Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
12/3/2015
04:20 PM
Vincent Weafer
Vincent Weafer
Partner Perspectives
50%
50%

McAfee Labs’ 2016-2020 Threat Predictions, Part 1

Two sets of insights inform near- and long-term security strategies.

The best hockey players navigate within the ice rink, grapple with opposing players, take advantage of opportunities when available, and critically, as Wayne Gretzky once said, always skate to where the puck is going to be—not where it has been.

The newly released McAfee Labs Threat Predictions Report offers short- and long-term trend insights for organizations racing to keep pace with and perhaps overtake business and technological change, while continuously fending off a growing variety of cyber threats.

The report predicts key developments on the cyber threat landscape in 2016 and provides unique insights into the expected nature of that landscape through 2020, as well as the IT security industry’s likely response.

It illustrates an ever-evolving threat landscape, where applications and prominent operating systems are hardened to attacks, but attackers shift their crosshairs to less prominent but critical attack surfaces, innovative attack styles, and new device types.

Researchers depict enterprises building out their complex security defenses and comprehensive policies, while attackers target the weak security of employees working remotely. The cybercrime-as-a-service ecosystem discovers, mutates, and sells these advanced capabilities and support infrastructure down to the least sophisticated malicious actors in cyberspace in the burgeoning dark Web.

Here are some key threat predictions from the report for 2016:

  • Hardware. Attacks on all types of hardware and firmware will continue, and the market for tools that make them possible will expand and grow. Virtual machines will be targeted with system firmware rootkits.
  • Ransomware. As it has come to pass in other areas of cybercrime, the true accelerator of ransomware growth will be the availability of ransomware-as-a-service offerings on the dark Web. By lowering barriers to entry into cybercrime, this ecosystem of talent, tools, and infrastructure will enable more criminals to launch more attacks.
  • Attacks through employee systems. Organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies, and remain vigilant. Thus, attackers are likely to shift their focus to increasingly attack enterprises through their employees by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.
  • Cloud services. Cyber criminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Now home to an increasing amount of business-confidential information, such services, if exploited, could compromise organizational business strategies, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data, and other data.
  • Warehouses of stolen data. Stolen personally identifiable information sets are being linked together in big data warehouses, making the combined records more valuable to cyber attackers. The coming year will see the development of an even more robust dark market for stolen personally identifiable information and usernames and passwords.
  • Integrity attacks. One of the most significant new attack vectors will be stealthy, selective compromises to the integrity of systems and data. These attacks involve seizing and modifying transactions or data in favor of the perpetrators such as a malicious party changing the direct deposit settings for a victim’s paychecks and having money deposited into a different account. In 2016, we could witness an integrity attack in the financial sector in which millions of dollars could be stolen by cyber thieves.
  • Sharing threat intelligence. Threat-intelligence sharing among enterprises and security vendors will grow rapidly and mature. Legislative steps may be taken that make it possible for companies and governments to share threat intelligence. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat-intelligence cooperatives among industry vendors will expand.

To “beat the puck” on business, technology, and threat landscape realities in 2016 and beyond, organizations will need security strategies that enable them to see more, learn more, and detect and respond faster, all the while fully utilizing the decidedly finite technical and human resources at their disposal.

Stay tuned for my next post, which will revisit the McAfee Labs Threat Predictions Report to preview the 2020 threat landscape and the likely cybersecurity industry responses to it.

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jason Lebrecht
50%
50%
Jason Lebrecht,
User Rank: Apprentice
12/8/2015 | 7:16:05 PM
Consistant and Repeatable
Companies need to have people, process and technology in place to manage Security on a daily basis. Smart companies have consistent & repeatable methods in place to identify anomalies which could be some level of risk. If a company does not have proper technology and process in place to establish a baseline, they may not know that there was an intrusion until it's too late.

 

Great article, let's keep getting the word out about proper security and risk,

 

Jason Lebrecht

IOT Solutions Expert   

  
UlfM645
50%
50%
UlfM645,
User Rank: Apprentice
12/4/2015 | 12:05:47 PM
The good news
I agree that "Cyber criminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Now home to an increasing amount of business-confidential information."

The McAfee report also stated that "If we keep our stuff in the cloud and access it from a phone, tablet, kiosk, automobile, or watch (all of which run different operating systems and different applications), we have substantially broadened the attack surface. Because these access devices will inevitably be less secure, cloud vendors will be compelled to significantly improve security on the connections and on the data itself. We think successful cloud providers will respond to this challenge during the next five years, enabled by technologies from leading security vendors."

Ponemon Institute recently presented the report "The State of Data Security Intelligence." The report asked "What keeps IT practitioners up at night?" Not knowing where sensitive or confidential data is located is their biggest worry, according to 64 percent of respondents. This concern has increased significantly from last year's.  

The good news is that cloud can offer a way to secure sensitive enterprise data and files. Gartner released the report "Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data" in June 2015 that highlighted key challenges as "cloud increases the risks of noncompliance through unapproved access and data breach." The report recommended CIOs and CISOs to address data residency and compliance issues by "applying encryption or tokenization," and to also "understand when data appears in clear text, where keys are made available and stored, and who has access to the keys." A recent Gartner report concluded that "Cloud Data Protection Gateways" provides a "High Benefit Rating" and "offer a way to secure sensitive enterprise data and files stores of data and use cases.

Ulf Mattsson, CTO Protegrity
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...