetration test teams, are also used by attackers to make it easy to bypass the perimeter, create backdoors and then move laterally around a network. Organisations will need to review their monitoring capabilities, logging levels and also work to identify what known good scripts are in use across their network, in order to have the ability to detect malicious attacks where possible." As organisations seek to use Artificial Intelligence (AI) and machine learning capabilities, the approach of analysing security events in 2017 will change. "The principle of 'what good looks like' in cyber security terms has been around for a long time," adds McEvatt. "Machine learning is an extension to this concept with algorithms of what good behaviour is deemed to be, such as how certain system calls should or shouldn't be made or how certain file types are put together; so any deviation from this should be deemed suspicious. "Core network monitoring for anomalous behaviour, such as large transactions or first attempts to access a database, will be a change in approach for security operations centres wthat need to move towards an intelligence-led approach. They will no longer be reacting and triaging 'known bad' traffic via an antivirus or intrusion detection alert, but will need to investigate an alert advising them something unusual has happened, based on a machine learning algorithm. One further area to watch out for in 2017 is attackers using the same AI capabilities as they seek to defeat network and security controls." CYBER INSURANCE Markus Jakobsson, chief scientist for Agari, agrees that there will be a continued rise in cyberattacks in 2017. "While in the past insurance companies haven't understood either the threat or potential damages of these attacks, many of them have now started to develop models to identify the risks, allowing them to offer cyber insurance. In part, this is driven by an understanding that these attacks are here to stay. As insurance companies become more involved, the prices of security products will increasingly be set as a function of the difference in premiums and so will become driven by actuarial insights. There will be an increased demand for computer security experts with a good command of statistics, already in short supply." College students, pay attention! he adds. Increasingly, attackers will use corrupted email accounts as launch pads for sophisticated attacks. "This is made possible by massive harvesting of credentials from phishing attacks and breaches," says Jakobsson. "The corrupted accounts will be used to identify prospective victims and to send them messages from users they trust. Today's security products are poorly suited to detect these types of secondary attacks, since they are mounted from established and trusted accounts - and users are easily deceived when receiving emails from trusted contacts. All it takes is one person to open a dangerous attachment. "Finally, I expect we will see a further increase in hybrid attacks that exploit multiple attack vectors; for example, combining social engineering and DDoS by using email to deliver malware and then DDoS to complicate recovery from a malware attack. These attacks were formerly restricted to high-end incidents, but are now trickling down to all levels of cybercrime. This type of attack enables online criminals to carry out their crimes and then hide their tracks." We've seen this type of attack used within the last year on multiple occasions, including the attacks on the Ukrainian power grid and Bangladesh Bank, he points out. "These types of hybrid attacks are now 'trickling down' and we expect to see them used 10 computing security March/April 2017 @CSMagAndAwards