Ensuring cybersecurity of your business becomes a bigger challenge every year. Cybercriminals perform new attacks, exploit new vulnerabilities, and perform new attacks on a constant basis while regulatory institutions change and improve standards. Your task is to be fully prepared to face these challenges. So today, we gathered the top 10 cybersecurity hot topics you’d better keep an eye on throughout 2018.
1. GDPR compliance deadline is here
General Data Protection Regulation (GDPR) took effect on May 25, 2018. And while this document covers the protection of personal data of EU citizens, its implementation affects every company that processes data of EU customers or businesses or has an office in one of the EU countries.
The good news is that regulators will not audit international companies for GDPR compliance. However, if there is a complaint from an EU citizen or a breach, the company will have to pay a heavy fine: up to €20 million (around $24.5 million) or 4 percent of the company’s global annual turnover ― whichever is greater.
Another problem is that hackers may use non-compliance with GDPR to their advantage, blackmailing companies that don’t meet all the requirements of the regulation.
Gilad Peleg, CEO of SecBI, predicts that ill-prepared companies will have to find a way to “become at least partially compliant” with the new regulation. However, many experts agree that the majority of companies will fail to comply with GDPR by the deadline. Furthermore, according to a recent Forrester report, nearly a half of these businesses won’t even try to comply because the cost of compliance outweighs possible risks.
2. Attacks via compromised IoT devices
In 2018, the number of attacks via compromised IoT devices will only increase. There are three most common types of security problems the IoT world is going to face in 2018:
- Botnets ― cybercriminals no longer need to develop difficult malware solutions since they can easily purchase a ready-to-use botnet kit from the dark web instead.
- DDoS attacks ― compromised IoT devices may be used for performing massive DDoS attacks. Cybercriminals try to exploit poor security setting in both home and workplace IoT devices, making these devices generate huge amounts of traffic.
- Ransomware attacks ― even though most IoT devices don’t store valuable data, cybercriminals may choose some critical systems, such as power grids, factory lines, or smart cars as their target to make the victim pay.
Of course, there are many IoT manufacturers who work hard in order to improve the security of their devices. However, a large number of already deployed devices are either difficult or completely impossible to patch. As a result, we have millions of connected devices that have little to no defense against hackers. Thus, ensuring a higher level of protection for both IoT devices and IoT systems is a necessity.
3. Cloud security issues
In contrast to IoT devices, cloud platforms store huge amounts of sensitive and valuable data. And while cloud providers put a lot of efforts into ensuring the security of their services, there are still too many security issues you can’t ignore.
The main problems you need to pay special attention to are the following:
- Cloud misconfigurations
- Spectre and Meltdown vulnerabilities
- Insecure APIs
- Data loss
Cloud misconfigurations appear to be one of the most important issues. According to Symantec, implementing both SaaS and IaaS security will remain a struggle for many organizations. Companies are not yet fully aware of the complexities involved in securing cloud data, so even more breaches caused by error, compromise, and design wait for us in the near future.
Some attackers try to exploit Spectre and Meltdown vulnerabilities and focus their attacks on the CPUs used by cloud providers. The best way you can handle this situation is by keeping your hardware updated ― new patches fixing different Spectre and Meltdown vulnerabilities are released constantly. However, since Spectre issues are very difficult to patch, some experts suggest replacing all affected processors.
In many cloud systems, APIs (Application Programming Interfaces) are the only facets outside of the trusted organizational boundary with a public IP address. Thus, insecure APIs may give an attacker considerable access to cloud applications and put the entire system at risk.
And finally, you should always remember about the risk of losing your company’s data due to some non-malicious causes such as a natural disaster or a human error. The only way to mitigate such kind of risk is by creating lots of backups of valuable information and storing them at physical sites located in different parts of the globe.
4. Attacks based on machine learning and AI
Artificial Intelligence (AI) and Machine Learning (ML) software are able to “learn” from the consequences of past events in order to reach the set goal. And while many cybersecurity professionals use AI/ML tools for preventing cyberattacks, there is a chance that hackers will also use these innovative solutions for performing even more sophisticated attacks.
AI and ML may be used for performing different types of attacks: from sending huge amounts of spam/fraud/phishing messages via chatbots to AI-powered password guessing to performing cryptographic attacks.
5. Attacks against cryptocurrencies and blockchain systems
Many companies adopting cryptocurrency technology don’t implement appropriate security controls. As a result, they will only continue to experience financial losses, predicts Bill Weber, principal security strategist at eSentire.
There are three main types of attacks you need to be prepared to deal with when working with cryptocurrencies and blockchain systems:
- Eclipse attack ― a network-level attack on a blockchain system, where an attacker gains full control over all the connections going to and from the victim’s node. This type of attack may be used for hiding information about the usage of cryptocurrencies within the network and performing double-spend attacks.
- Sybil attack ― an attack that implies a situation where one node in the network acquires several identities
- DDoS attacks ― while many popular cryptocurrencies, such as Bitcoin, have a built-in protection against DDoS attacks, the risk is still very high for all the unprotected cryptocurrencies.
6. Sandbox-evading malware
Even though sandboxing becomes more and more popular as a malware detection and prevention method, cybercriminals come up with new ways to evade this technology. For instance, there are new strains of malware that are able to recognize if they are inside a sandbox. These malware infections do not execute their malicious code up until they are outside of the sandbox.
There are two main techniques the attackers use for evading sandbox solutions:
- Core count ― malware tries to spot sandboxes using discrepancies in hardware, such as the number of CPU cores. This is why many sandbox vendors hide their true configuration, trying to make such discoveries more difficult for the attackers.
- Lack of user input ― malware can analyze the level of user input for detecting a sandbox. In contrast to a sandbox, different types of user activity such as mouse or keyboard activity occur frequently in a real machine.
7. Fileless malware
Another significant problem is the increasing popularity of non-malware attacks. Many organizations still lack in preparation against this type of cyberthreats, which only encourages the attackers to use fileless malware even more.
More common memory-only non-malware attacks exploit Windows vulnerabilities and execute their payload in the memory. Such infection can be deleted by simply rebooting the system.
However, there are more complex types of non-malware attacks. Some attacks are able to use the existing Windows tools for malicious purposes, while the others can continue to run their malicious code even after the system reboot.
The main problem is that fileless malware is harder to detect for two major reasons:
- They have fewer Indicators of Compromise (IoC) than the traditional malware
- They can use their victim’s own tools, pretending to be a legitimate process within the system
As a result, traditional anti-malware software can’t effectively detect non-malware threats, and new solutions are called up.
8. Moving To DevOps
While moving to DevOps leads to a better efficiency, higher speed, and more responsive delivery of IT services, this movement may also pose serious cybersecurity threats.
Many organizations are still struggling to apply adequate security controls in the DevOps practice. As a result, when moving to DevOps, you need to be ready to deal with a lot of possible security problems, including the following:
- Security group misconfiguration ― as environments become larger, they interconnect dozens, hundreds, or even thousands of different security groups. Managing these groups properly is a challenge, as even the slightest misconfiguration can lead to a significant security problem.
- Accidental exposure of public data stored in a publicly accessible Simple Storage Service (S3) bucket. If the data bucket isn’t configured properly, it may lead to enabling public access to sensitive and valuable information.
- Too many false positives ― anomaly detection becomes a serious challenge because environments change constantly, creating more false positives than the system can deal with. Attackers may use this issue to their advantage, hiding their activities behind legitimate processes inside the victim’s environment.
9. Biometric authentication
Biometric authentication gains more and more popularity as an innovative cybersecurity solution. But while some people see biometrics as a new and efficient way of improving the security for enterprises, the others see this improvement as a possible issue.
There are many types of authentication based on biometrics: from a now common fingertip scanning to a more innovative voice, iris, or face recognition. Many people believe that biometric systems are nearly impossible to compromise: biometric data can’t be guessed and is unique for every user. Thus, it seems to be a better solution for a single-factor authentication and a great addition to a multi-factor authentication system. However, biometric systems have their drawbacks.
The main issue is that biometric information can still be stolen or duplicated, just like a user’s login and password. But in contrast to a password, the user can’t change the scans of their iris or get a new face. This creates new challenges for cybersecurity professionals to solve in the future.
Just like in the previous years, ransomware remains one of the main cybersecurity problems you need to remember about. According to many experts, ransomware will become even worse in 2018. For instance, FireEye predicts there will be more ransomware used in 2018, mostly because “administrators are slow to patch and update their systems.”
The main targets for that hackers will be companies that store valuable information such as users’ personal data or web browsing habits, and cloud services, especially those that perform computing in the cloud and, therefore, store huge amounts of data. The only way to lessen the possible harm caused by these attacks is to have back-ups for all the significant data.
Another worrying fact is the high possibility of cybercriminals using AI methods for improving their attacks. Machine learning and neural networks may be used for gathering specific data or spreading carefully targeted phishing messages. As Steve Grobman, chief technology officer at McAfee explained to MIT Technology Review, AI “gives attackers the tools to get a much greater return on their investment”
Of course, the problems we listed above are not the only cybersecurity problems that businesses may face in the near future. However, these types of threats will be on the rise and have the most significant effect on both enterprises and end users.
|Marcell Gogan is a specialist within digital security solution business design and development, virtualization and cloud computing R&D projects, establishment and management of software research direction. He also loves writing about data management and cybersecurity.|