Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

11/16/2017
11:00 AM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

Kaspersky Takes on 2018

Kaspersky Labs has released its security predictions for 2018 and there are troubling trends ahead.

In 2018, you have a choice: stride boldly into a new year and defend against a bunch of increased or new security threats, or hide under your desk with your PC turned off.

If you trust Kaspersky Labs or respect their opinion –- and I'd suggest there's no tangible reason not to –- then the findings of its annual threat prediction report will be of interest. It's Kaspersky's educated guess about what 2018 holds and is somewhat of a primer for anyone in the SOC.

The developer takes the predictions of last year and measures them against what happened this year. And it has to be said, its strike rate is pretty good. If its predictions for next year hold water, then we are all in for a rough ride with plenty of unfortunate potential for catastrophic attacks and shockwaves.

"[We have] a heightened concern for the security posture of users at large, and each event is a bigger catastrophe," said Kaspersky in the report. "Rather than consider each new breach as yet another example of the same, we see the compounding cumulative insecurity facing users, e-commerce, financial, and governmental institutions alike."

The issues facing enterprises and the public at large are the sum of greater sophistication from hackers; the ability to sit in networks unobserved, and educate themselves about security defenses, new attack vectors, and the ability to manipulate and evolve malware for sale on the Dark Web and elsewhere. And, sadly, unerring human gullibility when it comes to social engineering and phishing.

The most troublesome predictions are those which have the potential to affect the fundamental infrastructure of e-commerce, the global enterprise supply chain, and the potential for mobile malware on a huge scale. Then, there are what appear to be savage nation-state attacks whose only goal is destruction of the assets of a country or organizations perceived as an adversary.

Identity and e-commerce
This year, we were showered with PII (personally identifiable information) penetrations that affected,
in the case of Equifax, about 145 million American and European consumers. There's no sign that will slow down and there will be no shortage of reports of security chaos at blue-chip firms that expose consumers to identity theft and spoofing. And herein is a sage reminder of what we're all worrying about in the longer term.

"While many have grown desensitized to the weight of these breaches, it's important to understand that the release of PII at scale endangers a fundamental pillar of e-commerce and the bureaucratic convenience of adopting the Internet for important paperwork," the report said. Harking to an emerging theme throughout the industry, this activity brings into question the very validity of common forms of authentication (particularly US social security numbers), devaluing the information but likely accelerating the use of multiple-factor solutions.

Supply chain
As we know, lateral movement after access can create a bushfire. Hackers who are frustrated at outguessing security at their target have used third-party suppliers to companies as a weak spot for entry, and then moved briskly onto their target. There's speculation that October's SONIC Drive-in fiasco, which swiped consumer credit and other PII details is rumored to have been initiated through a third party, although the chain remains quiet about what happened. Another example was the -- admittedly innovative -- CCleaner attackwhere the payload was delivered through code lines in the company's regular product update before it was even released to customers.

According to Kaspersky, these attacks are very sophisticated, wielding lots of ammunition including zero-day exploits and fileless attack tools. Apparently, they can also combine traditional hacking with escalation to high-skilled teams that extract the information itself.

"Even a target whose networks employ the world's best defenses is likely using software from a third-party," said Kaspersky. It will be interesting to see if organizations are blind-sided by this in 2018.

Mobile malware
Somehow, lawful intercept spyware software –- developed by private firms and sold to governments -- is making its way into the hands of black hat teams. Using this legal software, so-called malware implants gain access to the PII and behavior of mobile users and exfiltrate data. Apple's iOS is called out by Kaspersky as more susceptible to these advances than Android. Rather than a single event, the malware can sit there for months, all the harder to find because iOS is a locked system.

"We estimate that in 2018 more high-end Advanced Persistent Threat malware for mobile will be discovered, [because] of both [increased] attacks and improvement in security technologies designed to catch them," said Kaspersky.

Destructive attacks
When it comes to the nuclear option, malware that carries wiper payloads is fatal if the goal is the equivalent of a military sniper campaign. There's little regard for the data and this all-out approach is designed for maximum disruption of vital endpoints. Wipers have spread to encompass an additional ransomware vector of which ExPetr/NotPetya is a prime example.

New wiper variants include the Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012. So-called Shamoon 2.0 has emerged after Shamoon itself lay dormant for four years, illustrating the persistence of zombie threats which mutate and re-emerge. Not surprisingly, Kaspersky predicts that destructive attacks will increase in the next year.

For those curious to see the full report list of predictions, and not hiding under their desk, here it is:

There will be:

  • More supply chain attacks
  • More high-end mobile malware
  • More BeEF (a profiling toolkit)-like compromises with web profiling
  • Sophisticated UEFI (Unified Extensible Firmware Interface) and BIOS attacks
  • Destructive attack continuation
  • More subversion of cryptography
  • Threats to identity in e-commerce
  • More router and modem attacks
  • Social media owners need to try harder to identify fake users and purge attack bots

The full report can be downloaded as a PDF here.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.