The FortiGuard researchers also shared that there are already advanced services that leverage machine learning available on dark web marketplaces. "For example, a service known as FUD (for 'fully undetectable') is already part of several offerings. This service allows criminal developers to upload attack code and malware to an analysis service for a fee. Afterwards, they receive a report as to whether security tools from different vendors are able to detect it," they said.
Derek Manky, Global Security Strategist, Fortinet explained that emerging technologies can be deployed for both good or evil. “Our digital economy is powered by technology innovation that creates opportunity for good and bad in cybersecurity. The proliferation of online devices and the hyperconnectivity of today has created a criminal playground that is increasingly difficult to secure. At the same time, adversaries are leveraging automation and artificial intelligence at an unfathomable pace and scale across the ever-expanding attack surface," he said.
It could happen to me
 |
| Source: Check Point. Jarvis. |
Vulnerabilities everywhere
Jarvis also said that companies are still coming to terms with the dangers they face. "While network security is usually front of mind, not enough is being done to protect endpoints against advanced threats. Employees connecting to the corporate Wi-fi run the risk of infecting the network through unprotected mobile devices. And increasingly, as businesses of all shapes and sizes rush to the cloud, the misconception that the cloud is inherently safe is leaving them exposed as attackers increasingly target these platforms," he said.
"For a number of years, there has been a heavy focus within industry on incident response and remediation. This certainly has its place, and is necessary in responding to breaches that have slipped past the defences put in place. It’s now time to build out the preventative capabilities in an effort to dramatically decrease how many threats are able to make it past the front lines. Prevention means instant and zero cost remediation, and is an area that needs more attention. Organisations also need to consider their attack surface, and secure all possible avenues a hacker has of compromising the enterprise. This includes endpoints, mobile devices and cloud platforms."
Ransomware epidemic
Fortinet says that although the threat magnitude of ransomware has already grown 35X over the last year with ransomworms and other types of attacks, there is more to come. "Attacks like WannaCry and NotPetya foreshadow the massive disruptions and economic impacts possible in our near future, resulting from the ransom and disruption of commercial services or intellectual property," Manky agreed.
Nick FitzGerald, Senior Research Fellow, ESET, said cryptocurrency has become increasingly popular in ransomware. He added that payments have become increasingly easy for victims, while cryptocurrency is the ransom currency of choice because there is less chance of getting caught.
CryptoLocker, which surfaced in September 2013, gave four options for payment, with Bitcoin presented as the cheapest option, he said, with four of the associated Bitcoin wallets reportedly containing US$27 million in Bitcoin at the time. "This has led to many copycats and the situation today," he said. "It works, and is relatively anonymous."
“It’s ironic that the cybercriminals who perpetrated the recent WannaCry ransomware attack could hold a federal government to ransom and demand to be paid in Bitcoin. Bitcoin might be a crypto-currency, but it’s based on Blockchain, and if cybercriminals are confident that Bitcoin provides a safe mechanism for the payment of ransoms, it indicates just how secure the distributed ledger approach is. I believe that Blockchain has the potential to totally re-engineer cybersecurity, but the industry has yet to come to terms with it,” says Ettienne Reinecke, Dimension Data’s Group CTO.
“It’s ironic that the cybercriminals who perpetrated the recent WannaCry ransomware attack could hold a federal government to ransom and demand to be paid in Bitcoin. Bitcoin might be a crypto-currency, but it’s based on Blockchain, and if cybercriminals are confident that Bitcoin provides a safe mechanism for the payment of ransoms, it indicates just how secure the distributed ledger approach is. I believe that Blockchain has the potential to totally re-engineer cybersecurity, but the industry has yet to come to terms with it,” says Ettienne Reinecke, Dimension Data’s Group CTO.
Fitzgerald also highlighted cryptocurrency miners, which ESET described in September 2017. According to the blog post, one such operation has been active since May 2017 and amassed US$63,000 worth of Monero (XMR), a cryptocurrency. "Coin mining is expensive unless someone else pays the bills," he pointed out.
 |
| Fitzgerald shows an ESET log listing malware captured before it can penetrate the network. |
One of the highlights for cybersecurity in 2017 has been around legislation. "Among the many milestones that have been witnessed in 2017 include various laws being discussed or adopted in an effort to improve security as a whole. Whether it be mandatory disclosure, General Data Protection Regulation (GDPR), or legislation focused on increasing collaboration between government and private enterprise, governments are doing their part," Jarvis said.
Evolving solutions
Check Point's Jarvis said the security ecosystem has to change in response to the damage incurred in 2017 through high profile attacks such as WannaCry and NotPetya. "The good news is that this has drawn significant interest in understanding how such attacks can be so successful. What needs to happen now is to take this one step further and improve security programs based on this understanding. As an industry, we need to learn from these incidents and translate those learnings into actions," he said.
"Boards are becoming increasingly involved in organisations’ cybersecurity journeys, and this is a trend set to continue. While government involvement is sure to continue, it is hoped that governments make the process of understanding and complying with the various measures imposed as straightforward as possible, without being too onerous on organisations with fewer resources."
"Security solutions need to be built around integrated security technologies, actionable threat intelligence, and dynamically configurable security fabrics. Security should operate at digital speeds by automating responses as well as applying intelligence and self-learning so that networks can make effective and autonomous decisions. This will not only expand visibility and centralise control, but also enable strategic segmentation in order to drive security deep into the network infrastructure to quickly identify, isolate, and remediate compromised devices and thwart attacks, even across different network ecosystems, from endpoint devices and local network resources to the cloud. In addition, basic security hygiene needs to become part of fundamental security protocols. It is something often overlooked, but crucial to limit the bad consequences we want to avoid," Fortinet advises.
"Fabric-based security approaches that leverage the power of automation, integration, and strategic segmentation are critical to combat the highly intelligent attacks of tomorrow,” Manky advised.
No comments:
Post a Comment