Partner Perspectives  Connecting marketers to our tech communities.
12/3/2015
04:20 PM
Vincent Weafer
Vincent Weafer
Partner Perspectives
50%
50%

McAfee Labs 2016-2020 Threat Predictions, Part 1

Two sets of insights inform near- and long-term security strategies.

The best hockey players navigate within the ice rink, grapple with opposing players, take advantage of opportunities when available, and critically, as Wayne Gretzky once said, always skate to where the puck is going to be—not where it has been.

The newly released McAfee Labs Threat Predictions Report offers short- and long-term trend insights for organizations racing to keep pace with and perhaps overtake business and technological change, while continuously fending off a growing variety of cyber threats.

The report predicts key developments on the cyber threat landscape in 2016 and provides unique insights into the expected nature of that landscape through 2020, as well as the IT security industry’s likely response.

It illustrates an ever-evolving threat landscape, where applications and prominent operating systems are hardened to attacks, but attackers shift their crosshairs to less prominent but critical attack surfaces, innovative attack styles, and new device types.

Researchers depict enterprises building out their complex security defenses and comprehensive policies, while attackers target the weak security of employees working remotely. The cybercrime-as-a-service ecosystem discovers, mutates, and sells these advanced capabilities and support infrastructure down to the least sophisticated malicious actors in cyberspace in the burgeoning dark Web.

Here are some key threat predictions from the report for 2016:

  • Hardware. Attacks on all types of hardware and firmware will continue, and the market for tools that make them possible will expand and grow. Virtual machines will be targeted with system firmware rootkits.
  • Ransomware. As it has come to pass in other areas of cybercrime, the true accelerator of ransomware growth will be the availability of ransomware-as-a-service offerings on the dark Web. By lowering barriers to entry into cybercrime, this ecosystem of talent, tools, and infrastructure will enable more criminals to launch more attacks.
  • Attacks through employee systems. Organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies, and remain vigilant. Thus, attackers are likely to shift their focus to increasingly attack enterprises through their employees by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.
  • Cloud services. Cyber criminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Now home to an increasing amount of business-confidential information, such services, if exploited, could compromise organizational business strategies, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data, and other data.
  • Warehouses of stolen data. Stolen personally identifiable information sets are being linked together in big data warehouses, making the combined records more valuable to cyber attackers. The coming year will see the development of an even more robust dark market for stolen personally identifiable information and usernames and passwords.
  • Integrity attacks. One of the most significant new attack vectors will be stealthy, selective compromises to the integrity of systems and data. These attacks involve seizing and modifying transactions or data in favor of the perpetrators such as a malicious party changing the direct deposit settings for a victim’s paychecks and having money deposited into a different account. In 2016, we could witness an integrity attack in the financial sector in which millions of dollars could be stolen by cyber thieves.
  • Sharing threat intelligence. Threat-intelligence sharing among enterprises and security vendors will grow rapidly and mature. Legislative steps may be taken that make it possible for companies and governments to share threat intelligence. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat-intelligence cooperatives among industry vendors will expand.

To “beat the puck” on business, technology, and threat landscape realities in 2016 and beyond, organizations will need security strategies that enable them to see more, learn more, and detect and respond faster, all the while fully utilizing the decidedly finite technical and human resources at their disposal.

Stay tuned for my next post, which will revisit the McAfee Labs Threat Predictions Report to preview the 2020 threat landscape and the likely cybersecurity industry responses to it.

Vincent Weafer is Senior Vice President of Intel Security, managing more than 350 researchers across 30 countries. He's also responsible for managing millions of sensors across the globe, all dedicated to protecting our customers from the latest cyber threats. Vincent's team ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Jason Lebrecht
50%
50%
Jason Lebrecht,
User Rank: Apprentice
12/8/2015 | 7:16:05 PM
Consistant and Repeatable
Companies need to have people, process and technology in place to manage Security on a daily basis. Smart companies have consistent & repeatable methods in place to identify anomalies which could be some level of risk. If a company does not have proper technology and process in place to establish a baseline, they may not know that there was an intrusion until it's too late.

 

Great article, let's keep getting the word out about proper security and risk,

 

Jason Lebrecht

IOT Solutions Expert   

  
UlfM645
50%
50%
UlfM645,
User Rank: Apprentice
12/4/2015 | 12:05:47 PM
The good news
I agree that "Cyber criminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Now home to an increasing amount of business-confidential information."

The McAfee report also stated that "If we keep our stuff in the cloud and access it from a phone, tablet, kiosk, automobile, or watch (all of which run different operating systems and different applications), we have substantially broadened the attack surface. Because these access devices will inevitably be less secure, cloud vendors will be compelled to significantly improve security on the connections and on the data itself. We think successful cloud providers will respond to this challenge during the next five years, enabled by technologies from leading security vendors."

Ponemon Institute recently presented the report "The State of Data Security Intelligence." The report asked "What keeps IT practitioners up at night?" Not knowing where sensitive or confidential data is located is their biggest worry, according to 64 percent of respondents. This concern has increased significantly from last year's.  

The good news is that cloud can offer a way to secure sensitive enterprise data and files. Gartner released the report "Simplify Operations and Compliance in the Cloud by Protecting Sensitive Data" in June 2015 that highlighted key challenges as "cloud increases the risks of noncompliance through unapproved access and data breach." The report recommended CIOs and CISOs to address data residency and compliance issues by "applying encryption or tokenization," and to also "understand when data appears in clear text, where keys are made available and stored, and who has access to the keys." A recent Gartner report concluded that "Cloud Data Protection Gateways" provides a "High Benefit Rating" and "offer a way to secure sensitive enterprise data and files stores of data and use cases.

Ulf Mattsson, CTO Protegrity
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.