Vulnerabilities / Threats

2/26/2018
10:30 AM
Misha Govshteyn
Misha Govshteyn
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

6 Cybersecurity Trends to Watch

Expect more as the year goes on: more breaches, more IoT attacks, more fines...

In 2017, it seemed like we faced a new, devastating breach and/or virus at least once a month. The victims — Chipotle, Brooks Brothers, Kmart, Verizon, Equifax, Deloitte, the SEC, Whole Foods, and Xbox among them — represent an astonishingly broad range of industries. At the same time, malware such as WannaCry, which affected more than 300,000 computers, far exceeded prior perceptions about the potential for hackers to wreak havoc. We don't expect such incidents to go away anytime soon. In fact, they'll likely escalate in scope and capacity for damage.

January 2018 brought us a whole new type of threat with the Meltdown and Spectre bugs. Suddenly, the scope of hardware vulnerabilities was front and center. However, amid the media frenzy, we should move forward with a reasonable sense of what to anticipate the rest of this year, to best defend our organizations and their sensitive data – which now resides in the cloud, in on-premises data centers, and in hybrid computing environments. With this in mind, here are six cybersecurity trends to watch for the rest of the year:

We'll likely see another breach of Equifax proportions — and it's likely to be a Web application attack.
Cloud computing has accelerated the adoption and usage of Web applications, and attacks targeting Web applications have skyrocketed. As with the Equifax breach — which resulted in the hacking of 145 million accounts — we will see the exploitation of more Web application vulnerabilities. Web application attacks account for nearly three in 10 breaches overall — far outpacing cyber espionage, privilege misuse, and all other threat drivers, according to the latest Verizon Data Breach Investigations Report. Also according to this report, the rate of Web application-related breaches has grown over 300% from 2014 to 2016. Furthermore, several IT spend reports point to a lack of security budget allocated to application security which represents the growing risks of web applications.  

There has yet to be a major cloud breach, and the streak is likely to continue — despite the panic over Meltdown and Spectre.
Most breaches we see target traditional apps and on-premises environments, not the cloud infrastructure itself. Think Target, Yahoo, and JP Morgan Chase. To date, no cloud application or cloud vulnerability has been the direct source of a cataclysmic breach, and we don't envision this changing anytime soon. (The Verizon breach was caused by human error and was not due to a vulnerability of the cloud infrastructure itself.)

In analyzing more than 2.2 million verified security incidents captured in the Alert Logic network intrusion detection system over an 18-month period, the public cloud accounted for, on average, 405 incidents per customer. This was significantly lower than incidents occurring in on-premises environments (612 per customer), hosted private clouds (684), and hybrid cloud environments (977). While the Spectre and Meltdown vulnerabilities didn't bypass cloud deployments, the impact is likely to be disruption from necessary patching and subsequent performance issues. We're unlikely to see a major breach attributed to Spectre and Meltdown because they are unlikely to be used as initial attack vectors. However, they could be used as a means of moving laterally across the network once access has been gained through some other malware exploit, which is why patching is important.

The hype around machine learning will continue, but real security outcomes will remain elusive.
From the media to technophiles to countless vendors, everyone is talking about machine learning. There is immense power in its promise, particularly within cybersecurity. But in reality, few security vendors understand how to leverage it or integrate it into their solutions to produce results. Machine learning for cybersecurity requires a combination of data scientists, threat researchers and security operations center analysts who can identify patterns across data from thousands of real-world environments and feed that information into the machine learning algorithm. In other words, it isn't a "plug-and-play" product.

The industry will see its first major fines for GDPR violations.
With the May 2018 deadline looming, we found in our research that only one-third of surveyed European Union (EU) companies are compliant or well on the way to complying with the General Data Protection Regulation (GDPR). Given this, we expect fines for noncompliance — including an example-setting large fine for a major global enterprise. GDPR mandates personal data protection for EU companies and all global organizations doing business in the EU, with companies required to document how and where data is stored and processed.

Hackers come for computing resources.
This year, we will see more hackers stealing computing power, slowing down systems, and running up the electric bills of the people who own the machines they're hijacking. Why are they doing this? As cybercrime task forces and federal policing agencies battle ransomware, hackers are looking for safer and easier paths to profit. The bitcoin price surge in 2017 drove mass amounts of interest to cryptocurrency, but since bitcoin mining requires extreme amounts of CPU, hackers are mining other cryptocurrency variants, known collectively as "altcoins."

Now hackers who are mining for cryptocurrency infect the computers of unsuspecting users — to "borrow" the power in the interest of making more money, faster. This type of attack is difficult to notice over time, although cloud computing delivered as-a-service can make it easier to spot in your bill.  

Hackers will monetize IoT attacks.
In 2018, hackers will attack Internet of Things environments less to cause disruption or to show they can and more for financial spoils. In 2017, we saw the Mirai botnet compromise a large IoT attack surface. We're now starting to see a new and sophisticated breed of botnets and IoT infections such as IoTroop — which essentially is gathering as many victims as it can and adding new bots every day. It has already affected 1 million devices and could increase substantially in a worm-like fashion. It's evident that hackers are reverting back to older methodologies to infect new devices and technology. Like other forms of hacking, once tactics for IoT exploits become refined and are replicated, we'll see a shift in motivation from notoriety to financial gain.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Misha Govshteyn co-founded Alert Logic in 2002. Misha is responsible for security strategy, security research, and software development at Alert Logic. Prior to founding Alert Logic, Govshteyn served as a Director of Managed Services for Reliant Energy Communications. In this ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12294
PUBLISHED: 2018-06-19
WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.
CVE-2018-12519
PUBLISHED: 2018-06-19
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
CVE-2018-12588
PUBLISHED: 2018-06-19
Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-1 before 3.1.1-2 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the S...
CVE-2018-10811
PUBLISHED: 2018-06-19
strongSwan 5.6.0 and older allows Remote Denial of Service because of Missing Initialization of a Variable.
CVE-2018-10945
PUBLISHED: 2018-06-19
The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.