Book Proposal Form Archives Catalog Auerbach Publications Book Proposal Form Catalog

Information Security Today Home

New Books

<font size=-2></font>
Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Technology Product by Ken Sigler, Dan Shoemaker, and Anne Kohnke; ISBN 978-1-138-19733-6
SMACing the Bank: How to Use Social Media, Mobility, Analytics and Cloud Technologies to Transform the Business Processes of Banks and the Banking Experience by Balaji Raghunathan and Rajashekara Maiya; ISBN 978-1-4987-1193-7
Security Opportunities in Nano Devices and Emerging Technologies by Mark Tehranipoor, Domenic Forte, Garrett S. Rose, and Swarup Bhunia; ISBN 978-1-138-03577-5
Empirical Research for Software Security: Foundations and Experience by Lotfi ben Othmane, Martin Gilje Jaatun, and Edgar Weippl; ISBN 978-1-4987-7641-7
Big Data Analytics with Applications in Insider Threat Detection by Bhavani Thuraisingham, Pallabi Parveen, Mohammad Mehedy Masud, and Latifur Khan; ISBN 978-1-4987-0547-9

2018 Security Predictions: It's Still the Wild, Wild West

Richard O'Hanley

The last US presidential election revealed the dangers and the difficulties of prognostication. But that doesn't deter those determined to look ahead at what we may face in 2018. We reached out to several security mavens to learn what worries them about the coming year. It's interesting how broad their concerns are, and how little they overlap. The following table summarizes the observations.

Tom Skeen, VP of Client Relations at Safe-T Mark Gazit, CEO of ThetaRay Nir Gaist, Founder and CTO of Nyotron Gilad Peleg, CEO of SecBI Alon Arvatz, CPO and co-founder of IntSights
Perimeter security will gain significant traction Financial crime AI fatigue Malware variants Automated security testing
Security for IIoT (Industrial Internet of Things) Growing connection between physical and virtual assets Extensive use of security orchestration platforms Bitcoin Identity management and authentication
Crime blasts that are followed by second waves MongoDB servers compromised for ransomware purposes Ransomware and other cyber attack insurance
Use of AI and machine learning to conduct their crimes Security analyst manpower shortage Security orchestration and automated incident response
Use of AI and machine learning to detect and protect against new sophisticated threats Convergence of targeted and opportunistic attacks Data analytics technologies
Camouflage and PSYOPs will reach new levels HUMINT automation

Tom Skeen, VP of Client Relations at Safe-T, predicts that perimeter security will confront more attacks. It's been an inviting target for hackers, and this will prompt an increased scrutiny of its ability to protect critical data. More organizations have been moving to Software Defined Perimeter (SDP) solutions, which hide services from the world until trust is established. However, SDP alone is not a silver bullet. Access solutions that go beyond SDP will be needed to protect critical data.

He also thinks that 2018 will be a challenging year for the Industrial IoT (IIoT) industry. Now that these companies are largely online, hackers are itching to get their hands on the critical data that has so far stayed behind closed doors. Their security is crucial because a hack could have significant consequences for consumers. For example, if an airline's system was hacked, it could cause major flight delays or reroutes, putting passengers at risk and causing serious reputational harm to the airline. In the coming year, we will see the overall industry dedicating more budget and investing in sophisticated cyber security solutions to help prevent attacks from taking place.

Mark Gazit, CEO of ThetaRay, has a different set of concerns. He notes that 2017 saw the world of crime, especially financial crime, becoming transformed by technology. In 2018, we will see a continuation of this trend, with crime being conducted via online channels using data and data manipulation. Instead of taking guns into banks, criminals are stealing money using cyber means. Instead of stealing physical credit cards, they're hacking into ATM software and programming modules to spit out money on command. Instead of laundering money through suitcases full of cash, they are manipulating electronic transactions to disguise their illegal activity.

He also sees a growing connection between physical and virtual assets. The increasing use of virtual currency creates an excellent opportunity for criminals, so we will likely see the world of fraud and money laundering combining with that of blockchain and cryptocurrency.

Gazit expects we'll experience a growth in crime "blasts" that are followed by second waves. For example, if the initial blast was the theft of Equifax customer data, the second wave will be when that data is used by criminals to create synthetic identities and steal money from real people.

Across the board, more criminals will use AI and machine learning to conduct their crimes. Ransomware will be automatic. Bank theft will be conducted by organized gangs using machine learning to conduct their attacks in more intelligent ways. Smaller groups of criminals will be able to cause greater damage by using these new technologies to breach companies and steal data.

To combat this, large organizations and enterprises will turn to AI to detect and protect against new sophisticated threats. AI and machine learning will enable them to increase their detection rates and dramatically decrease the false alarms that can so easily lead to alert fatigue and failure to spot real threats.

According to Nir Gaist, Founder and CTO of Nyotron, 2018 will be the year of AI fatigue. Many security vendors have promised a "silver-bullet" against malware in the form of AI and machine learning. After two to three years of these products being in the market, it is clear that effectiveness has increased only marginally. The sheer number of attack vectors and malware variants means that even with a promised catch rate of up to 99.9%, infection is practically guaranteed. Moreover, machine learning models are being trained on known malware samples by definition. That means any claims of effectiveness to the product’s ability to catch completely new, unknown threats are likely to be void.

He also expects to see more extensive use of security orchestration platforms that will bring together and automate actions of multiple security products. Not only is this because of the number of security products already deployed in customer environments, but more importantly due to the cybersecurity workforce gap that is predicted to hit 1.8 million by 2022.

2017 was one of the worst years on record for widespread malware, mostly due to Petya and WannaCry exploiting vulnerabilities in services enabled by default on most of the world’s computers, observes Gilad Peleg, CEO of SecBI. In 2018, he expects to see many more malware variants using similar vulnerabilities to spread and persist, but doing so with much greater stealth. They will easily bypass legacy detection systems, and be identifiable as malware only due to their network behavior.

The Chicago Tribune recently reported that Bitcoin surpassed a record $10,000 and approached $11,000 in the same day, taking this year's price surge to 11-fold as buyers shrugged off increased warnings about the latest digital bubble. Peleg sees Bitcoin becoming so profitable in 2018 that it will have devastating impacts for years to come, including corporate machines exploited to mine bitcoin, costing enterprises money in employee productivity, hardware half-life, and electricity bills. Not only are employees' laptops and PCs at risk, but mobile devices and even entire server farms will be targets for remote factors. The main ways enterprises will defend against these attacks is by expanding their network monitoring of mobile devices and servers.

In the first half of 2017 more than 45,000 MongoDB servers were compromised for ransomware purposes. In 2018, Peleg expects many additional services to be victims of systematic attacks of this type.

The security analyst manpower shortage will reach acute levels. We will see more breaches due to insufficient staffing, which will push organizations towards automation and AI.

Peleg sees a convergence of targeted and opportunistic attacks. Most attacks will continue to be of the opportunistic "spray and pray" variety, but instead of ransom, data will be exfiltrated and sold to the highest bidder or infected networks will be sold "as a service" to nation-states and sophisticated cybercrime groups. Organizations will only learn about infection months after the initial breach, by which time the attackers will have achieved their goals.

Camouflage and PSYOPs will reach new levels. Organizations will be attacked, compromised, and used to launch attacks against other, more lucrative organizations in a series of combined attacks. DDoS attacks will lead to malware insertions, and then to ransomware, while data is exfiltrated in the background.

Alon Arvatz, CPO and co-founder of IntSights, sees an increase in the need for automated security testing. With the need to create cost effective solutions to ongoing attacks, some of them advanced and persistent, the development of automatic attack simulations is on the rise. These systems simulate ongoing external cyber attacks (such as firewall bypass or port scam) on the organization, in order to constantly test its immunity. This solution is both cheaper and more flexible than human teams in terms of limits and capacity. Due to these characteristics, this solution might be especially useful in the efforts of preventing state advanced persistent threats.

The financial industries, and banks in particular, are not satisfied with the existing authentications that include credentials and even two-factor authentication because all of these details can be retrieved with leaks and malware. Hence, future advanced authentication will include the monitoring of behavioral characteristics that will be analyzed and gathered to an identification profile. Thus, in cases of fraud, the system will detect a behavioral anomaly, and will be able to alert or block the malicious or fraudulent activity.

It's hard not to notice that breaches are getting more often and harmful, and that growing ransomware attacks shut down organizations for critical periods of time. In this reality, corporations and vulnerable industries will want to insure themselves in advance. More and more frameworks will offer cyber attack insurance programs. These programs will be especially salient in the underwriting stages of risk assessment, and eventually lead to a financial justification to put more efforts in cyber security, and create certain standards - such as mandatory staff, periodical training, basic rules and norms. Organizations will also invest in more advanced equipment (such as password vaults) as the new standard.

Arvatz, like Nir Gaist, observes that while traditional threat detecting systems specialize in recognizing familiar and known threats based on IOCs, the more advanced systems can do a reverse engineering process, where a threat will be monitored and characterized based on gathered knowledge and behavioral analysis, rather than monitoring rules. This will allow the systems to spot a threat on an early stage and even deal with zero-days, malicious activity prior the attack, etc. Such technology will be able to monitor and analyze all activities and processes that occur in "soft places" and vulnerabilities. In addition, these systems will have an improved ability to perform automatic response, prevention, or remediation in order to minimize the risk and overcome the incident. With the rise in attacks, the damage they cause, and the improvement in context based automatic systems, these platforms will overcome and replace traditional antiviruses more and more.

Organizations will need "master" systems that will integrate their security and storage solutions. This integration will allow a configuration of rules according to the company's policy and priorities. For example, the systems will be able to analyze and classify content to different levels of sensitivity, thus adjusting the possibilities of their storage and placement on the network and the web. Obviously, this will also include alert and delay in cases of a detected anomaly.

Finally, cyber threat detection will become more automated and advanced in threat classification and analysis. The next stage in the utilization of dark web monitoring will be the automation of HUMINT (human intelligence) and the interactions with threat actors necessary for deeper investigations. Security companies will develop chatbots supported by deep learning algorithms that are able to approach hacking forum members, analyze their responses and skip several manual stages.

So, there you have it. Five security mavens seeing entirely different threats for 2018. Of course, the predictions are somewhat informed by the market segments they serve. Still, all see increases in malware and ransomware, AI and ML used for good and evil, and theft and resale of PII. And things like the shortage of security analysts and AI not yet living up to its defensive potential increasing the asymmetric advantage held by hackers. Yes, 2018 will be an interesting year.

Subscribe to
Information Security Today

Bookmark and Share

© Copyright 2017 CRC Press