Ashraf Sheet, Regional Director, Middle East and Africa at Infoblox, echoes some of the risks channel operators are discussing in the current state of security. He talks about how to manage modern technology such as AI, cloud and IoT to prepare for security challenges.
Gartner has predicted that cybercrime will cost the world US$6 trillion by 2021. To protect customer data and proprietary information, corporations are spending more and more on security products and tools each year.
Last year was an eye-opening year for the cybersecurity industry. Big corporations such as Facebook, Under Armour and more recently, Marriott, have had millions of customer records stolen, each of which has caused significant harm to the company’s brand. It is not only big corporations that are targeted by cybercriminals though. In fact, nearly half of the attacks are targeting small businesses.
Understanding the latest cybersecurity trends will give the channel the edge as they can develop their capabilities in the following areas and be one step ahead:
Attacks powered by AI
For a long time, attackers have used evasive techniques to bypass security measures and avoid detection. Recently, however, an entire underground economy consisting of products, tools and dedicated services has emerged to assist attackers. Considering the ease with which attackers can outsource key components of the attacks, it is predicted that evasion techniques will become more agile due to Artificial Intelligence (AI) in 2019. Malware evasive techniques to bypass Machine Learning engines have increased in recent years. Bypassing AI engines has already been on criminals’ to-do-list for a while. It is projected that criminals will also be able to implement AI in their malicious software to automate target selection and check infected devices before deploying next stage malware and anti-detection technologies.
Data exfiltration attacks to target the cloud
In recent years, enterprises have widely moved their data to the cloud using Infrastructure and Platform-as-a-Service cloud models such as AWS and Azure. With a significant amount of corporate data in the cloud, attacks on cloud platforms are bound to increase. With the adoption of Office365, there has been a surge of attacks on Office365 services, especially attempts to compromise email. The last few years have also seen many high-profile data breaches attributed to misconfigured Amazon S3 buckets. The problem is that many of these buckets are owned by vendors in their supply chains rather than by the target enterprises. These open buckets and credentials allow bad actors to easily attack S3 buckets.
Cryptojacking will continue to be in the headlines
Cryptocurrency mining has increased both as a topic of interest and activity as cryptocurrency usage has grown exponentially in the last few years. Nowadays, it is impossible to see any technology news feed without articles on cryptocurrency and Blockchain. Cryptojacking is a way for cybercriminals to take over the computing devices and smartphones to take advantage of the CPU power to mine cryptocurrency.
Cybercriminals infect victims’ phones and smartphones with malware, which uses the CPU power of the device to mine cryptocurrency, with the profits being directed back into the wallet of the attacker. The attack is not easy to detect because aside from the heavy use of the PC fan and driving up the energy cost of using the computer, cryptojacking doesn’t make itself obvious. An average victim won’t suspect the presence of malware activity if the computer is noisier and consumes more power than usual.
According to Mike McLellan, a Senior Security Researcher at the SecureWorks Counter Threat Unit, cryptocurrency mining represents a good return on investment and a low-risk way of doing it because it leaves the user unaware that their machine is infected, which means rather than providing payment in one quick hit like ransomware, the operation can be sustained for a long period of time. Plus, it doesn’t matter to the attacker where the victim resides in the world, providing a huge target market for the attacker. The code behind cryptojacking malware is relatively simple and it can be delivered via phishing campaigns, malvertising, compromised websites, or even software downloads. Once on a computer system, the game is all about not getting caught.
According to CSO contributor, David Storm: “Cryptomining will continue to be a threat as long as attackers can make quick cash from the infections.”
Nok Nok Labs’ CEO, Phil Dunkelberger, commented: “The global regulatory environment will become more challenging as regulators and governments worldwide continue to strive to implement better data privacy protection as was done with GDPR. While this is great progress, we’re going to see these governments counter to gain more access to information.”
General Data Protection Regulation (GDPR) offers an innovative framework that the European Union has enacted to augment data protection requirements with amplified responsibilities and obligations for organisations. For global organisations that fail to adapt to this change, fines for non-compliance can reach up to €20 million or 4% of worldwide annual turnover, whichever is greater. GDPR will almost certainly force many multinational companies to be more accountable for its use and collection of customer data.
Rapid rise of identity theft
Identity thefts are skyrocketing and criminals are using more sophisticated, multistep frauds to grab information about new accounts. According to a 2017 survey, one out of 15 people have reported being a victim of some sort of identity theft. Criminals are using SSNs, home addresses and knowledge-based authentication question answers to hopscotch from one kind of account to another. Since many two-factor authentication schemes use cellphone SMS text messages for logins or password resets, hackers are working hard to break into cellphone accounts, which will allow them to defeat the two-factor implementation. Criminals are also matching up pieces of various identities to create an entirely new ‘person’ they can use to apply for credit and steal money. It is expected that identity theft will continue to rise this year and next.
Synergistic threats will multiply, requiring combined responses
Last year saw the rise in ransomware attacks and cryptojacking, which provides lower risk and better return on investment. We have also noticed that fileless and ‘living off the land’ threats are more slippery and evasive than ever. It is expected that attackers will combine these tactics to create multifaceted, synergistic threats. Synergistic threats are becoming more common because bad actors are developing foundations, kits and reusable threat components that allow them to focus on adding value to previous building blocks and enables them to orchestrate multiple threats instead of just one to reach their goals. Fighting against such attacks requires questioning every threat. To guard against cyberthreats, we need to ask questions such as, ‘what if we are missing the real goal of the attack?’. Remember, it is expected that bad actors will add synergy to their attacks, but cyberdefences can also work synergistically to defeat such attacks.
IoT security and attack on voice-controlled devices
It is expected that we will have 75 billion devices connected to the Internet of Things (IoT) by 2025. Hence, we will have a huge number of devices to secure and new threats to identify. Both hardware and cloud-based tools have emerged that can monitor threats on multiple devices at a time, but threats can be enormous, often change in tactics and approach, and are not always completely understood. If attackers gain control of IoT devices, they can create havoc on individuals and organisations. They can use the device to mine cryptocurrency or connect them with similar endpoints to form a botnet, launch a DDoS attack, steal personal data and attack websites. To prevent such threats, IoT security solutions are automating the detection process, and Crystal Market Research says that the IoT security market is projected to grow to over 30 billion by 2022.
Increasingly, voice-controlled assistants will be used to manage IoT devices within the home. With the adoption of voice-controlled devices increasing rapidly, cybercriminals’ interest in attacking voice assistant devices and IoT devices connected to them will inevitably continue to grow.