Beneath everyday web traffic, there’s a fierce battle raging for the security of the Internet. On one side are the villains; cyber criminals ranging from thrill-seeking amateurs to nation states. On the other side are the cybersecurity professionals, including researchers and analysts, all of whom seek to protect data.
The odds of either side scoring a decisive blow and ending the long-running battle for security is quite low. As with all battles, both sides are racing to develop new technologies that will give them the upper hand. While much of the conflict takes place in unseen digital arenas, organizations and individuals are realizing that their data sits in the line of fire. Recent years have seen the threat become all the more potent in the aftermath of successful attacks on businesses that were previously seen as unassailable.
One thing that is clear is that the battle lines will continue to shift. New tactics will arise and shape the future of the conflict. Here is a preview of what to expect on the frontlines in 2018 and beyond.
Advance: Phishing Targets Cloud
While phishing is a somewhat dated security concern, it’s still highly effective if delivered via the right vector. Over the years, internet users have become much wiser to traditional phishing (typos, unknown senders, mysterious attachments, etc.), so cybercriminals have looked for new avenues. The rise of cloud apps has opened up attack vectors that didn’t previously exist. The 2017 Google Docs attack is a prime example, with legitimate Google sign-in screens used to trick users into granting permissions to a malicious third-party application. The app then harvested information from victims’ contacts and emails. Criminals are increasingly spoofing trusted applications in order to deceive unsuspecting victims into granting permissions or handing over credentials.
Countermove: MFA And Behaviors
There are various ways to protect against phishing techniques. Switching from username and passwords to Multi-Factor Authentication (MFA) is one of the swiftest and most effective methods. MFA’s layered security prevents criminals from accessing user accounts even if they manage to acquire the login. MFA is already in use on many websites, with companies such as Facebook, Apple and Dropbox introducing or enhancing MFA in the last year.
Another way to counter advanced phishing attacks is through smart detection technology, which my company leverages, that can monitor user behavior across multiple cloud apps and detect strange activity, signaling a person is not who they claim to be. If a hacker programmatically accesses or downloads large volumes of data from a cloud app, a smart detection system could automatically flag this as suspicious, or block the transaction outright. Making detection “smart” is a step up from simply looking for a phishing email to understanding and detecting attacks as they unfold. For example, using machine learning to gain a deeper understanding of typical user behavior, and then looking for deviations from that norm can help to detect even the most subtle usage of stolen credentials. Companies have started to apply smart detection for internal threats in quite a few areas. In the User Behavior Analytics space, Exabeam, Securonix and Splunk have all begun using smart detection. In the Data Loss Prevention space, Amazon Web Services is employing smart detection, and companies like Cylance, Carbon Black and CrowdStrike all use it for external threat detection.
Advance: Attacks On SaaS
Many of the biggest players in the Software as a Service (SaaS) market are now taking cybersecurity very seriously. For example, Forbes reported in 2015 that Microsoft’s annual cybersecurity spend is now in excess of $1 billion. The vast majority of cybercriminals out there look for the path of least resistance, meaning they will increasingly turn their attention away from security-conscious organizations like Microsoft and target smaller, fast-growing SaaS app vendors and startups. With smaller budgets and fewer resources, these companies are less able to make the massive investments in security that larger cloud apps can make. As a result, it’s only a matter of time before we see one or more of these companies suffering a significant breach.
Countermove: Security Parity
One of the biggest issues is the fact that SaaS apps don’t all offer the same security controls for corporate data. While some offer security capabilities natively (such as access controls, malware/threat detection and identity management), the capabilities are not consistent, even across popular apps. As a result, security personnel have a very difficult time ensuring data moving between various cloud apps remains secure and compliant. In addition, many newer/smaller cloud apps have no security capabilities at all. The most efficient counter-move is to shift from attempting to secure each and every cloud application to securing all cloud data, because applications are largely out of a user’s control. Giving security parity to data means a more consistent level of protection.
Advance: Intelligent Malware
The Necurs botnet is one example of a sophisticated weapon in the cyber arsenal. What marks Necurs out from other tools is its ability to constantly change to stay one step ahead of experts. In 2017, Necurs was linked to spam distribution, spreading Trojans, DDoS attacks and even pump-and-dump stock scams. Perhaps most disturbingly, Necurs-controlled malware has started to gather victim’s data, which is then transmitted back to adversaries. By gathering intelligence, the botnet has “learned” and there will be new, more sophisticated attacks in the future. In 2018, we’ll see a big increase in machine learning-driven “smart” malware.
Countermove: Machine Learning
In order to counter smart malware, protection must also learn and adapt. Creating solutions capable of this has been a big challenge for the industry. Fortunately, advances in the field of machine learning are providing answers by giving computers the ability to learn without being specifically programmed. This means they are able to adapt in response to a situation. This means new smart detection solutions can actively learn and understand the behaviors of malware, not simply identify a malware signature or file type that has been associated with malware in the past.
The cybersecurity battle will inevitably continue to rage long into the future. For security professionals, the key lies in the ability to quickly identify and adapt to new threats, nullifying their potency as fast as possible. The three offensive moves above are just the tip of the iceberg, but countermoves can be put in place to mitigate the threat posed, both now and in the future.