Despite growing investments in defensive technologies, cyber breaches continue to proliferate. In a world where malware is continually evolving, critical data is moving to the cloud, and criminals are exploring new vectors of attack, how can security professionals stay up to date with, and keep ahead of, changes in the industry?
In the Forcepoint 2018 Predictions, our security experts and Labs professionals will examine eight different areas of concern for year ahead. Here we examine five predictions for 2018.
1. Prediction: An increasing amount of malware will become MitM-aware.
The web is moving to encrypted-by- search engines, social media networks and shopping sites are investing in the technology to make the web a safer place for everyone.
Meanwhile, to protect personal data and intellectual property, organisations are trying to keep visibility of their web and app traffic by using Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) decryption and inspection technologies, simply to understand the data which is moving from machine to machine. Such technologies use man-in-the-middle (MITM) techniques in a legitimate manner.
The MITM is the only effective way to monitor the traffic for Network Data Loss Protection (DLP) and Cloud Access Security Broker (CASB) analysis, so we see this becoming more common for legitimate purposes and will raise privacy challenges. We also expect to see malware taking this MITM into account when determining how to act by ceasing execution once it realises it is under analysis.
It’s therefore no surprise that cybercriminals and nation state actors will adapt their tactics, techniques and procedures accordingly. Malware creators, or those controlling botnets, will continue to take advantage of any environments that are not using SSL/TLS decryption and inspection to hide communications using encrypted communication channels. We will also see other malware attempting to detect or thwart MITM security techniques by using non-standard cryptography, certificate pinning and other techniques.
2. Prediction: IoT is not held to ransom but instead becomes a target for mass disruption.
One new threat which will emerge in 2018 is “the disruption of things”. The Internet of connected things offers access both to massive amounts of critical data, and to disruptive possibilities. By way of example, it will be possible for any cyber attacker with disruption on their mind to steal credentials or insert malware into systems and:
- Infiltrate a network of connected refrigerated trucks and raise the temperature, spoiling food and disrupting social infrastructure
- Access connected manufacturing sensors and turn off or disrupt manufacturing processes
- Take down a network of insecure home Internet routers
- Build a larger and more powerful botnet of things to extract data or demand ransom
These are just a few examples of many disruptions made possible by new attack vectors in IoT and IIoT.
We will also see integration of a MITM attack into an IoT network. As more connected devices such as home personal assistants have financial data associated with them, they become a more attractive and lucrative target for attackers.
3. Attackers will target vulnerabilities in systems which implement blockchain technology
Forcepoint predicts that during 2018, the systems surrounding cryptocurrencies and other similar currencies will increasingly come under attack.
We expect to see an increasing amount of malware targeting user credentials of cryptocurrency exchanges and the websites that allow users to buy, sell and exchange crypto-currencies for other digital currency or traditional currency in the vein of TrickBot in August 2017.
We further anticipate that cybercriminals will turn their attention to vulnerabilities that exist in various systems which rely on blockchain-based technologies. While the principle of the blockchain makes the insertion of falsified transactions into historical blocks prohibitively difficult, compromising the systems used to make the transactions – for example the 2016 attack on the DAO which exploited a flaw in the code of the smart contract underlying the organisation - will be an attractive proposition for highly skilled attackers.
4. A data aggregator will be successfully breached in 2018 using multiple attack methods.
Credit reporting agencies, online retailers and other large aggregators of data provide cybercriminals with an opportunity to target complete sets of information such as personal data from banks and electronic health care records due to their undeniably inherent wealth of value.
This data is not something that can be changed or adapted like a password; rather, it is always associated with an individual. 2018 will see cybercriminals take advantage of these systems and undertake successful attacks on these firms. The Equifax breach in the US is a prime example of the breach of a data aggregator holding abundance of personal identifiable information.
The Equifax breach is a wake-up call for businesses worldwide, which must improve systems so that attackers taking aim at these data goldmines will meet with increased resistance. Working harder is not possible, but working smarter is. Examining the flow of the data through an organisation is the only scalable defence mechanism, and by looking for and spotting the misuse of account credentials on a database, malicious behaviours can be identified.
Look out, one of following attack vectors likely to be targeted towards a data aggregator in 2018:
- An exploit of known vulnerabilities
- Accidental compromise via employee error
- Third party compromise leading to first party breach
- A ransomware attack
- Social engineering attacks
- Exploits of security misconfiguration
- Exploits of weak authentication practices
5. 2018 will ignite a broad and polarizing privacy debate not just within governments, but between ordinary people.
The last two years have seen a steady erosion of the clean line between the personal and public sphere – even ISPs have the legal right to sell customer data. Furthermore, ongoing geopolitical uncertainty, and threats both foreign and domestic, highlight the perceived tension between individual rights and security for all. For a number of years, privacy has not put up much of a fight: we predict that will change in 2018.
Our prediction is based upon what we see as the perfect storm between the following four drivers: legal, technological, societal, and political. The confluence of these factors will cause a tectonic shift in the privacy landscape.
Leading the pack in terms of visibility in the security community are legal concerns – mainly under the heading of GDPR, though this is far from the only piece of legislation that impacts how companies handle personal data. With regulations set to come into effect on May 25, 2018, privacy is top of mind for many technologists: compliance is going to drive visibility through 2018 and beyond.
Legal concerns will lead the pack in terms of visibility in the security community. Australia has passed mandatory data breach notification law which comes into effect in February 2018, and will cover most Australian businesses with an annual turnover of at least $3 million, and government agencies. The law means organisations that determine they have been breached or have lost data will need to report the incident to the Privacy Commissioner and notify affected customers as soon as they become aware of a breach.
Another regulation that will have an impact on Australian businesses is GDPR, a European-led regulation which will nevertheless affect global businesses who hold or process the personal data of any European-resident citizen. With regulations set to come into effect on May 25, 2018, privacy is top of mind for many technologists: compliance is going to drive visibility through 2018 and beyond.
Two other major factors are technological and societal change. Individuals are used to trading convenience for privacy as they use location-based and ID-tracking services on mobile phones and home assistants, but accept this predominantly in their private lives. In the workplace, the benefits of a more human-centric approach to security will drive adoption of increased data collection – an effort that must be handled carefully if it is to remain both legally and culturally acceptable.
Lastly, the geopolitics of 2017 cannot be ignored. The world seems less stable, and the rise of populism in the West coupled with the ongoing terrorist threat has once again highlighted the uneasy tension that exists between individual privacy and national security. This has led to continued discussion of encryption and its role in a free society.
Each area alone could make 2018 an interesting year from a privacy perspective, but together, the stars are aligning to make 2018 the kick-off to what we’re going to call “The Privacy Wars” – pitting technologists against the ordinary person on the street, and splitting opinion in government, at work, and at home.