Vulnerabilities / Threats

10:30 AM
Misha Govshteyn
Misha Govshteyn
Connect Directly
E-Mail vvv

6 Cybersecurity Trends to Watch

Expect more as the year goes on: more breaches, more IoT attacks, more fines...

In 2017, it seemed like we faced a new, devastating breach and/or virus at least once a month. The victims — Chipotle, Brooks Brothers, Kmart, Verizon, Equifax, Deloitte, the SEC, Whole Foods, and Xbox among them — represent an astonishingly broad range of industries. At the same time, malware such as WannaCry, which affected more than 300,000 computers, far exceeded prior perceptions about the potential for hackers to wreak havoc. We don't expect such incidents to go away anytime soon. In fact, they'll likely escalate in scope and capacity for damage.

January 2018 brought us a whole new type of threat with the Meltdown and Spectre bugs. Suddenly, the scope of hardware vulnerabilities was front and center. However, amid the media frenzy, we should move forward with a reasonable sense of what to anticipate the rest of this year, to best defend our organizations and their sensitive data – which now resides in the cloud, in on-premises data centers, and in hybrid computing environments. With this in mind, here are six cybersecurity trends to watch for the rest of the year:

We'll likely see another breach of Equifax proportions — and it's likely to be a Web application attack.
Cloud computing has accelerated the adoption and usage of Web applications, and attacks targeting Web applications have skyrocketed. As with the Equifax breach — which resulted in the hacking of 145 million accounts — we will see the exploitation of more Web application vulnerabilities. Web application attacks account for nearly three in 10 breaches overall — far outpacing cyber espionage, privilege misuse, and all other threat drivers, according to the latest Verizon Data Breach Investigations Report. Also according to this report, the rate of Web application-related breaches has grown over 300% from 2014 to 2016. Furthermore, several IT spend reports point to a lack of security budget allocated to application security which represents the growing risks of web applications.  

There has yet to be a major cloud breach, and the streak is likely to continue — despite the panic over Meltdown and Spectre.
Most breaches we see target traditional apps and on-premises environments, not the cloud infrastructure itself. Think Target, Yahoo, and JP Morgan Chase. To date, no cloud application or cloud vulnerability has been the direct source of a cataclysmic breach, and we don't envision this changing anytime soon. (The Verizon breach was caused by human error and was not due to a vulnerability of the cloud infrastructure itself.)

In analyzing more than 2.2 million verified security incidents captured in the Alert Logic network intrusion detection system over an 18-month period, the public cloud accounted for, on average, 405 incidents per customer. This was significantly lower than incidents occurring in on-premises environments (612 per customer), hosted private clouds (684), and hybrid cloud environments (977). While the Spectre and Meltdown vulnerabilities didn't bypass cloud deployments, the impact is likely to be disruption from necessary patching and subsequent performance issues. We're unlikely to see a major breach attributed to Spectre and Meltdown because they are unlikely to be used as initial attack vectors. However, they could be used as a means of moving laterally across the network once access has been gained through some other malware exploit, which is why patching is important.

The hype around machine learning will continue, but real security outcomes will remain elusive.
From the media to technophiles to countless vendors, everyone is talking about machine learning. There is immense power in its promise, particularly within cybersecurity. But in reality, few security vendors understand how to leverage it or integrate it into their solutions to produce results. Machine learning for cybersecurity requires a combination of data scientists, threat researchers and security operations center analysts who can identify patterns across data from thousands of real-world environments and feed that information into the machine learning algorithm. In other words, it isn't a "plug-and-play" product.

The industry will see its first major fines for GDPR violations.
With the May 2018 deadline looming, we found in our research that only one-third of surveyed European Union (EU) companies are compliant or well on the way to complying with the General Data Protection Regulation (GDPR). Given this, we expect fines for noncompliance — including an example-setting large fine for a major global enterprise. GDPR mandates personal data protection for EU companies and all global organizations doing business in the EU, with companies required to document how and where data is stored and processed.

Hackers come for computing resources.
This year, we will see more hackers stealing computing power, slowing down systems, and running up the electric bills of the people who own the machines they're hijacking. Why are they doing this? As cybercrime task forces and federal policing agencies battle ransomware, hackers are looking for safer and easier paths to profit. The bitcoin price surge in 2017 drove mass amounts of interest to cryptocurrency, but since bitcoin mining requires extreme amounts of CPU, hackers are mining other cryptocurrency variants, known collectively as "altcoins."

Now hackers who are mining for cryptocurrency infect the computers of unsuspecting users — to "borrow" the power in the interest of making more money, faster. This type of attack is difficult to notice over time, although cloud computing delivered as-a-service can make it easier to spot in your bill.  

Hackers will monetize IoT attacks.
In 2018, hackers will attack Internet of Things environments less to cause disruption or to show they can and more for financial spoils. In 2017, we saw the Mirai botnet compromise a large IoT attack surface. We're now starting to see a new and sophisticated breed of botnets and IoT infections such as IoTroop — which essentially is gathering as many victims as it can and adding new bots every day. It has already affected 1 million devices and could increase substantially in a worm-like fashion. It's evident that hackers are reverting back to older methodologies to infect new devices and technology. Like other forms of hacking, once tactics for IoT exploits become refined and are replicated, we'll see a shift in motivation from notoriety to financial gain.

Related Content:


Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Misha Govshteyn co-founded Alert Logic in 2002. Misha is responsible for security strategy, security research, and software development at Alert Logic. Prior to founding Alert Logic, Govshteyn served as a Director of Managed Services for Reliant Energy Communications. In this ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo Global,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.