In 2017, the InfoSec community saw the continuance of several trends from 2016 as well as the emergence of some new and nasty surprises.
File-less attacks continued to rise in popularity, ransomware attacks on healthcare organizations became more prevalent, spending on cyber insurance increased, and – what else is new? – a multitude of data breaches dominated the headlines.
As we enter the new year, here are some predictions from the security experts at SentinelOne for what you can expect in 2018!
The Good
The CISO is the new CIO
Infrastructure and security will become one, as our networks and security converge. You will not be able to think about security as something you ‘apply’ to a network. Your network cannot exist or be operational without security defining it. Infrastructure as software, cloud workloads, dev ops, and coded assets are only further compounding this effect, introducing a large amount of security risk, if not organized properly taking security into consideration during design time.
The endpoint will become the building block of the modern network
As the mobile workforce continues to embrace public SaaS applications and cloud workloads, the “standard” company network perimeter will continue to dissolve. This will require companies to continuously map their assets, both inside and outside the firewall, to discover, understand, and reduce the organization’s attack surface and risk. The endpoint, as the exclusive device to allow access to content and data – will become the building block of the modern network.
Automation and integration
As network boundaries become increasingly abstract, the cybersecurity skills gap becomes more painful and evident. Forbes estimates the current number of unfilled jobs in cybersecurity at 1.4 million. Considering the economic impact of a breach, more and more organizations are looking for the easy button – products that can fill this gap and integrate well with other products in their defense lines, by all means – automation, APIs, and workflows. SentinelOne anybody?
The Bad
Enterprise IOT as a new threat vector
Attackers are always looking for the path of least resistance and, with the number of smart devices lying around our networks growing exponentially, E-IOT devices can pose an unsegmented (often unknown) threat vector. In 2018, this will be leveraged as yet another entry point for a network breach that, with a lateral move, can give attackers access to identified assets of interest. We’ve already observed multiple cases of advanced breaches as a result of enterprise IOT devices being exploited, and we think this is only the beginning, especially as traditional endpoints become more secure, and controlling segmentation in the modern network becomes more difficult.
Certified pre-owned IoT devices
While not a new or unheard-of threat vector, we’re likely to see a significant increase in devices being shipped with malware and backdoors. As we’ve seen with NotPetya, adversaries are keen to compromise upstream update servers to spark wide malware distribution. It would not be a far leap for adversaries to compromise popular IoT manufactures, or popular components contained within, to achieve the same or better results — especially since there is not a lot of security effort put into most devices.
Crypto-miners and more heists
As cryptocurrencies surge in popularity and value, more malware is being made to infect more machines (of every kind: pc, mobile and server) and mine at scale, as a means to better monetize victim machines. Another worrying trend is the increased hacking of crypto exchanges and online wallets whose value is inextricably linked to the rapidly rising price of many crypto currencies. Those exchanges and wallets are basically like banks without the necessary regulation and safeguards, making them an easy and valuable target for attackers in 2018.
The Ugly
File-less attacks will continue to rise in popularity and effectiveness
Traditionally, AV and other security products look at files. Files can be hashed, queried in reputation services, examined with static analysis and machine learning, and easily excluded for false detections. It seems to be a happy flow for all: Sophisticated attackers can continue attacking and security products can keep on selling. However, throughout all of this the customer is a sitting duck for the next security breach. There are too many security products being utilized on the network and the endpoint without the technology to prevent file-less attacks, and as a result we expect the frequency of these attacks to continue rising in 2018.
Destroyer-ware as a cyber-weapon
As worm-based ransomware has proven, encrypting or completely decommissioning an entire network is a scary new reality that can happen in seconds. As we move forward, we anticipate adversaries (even nation-states) to weaponize destroyers to take down networks or hold them hostage. It is a malware-driven form of modern DoS.
Cyber-crime by nation-states
As we’ve seen reported, North Korea has been conducting cyber-crime campaigns as a way of raising funds and disrupting adversaries. In 2018, we expect other countries, especially small and less financially privileged countries to follow suit — likely those which do not have extradition treaties.
As we leave 2017 behind and enter the new year there are many trends and developments for us to reflect on. We hope that these predictions will help organizations rethink their traditional approach to cybersecurity and progress alongside a rapidly evolving threat landscape.