Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

ABTV

11/16/2017
11:00 AM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

Kaspersky Takes on 2018

Kaspersky Labs has released its security predictions for 2018 and there are troubling trends ahead.

In 2018, you have a choice: stride boldly into a new year and defend against a bunch of increased or new security threats, or hide under your desk with your PC turned off.

If you trust Kaspersky Labs or respect their opinion –- and I'd suggest there's no tangible reason not to –- then the findings of its annual threat prediction report will be of interest. It's Kaspersky's educated guess about what 2018 holds and is somewhat of a primer for anyone in the SOC.

The developer takes the predictions of last year and measures them against what happened this year. And it has to be said, its strike rate is pretty good. If its predictions for next year hold water, then we are all in for a rough ride with plenty of unfortunate potential for catastrophic attacks and shockwaves.

"[We have] a heightened concern for the security posture of users at large, and each event is a bigger catastrophe," said Kaspersky in the report. "Rather than consider each new breach as yet another example of the same, we see the compounding cumulative insecurity facing users, e-commerce, financial, and governmental institutions alike."

The issues facing enterprises and the public at large are the sum of greater sophistication from hackers; the ability to sit in networks unobserved, and educate themselves about security defenses, new attack vectors, and the ability to manipulate and evolve malware for sale on the Dark Web and elsewhere. And, sadly, unerring human gullibility when it comes to social engineering and phishing.

The most troublesome predictions are those which have the potential to affect the fundamental infrastructure of e-commerce, the global enterprise supply chain, and the potential for mobile malware on a huge scale. Then, there are what appear to be savage nation-state attacks whose only goal is destruction of the assets of a country or organizations perceived as an adversary.

Identity and e-commerce
This year, we were showered with PII (personally identifiable information) penetrations that affected,
in the case of Equifax, about 145 million American and European consumers. There's no sign that will slow down and there will be no shortage of reports of security chaos at blue-chip firms that expose consumers to identity theft and spoofing. And herein is a sage reminder of what we're all worrying about in the longer term.

"While many have grown desensitized to the weight of these breaches, it's important to understand that the release of PII at scale endangers a fundamental pillar of e-commerce and the bureaucratic convenience of adopting the Internet for important paperwork," the report said. Harking to an emerging theme throughout the industry, this activity brings into question the very validity of common forms of authentication (particularly US social security numbers), devaluing the information but likely accelerating the use of multiple-factor solutions.

Supply chain
As we know, lateral movement after access can create a bushfire. Hackers who are frustrated at outguessing security at their target have used third-party suppliers to companies as a weak spot for entry, and then moved briskly onto their target. There's speculation that October's SONIC Drive-in fiasco, which swiped consumer credit and other PII details is rumored to have been initiated through a third party, although the chain remains quiet about what happened. Another example was the -- admittedly innovative -- CCleaner attackwhere the payload was delivered through code lines in the company's regular product update before it was even released to customers.

According to Kaspersky, these attacks are very sophisticated, wielding lots of ammunition including zero-day exploits and fileless attack tools. Apparently, they can also combine traditional hacking with escalation to high-skilled teams that extract the information itself.

"Even a target whose networks employ the world's best defenses is likely using software from a third-party," said Kaspersky. It will be interesting to see if organizations are blind-sided by this in 2018.

Mobile malware
Somehow, lawful intercept spyware software –- developed by private firms and sold to governments -- is making its way into the hands of black hat teams. Using this legal software, so-called malware implants gain access to the PII and behavior of mobile users and exfiltrate data. Apple's iOS is called out by Kaspersky as more susceptible to these advances than Android. Rather than a single event, the malware can sit there for months, all the harder to find because iOS is a locked system.

"We estimate that in 2018 more high-end Advanced Persistent Threat malware for mobile will be discovered, [because] of both [increased] attacks and improvement in security technologies designed to catch them," said Kaspersky.

Destructive attacks
When it comes to the nuclear option, malware that carries wiper payloads is fatal if the goal is the equivalent of a military sniper campaign. There's little regard for the data and this all-out approach is designed for maximum disruption of vital endpoints. Wipers have spread to encompass an additional ransomware vector of which ExPetr/NotPetya is a prime example.

New wiper variants include the Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012. So-called Shamoon 2.0 has emerged after Shamoon itself lay dormant for four years, illustrating the persistence of zombie threats which mutate and re-emerge. Not surprisingly, Kaspersky predicts that destructive attacks will increase in the next year.

For those curious to see the full report list of predictions, and not hiding under their desk, here it is:

There will be:

  • More supply chain attacks
  • More high-end mobile malware
  • More BeEF (a profiling toolkit)-like compromises with web profiling
  • Sophisticated UEFI (Unified Extensible Firmware Interface) and BIOS attacks
  • Destructive attack continuation
  • More subversion of cryptography
  • Threats to identity in e-commerce
  • More router and modem attacks
  • Social media owners need to try harder to identify fake users and purge attack bots

The full report can be downloaded as a PDF here.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: They said you could use Zoom anywhere.......
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14483
PUBLISHED: 2020-08-13
A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to corr...
CVE-2020-11733
PUBLISHED: 2020-08-13
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can then, for example, read sensitive files such as appliance admin configura...
CVE-2020-13281
PUBLISHED: 2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists in the project import feature
CVE-2020-13286
PUBLISHED: 2020-08-13
For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configuration settings can be modified to result in Server Side Request Forgery.
CVE-2020-15925
PUBLISHED: 2020-08-13
A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPF_XPAR1 parameter.