2018 Security Predictions: Client Spotlight
Cyber Security, High Technology, Opinions Posted Jan 5, 2018 by Liza Vilnits
From advanced hacking techniques and infamous ransomware attacks to innovative and inspiring advancements in AI and IoT, we weren’t left with many quiet days in 2017. While some businesses may be hoping for a clean slate in 2018, others are looking to build on current and growing momentum. Either way, you can’t help but look back on 2017’s industry successes and setbacks as a way to strategize about what’s to come and how to leverage that from a business perspective.
With last year’s news cycle as a backdrop, we can’t help but expect 2018 to be just as, if not more, headline-catching. But, the folks who really know, specifically, what’s to come are the security practitioners and researchers on the front lines – our clients.
Here’s what some of them have predicted for the new year in 2018:
Thomas Fischer, Global Security Advocate of Digital Guardian:
- “’Device Kidnapping’ Will Compromise IoT Devices on a Large Scale” – Looking at vulnerabilities in IoT access and management that have already been disclosed, and putting them in the context of other attack trends and events – the criminal underground is awash in PII in 2017 (credentials as well as a wealth of information to affect account hijackings) – there is a picture of motive and opportunity for widespread ransoming of IoT devices. As discussed on the IoT Security Foundation website, while ransomware is easier to reverse on IoT devices than computers, timely and critical attacks will eliminate that advantage and victims, unable to counter the effects of the ransomware, will be more willing to pay the ransom. Possible scenarios include ransoming pacemakers or infusion pumps shortly after surgery, or disabling cars while passengers are traveling in harsh climates.
Itzik Kotler, Co-Founder and CTO at SafeBreach:
- “Automation Will be a Rising Weapon in Cybersecurity” – As security teams grapple with a deluge of data, alerts and constant threats, 2018 will see an increase in adoption of a myriad of security automation technologies. More organizations will embrace the promise of security automation for “purple” team operations. We will see a combination of technologies — from automating the hacker via breach and attack simulation, to executing remediation playbooks via security automation and orchestration — working in concert towards smarter security.
Jason Macy, CTO of Forum Systems:
- “IAM: A Target for Hacking and Compromise” – As the trend toward identity consolidation and centralized IAM continues, the false sense of security around IAM platforms will result in high-profile hacking of enforcement points. IAM enforcement, or more plainly stated, the locations where credentials are authenticated and authorized, are high-value targets. Compromising these points in the architecture provides a means to impersonate users and hijack the identity decisions that dictate subsequent “trusted users’” acceptance of communications based on trust of the IAM engine. In November, we detailed the severity of the Oracle Identity Manager vulnerability; expect more, similar stories in 2018.
- “API Security: A Business Use-case” – From IoT to mobile and cloud, APIs underlie the modern computing infrastructure. While OWASP’s inclusion of ‘Underprotected APIs’ in the OWASP Top 10 – 2017 RC1 list helped to elevate the criticality of API security, the Wishbone hack, the Instagram vulnerability and the Circle with Disney web filter API Management flaw demonstrated that organizations continue to provide services and integration via APIs that are susceptible to compromise and malicious access. The explosive proliferation of APIs will continue in 2018, and the loss of data and impact to reputation will spur organizations to (finally) carve out a meaningful portion of security spending for protecting APIs.
Galina Antova, Co-founder of Claroty:
- “Nation-States Will Conduct More Critical Infrastructure Probing” – The lack of response to 2014 threat activity probing U.S. critical infrastructure and European targets, and the 2015 and 2016 Ukraine attacks, empowered repeat activity from multiple nation-states in 2017. Expect more of the same in 2018.
- “Ransomware Will Spillover (Again); Expect Disruption” – Although WannaCry and Petya/NotPetya did not specifically target industrial networks, the fact that both campaigns reached critical infrastructure leads us to believe that more spillover will occur along with major disruption and financial loss, and threat actors will craft ransomware targeting industrial networks for economic warfare and extortion gains.
- “Critical Infrastructure Insecurity Will Manifest Itself” – Organizations are nowhere near as ready to combat critical infrastructure threats and will realize many (unfortunate) truths: they don’t have a clear understanding of what assets they own; proper cybersecurity hygiene in industrial networks is much harder to achieve than in IT networks; air-gapping is a fallacy; and organizations don’t possess the necessary personnel skills, their teams aren’t talking to one another and they aren’t currently monitoring their networks the way they should.
Ryan Stolte, Co-founder and CTO of Bay Dynamics:
- “2018 Will be the Year of Ransomware and Stolen Credential Attacks” – On the ransomware front, in 2017, we only scratched the surface, with WannaCry hitting hundreds of thousands of computers worldwide by exploiting critical vulnerabilities in Windows computers. NotPetya was also significant infecting computers using the same exploit (EternalBlue) as WannaCry. In 2018, I expect ransomware attacks to be even more rampant, as criminals shift to more personal attacks, those that hold our intellectual property and life’s work hostage. They are seeing the success of the attacks – whether that’s in dollars and cents with victims paying them off, or severely damaging a business that they think deserves it. They are also getting away with it. Once victims are hit with ransomware they don’t have much recourse. They can either call the FBI or pay the ransom. You hope the FBI would catch the perpetrator but with cyber criminals attacking from around the globe, oftentimes spoofing source destinations and hijacking middlemen using them as proxies, it’s tough to physically get criminals behind bars. Stolen credential attacks will also increase, especially considering the onslaught of significant breaches (i.e. Equifax). Criminals have collected so much information about us login credentials and secret questions are pretty much meaningless. Organizations must assume the criminals are already inside masquerading as legitimate employees, and they should use a combination of technologies to stop them. For example, a combination of user and entity behavior analytics with data loss prevention would detect an employee trying to exfiltrate sensitive data, verify it’s indeed unusual vs. business as usual, and stop the data from leaving. A recent report revealed for the first time in years credit card fraud dropped 29 percent. That’s because credit card companies have become very efficient in detecting and stopping fraudsters. Once a suspicious charge is made, the card company contacts the cardholder asking for verification he indeed made the charge. If the cardholder says “no” his account is shut down immediately. We need the same type of prevention methods when it comes to stolen credentials. But until that point, we will continue to see stolen credentials as the hot commodity.