Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/26/2018
10:30 AM
Misha Govshteyn
Misha Govshteyn
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

6 Cybersecurity Trends to Watch

Expect more as the year goes on: more breaches, more IoT attacks, more fines...

In 2017, it seemed like we faced a new, devastating breach and/or virus at least once a month. The victims — Chipotle, Brooks Brothers, Kmart, Verizon, Equifax, Deloitte, the SEC, Whole Foods, and Xbox among them — represent an astonishingly broad range of industries. At the same time, malware such as WannaCry, which affected more than 300,000 computers, far exceeded prior perceptions about the potential for hackers to wreak havoc. We don't expect such incidents to go away anytime soon. In fact, they'll likely escalate in scope and capacity for damage.

January 2018 brought us a whole new type of threat with the Meltdown and Spectre bugs. Suddenly, the scope of hardware vulnerabilities was front and center. However, amid the media frenzy, we should move forward with a reasonable sense of what to anticipate the rest of this year, to best defend our organizations and their sensitive data – which now resides in the cloud, in on-premises data centers, and in hybrid computing environments. With this in mind, here are six cybersecurity trends to watch for the rest of the year:

We'll likely see another breach of Equifax proportions — and it's likely to be a Web application attack.
Cloud computing has accelerated the adoption and usage of Web applications, and attacks targeting Web applications have skyrocketed. As with the Equifax breach — which resulted in the hacking of 145 million accounts — we will see the exploitation of more Web application vulnerabilities. Web application attacks account for nearly three in 10 breaches overall — far outpacing cyber espionage, privilege misuse, and all other threat drivers, according to the latest Verizon Data Breach Investigations Report. Also according to this report, the rate of Web application-related breaches has grown over 300% from 2014 to 2016. Furthermore, several IT spend reports point to a lack of security budget allocated to application security which represents the growing risks of web applications.  

There has yet to be a major cloud breach, and the streak is likely to continue — despite the panic over Meltdown and Spectre.
Most breaches we see target traditional apps and on-premises environments, not the cloud infrastructure itself. Think Target, Yahoo, and JP Morgan Chase. To date, no cloud application or cloud vulnerability has been the direct source of a cataclysmic breach, and we don't envision this changing anytime soon. (The Verizon breach was caused by human error and was not due to a vulnerability of the cloud infrastructure itself.)

In analyzing more than 2.2 million verified security incidents captured in the Alert Logic network intrusion detection system over an 18-month period, the public cloud accounted for, on average, 405 incidents per customer. This was significantly lower than incidents occurring in on-premises environments (612 per customer), hosted private clouds (684), and hybrid cloud environments (977). While the Spectre and Meltdown vulnerabilities didn't bypass cloud deployments, the impact is likely to be disruption from necessary patching and subsequent performance issues. We're unlikely to see a major breach attributed to Spectre and Meltdown because they are unlikely to be used as initial attack vectors. However, they could be used as a means of moving laterally across the network once access has been gained through some other malware exploit, which is why patching is important.

The hype around machine learning will continue, but real security outcomes will remain elusive.
From the media to technophiles to countless vendors, everyone is talking about machine learning. There is immense power in its promise, particularly within cybersecurity. But in reality, few security vendors understand how to leverage it or integrate it into their solutions to produce results. Machine learning for cybersecurity requires a combination of data scientists, threat researchers and security operations center analysts who can identify patterns across data from thousands of real-world environments and feed that information into the machine learning algorithm. In other words, it isn't a "plug-and-play" product.

The industry will see its first major fines for GDPR violations.
With the May 2018 deadline looming, we found in our research that only one-third of surveyed European Union (EU) companies are compliant or well on the way to complying with the General Data Protection Regulation (GDPR). Given this, we expect fines for noncompliance — including an example-setting large fine for a major global enterprise. GDPR mandates personal data protection for EU companies and all global organizations doing business in the EU, with companies required to document how and where data is stored and processed.

Hackers come for computing resources.
This year, we will see more hackers stealing computing power, slowing down systems, and running up the electric bills of the people who own the machines they're hijacking. Why are they doing this? As cybercrime task forces and federal policing agencies battle ransomware, hackers are looking for safer and easier paths to profit. The bitcoin price surge in 2017 drove mass amounts of interest to cryptocurrency, but since bitcoin mining requires extreme amounts of CPU, hackers are mining other cryptocurrency variants, known collectively as "altcoins."

Now hackers who are mining for cryptocurrency infect the computers of unsuspecting users — to "borrow" the power in the interest of making more money, faster. This type of attack is difficult to notice over time, although cloud computing delivered as-a-service can make it easier to spot in your bill.  

Hackers will monetize IoT attacks.
In 2018, hackers will attack Internet of Things environments less to cause disruption or to show they can and more for financial spoils. In 2017, we saw the Mirai botnet compromise a large IoT attack surface. We're now starting to see a new and sophisticated breed of botnets and IoT infections such as IoTroop — which essentially is gathering as many victims as it can and adding new bots every day. It has already affected 1 million devices and could increase substantially in a worm-like fashion. It's evident that hackers are reverting back to older methodologies to infect new devices and technology. Like other forms of hacking, once tactics for IoT exploits become refined and are replicated, we'll see a shift in motivation from notoriety to financial gain.

Related Content:

 

Black Hat Asia returns to Singapore with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier solutions and service providers in the Business Hall. Click for information on the conference and to register.

Misha Govshteyn co-founded Alert Logic in 2002. Misha is responsible for security strategy, security research, and software development at Alert Logic. Prior to founding Alert Logic, Govshteyn served as a Director of Managed Services for Reliant Energy Communications. In this ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/31/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...