Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/27/2016
10:30 AM
Connect Directly
Twitter
Twitter
RSS
E-Mail
100%
0%

8 Boldest Security Predictions For 2017

Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Previous
1 of 9
Next

Image Source: Adobe Stock

Image Source: Adobe Stock

The end of the year may mean ugly sweaters and epic office holiday parties for some. But for us here at Dark Reading, nothing signals winter solstice more certainly than an email inbox stuffed full of IT security predictions for the coming year. We're talking a denial-of-service-level flood of communiques - a near endless cavalcade of thought leaders and laggards chiming in with their thoughts on how attacks, defenses and the business of cybersecurity will shake out after the New Year.

Among the hundreds of predictions, the majority are either inane or obvious enough to get a "Well, duh" response from anyone who has been in infosec for any length of time. But every year we get a few that raise our eyebrows, elicit a chuckle or at least get us thinking speculatively about possibilities for the months to come. This year was no different, so we'll spare you all those predictions about phishing being the next big attack vector and skip straight to the good stuff.

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Previous
1 of 9
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
botw803
50%
50%
botw803,
User Rank: Apprentice
1/8/2017 | 1:14:41 PM
Re: Minority Report: Infosec Edition
You obviously agree because you have been working for this website forever. Your post are really boring by the way.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
1/4/2017 | 4:34:59 PM
Help prevent an unwanted Internet sick day
I don't know that the Internet will take an unscheduled sick day, but I do know the common security system for Web sites, SSL, the Network Time Protocol and the Domain Name System are probably being probed for ways to exploit them by much more sophisticated hackers than before. And the Internet depends on each of them. We've built out an immense infrastructure without enough precautions, a bold move, but we'd be wise to now try to identify the points where it needs shoring up. One place to start is the Network Time Protocol, which has a dedicated staff operating on an extremely lean budget and which could use additional support (www.ntp.org).
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/4/2017 | 8:59:51 AM
Re: Minority Report: Infosec Edition
Totally agree! AI definitely has tremendous potential, emphasis on potential. The big question is how much and how soon. 
alexanderstein
50%
50%
alexanderstein,
User Rank: Apprentice
12/28/2016 | 1:06:06 PM
Minority Report: Infosec Edition
It's not new years without resolutions and predictions.  Dark Reading honors the annual tradition with their top Info-Sec prognostications. #8: machine learning and artificial intelligence will build on significant capability gains to more accurately and intelligently learn from the past to detect and predict attacks. My counter-prediction: Nope. Most technologists and security professionals still wildly misunderstand/underestimate the complexity of human behavior as it relates to cybersecurity. Effective risk mitigation solutions will come from specialists in mental architecture and psychodynamics.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
12/27/2016 | 11:27:20 AM
Drone Jacking
I'm going to give drone jacking my top pick of these.  If you take a look at the volume of patents Google has put out for their drone army, from navigation aid systems to secure communication, you can see this has always been on their minds.  However, while Google is intent on making their drones as secure as possible (good luck with that, by the way), not all drone operators and start-ups are going to go the extra mile - at first.  And as applies to all drone companies, hijacking drones in-flight isn't the only method of taking control.  Drones can be captured through physical means and repurposed. 

Specifically on the topic of secure communication, we're going to see lots of projects working to perfect protocols that will help protect consumers and public safety.  Papers like "A Secure Communication Protocol for Drones and Smart Objects" by Jongho Won, Seung-Hyun Seo, and Elisa Bertino (2015) that explores securing communication between drones and smart objects (a smart parking management system, for example) are examples.  This paper states that "To support the required security functions, such as authenticated key agreement, non-repudiation, and user revocation, we propose an efficient Certificateless Signcryption Tag Key Encapsulation Mechanism (eCLSC-TKEM). eCLSC-TKEM reduces the time required to establish a shared key between a drone and a smart object by minimizing the computational overhead at the smart object. Also, our protocol improves drone's efficiency by utilizing dual channels which allows many smart objects to concurrently execute eCLSC-TKEM."

In the discussion about whether FOSS (Free and Open Source Software) or proprietary code and standards are better for drone tech, I think we need to work through 2017 to see what security flaws are revealed.  While I am a FOSS advocate, I also recognize the need for proprietary code under the right conditions.

 
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
RDP Bug Takes New Approach to Host Compromise
Kelly Sheridan, Staff Editor, Dark Reading,  7/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14248
PUBLISHED: 2019-07-24
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
CVE-2019-14249
PUBLISHED: 2019-07-24
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.
CVE-2019-14250
PUBLISHED: 2019-07-24
An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.
CVE-2019-14247
PUBLISHED: 2019-07-24
The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.
CVE-2019-2873
PUBLISHED: 2019-07-23
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...