Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

1/4/2018
03:30 PM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

Countries, Coins & Cloud Will Test Enterprise Security in 2018

According to expert researchers from Kaspersky Labs, 2018's security challenges will be bigger than those seen in 2017.

For every major security attack reported in 2017, many will have gone unreported. More will have been perpetrated without discovery. Hackers sit in networks right now, biding their time.

So where should we be looking for security threats in 2018? I tracked down three of Kaspersky Lab's experts and quizzed them on what we're up against. We identified vulnerabilities from nation states, cryptocurrency miners and enterprise cloud weaknesses as our top three worries.

Nation states
Attack attribution is notoriously challenging. Threat actors are hired on the Dark Web to do the job and then vanish,
malware and attack vector obfuscationmuddy the water and forensics can be inconclusive. Kaspersky says we may not be able to identify where an attack has come from, but we can expect them to continue.

"I think it's hard to say there would be a 'greater threat' of nation states next year, as the same actors are pretty much at it year in and year out," Brian Bartholomew, security researcher at Kaspersky Lab Global Research and Analysis Team, told SecurityNow. "One can 'predict' an increase based on some of the known events coming up, but honestly, the level of nation state attacks will most likely remain the same as it's been in years past, barring a major conflict, which would certainly increase the threat."

North Korea was formally blamed by the US in December for the WannaCry attack, with commentators citing the Rebublic's need for military funding amid sanctions as a driver for the accusation. Obviously, February's Winter Olympics in Pyeongchang are a focal point of cyber worry, as are the US mid-term elections in November. And, there are general or presidential elections coming up this year in Georgia, Azerbaijan, Russia, Iraq and Pakistan to name a few. Then, there's the threat of escalation of tensions on the Korean Peninsula.

"Destructive style attacks by nation states could also show up again," said Bartholomew. "This most likely will depend on the conflict status of countries such as North Korea, Iran and others who have been known to launch these types of attacks in the past."

December's Triton near-miss has been attributed to the activity of a nation state with 'moderate' confidence by Fireye, which discovered the attack on industrial controllers that could have caused physical damage.

"While a shutdown was created in the industrial process, it was most likely done by accident while developing a more destructive capability," suggests Bartholomew. "Had the actor succeeded in their assumed plans, the outcome would have been much worse."

Cryptocurrency miners
It has been estimated that about half a billion computers are currently mining cryptocurrencieswithout the owners' knowledge. The low cost for actors of distributing covert mining software through websites, the current cryptocurrency pricing bubble and the difficulty for the user in spotting illegally installed miners are the perfect storm.

"Miners can bring real and relatively easy money to fraudsters, and that's why this software is turning into a popular tool for malicious users," said Alexey Malanov, a malware expert at Kaspersky Lab. In the same way that birds of one species may unknowingly nurture a cuckoo in their midst, miners profit at the expense of the computer owner. "After running a downloaded file, the miner installs independently and simply starts secretly mining cryptocurrencies by using a victim's computing power and electricity."

Malanov reckons that miners increase PC electrical consumption fivefold by loading the CPU and video card, leading to the ultimate potential failure of the computer.

Enterprise cloud
Consumer food outlets Chipotle, Wendy's and SONIC Drive-In have all recently been targets for hackers. SONIC made no public statement about the source of its October breachwhich may have resulted in millions of credit card details being stolen. The working theory is that SONIC's supply chain may have initially been targeted as the weakest link in the security chain.

"One of the biggest threats to enterprises that we are seeing now -- and expect to see more of in 2018 -- is supply chain attacks," said Rob Cataldo, vice president of enterprise sales at Kaspersky Lab North America. "As attackers can target third-party providers to subsequently infiltrate the better-protected original target, this is an alarming threat to businesses that needs to be addressed in their cloud security strategies before it's too late.

According to Kaspersky's own figures, about 35% of businesses don't know where their corporate data is housed and how it's being secured. Nearly a quarter of them held their hand up to not checking the compliance credentials of their cloud and SaaS service providers, leaving this as a gaping security loophole as we enter 2018.

As more enterprises move to the convenience of the cloud, Cataldo thinks they shouldn't lose sight of where their data is, or most importantly, treat a supplier as outside of their own security policy.

"Enterprises need to have a discussion with third-party providers about their cybersecurity policies and treat the relationship as a business risk that needs to be continuously managed," he said.

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17452
PUBLISHED: 2020-08-09
flatCore before 1.5.7 allows upload and execution of a .php file by an admin.
CVE-2020-17451
PUBLISHED: 2020-08-09
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
CVE-2020-17447
PUBLISHED: 2020-08-09
MyBB before 1.8.24 allows XSS because the visual editor mishandles [align], [size], [quote], and [font] in MyCode.
CVE-2020-16248
PUBLISHED: 2020-08-09
** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability.
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.