In the ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like? Doros Hadjizenonos, country manager, Check Point SA offers his predictions.
“The more things change, the more they stay the same.” Jean-Baptiste Alphonse Karr’s famous line resonated back in the 19th century Parisian literary circles, and it resonates today in the 21st century cyber security industry. With every new tool and technology introduced into the business IT environment, new vulnerabilities follow — ripe for cybercriminals and hackers’ hopes of making either a dishonest dollar or cause disruption, fear, uncertainty and doubts in the minds of the general public.
In this ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like? Here are Check Point’s predictions for 2018.
Ransomware & Malware Multiply
Ransomware has been a cash cow for criminals, as well as a disguise for more destructive purposes; for example, Petya looked like ransomware but caused damage by locking up data. All types of users – from consumers to corporations – have fallen prey to ransomware, causing reasonable suspicion that it will continue to grow. We can expect to see large, orchestrated worldwide outbreaks along the lines of the early 2017 WannaCry attack. We can also expect to see criminals getting creative in their extortion tactics, tactics such as “if you infect two contacts, we’ll give you your data back at a lower cost.”
Overall, as operating systems beef up their security, we expect to see a decline in the use of exploits to target vulnerabilities, in favor of an increase in the use of human-error driven basic hacking techniques. However, targeted attacks using sophisticated, nation-state sponsored weaponized tools are emerging, and the rate of attack is likely continue to rise.
Utilization of server-less computing and data storage in the cloud is becoming more widely adopted in business. However, it’s worth remembering that cloud technology and the infrastructure that supports it is relatively new and evolving, and that there are still serious security concerns that provide a backdoor for hackers to access enterprise systems and spread rapidly across networks. Misconceptions about the responsibilities and level of security needed operate safely within a cloud environment are common – as are misconfigurations – which leave the door open to breaches.
During 2017, over 50% of security incidents handled by Check Point’s incident response team were cloud-related, and more than 50% of those were account takeovers of SaaS apps or hosted servers. With the increased use of cloud-based file sharing services, data leaks will continue to be a major concern for organizations moving to the cloud. This was seen most recently when a breach at consultancy firm, Deloitte enabled hackers to access confidential records of several clients.
The growing adoption of SaaS-based email such as Office 365 and Google’s G-Suite makes for attractive cybercrime targets, and we expect cybercriminals to ramp up their cloud attacks during 2018.
Mobile devices are part of the business IT fabric everywhere, yet they continue to be rarely, if ever, secured appropriately, in light of the vulnerability risk they present. We’ll continue to discover flaws in mobile operating systems that highlight the need for organizations to take a more serious approach to the protection of their mobile infrastructure and end-point devices against malware, spyware, and other cyber-attacks.
Mobile malware will continue to proliferate, especially mobile banking malware, as Malware as a Service (MaaS) keeps trending upward. MaaS allows threat actors of lower the technical barriers to launching attacks. Cryptominers also gained prominence in 2017, and we can expect to see more cryptomining malware being dropped onto mobile devices to harvest cryptocurrencies for criminals in the near future.
The majority of critical infrastructure networks were designed and built before the threat of cyberattacks. Whether the target involves telephone/mobile phone networks, electrical grids, power plants, or water treatment plants, it speaks to our good luck that there hasn’t been a large-scale, successful attack on critical infrastructure that impacts millions of people… yet. The DDoS attack against domain directory service DynDNS in 2016, which caused an internet outage affecting users of large web businesses such as Netflix and Amazon, provides a glimpse of what is possible in critical infrastructure cyberattack. An attack of this type and scale will happen, and it would not be surprising to see it happen in the next 12 months.
Internet of (Insecure) Things
As more smart devices are built into the fabric of enterprise networks, organizations will need to start using better security practices for their networks and the devices themselves.
The potential attack surface expands with the growth of IoT device usage, and attacks on compromised IoT devices will continue to grow. We will see more variations of the Mirai and BlueBorne attacks coming our way in 2018. Better security practices in IoT will be critical for preventing large-scale attacks – and may even need to be enforced by international regulation.
For every business opportunity that our hyper-connected world is creating, that same hyper-connectivity creates criminal opportunity for cyber attackers. Every environment is a potential target: enterprise networks, cloud, mobile, and IoT connected devices. Defending these networks require proactivity: pre-emptively blocking threats before they can infect and damage. By using threat intelligence to power consolidated, unified security measures, businesses can automatically protect against new and emerging types of attack, across all environments. Proactivity coupled with innovation marks the path to winning the cybersecurity arms race.
Bring your network with you
At last week’s Critical Communications World, Motorola unveiled the LXN 500 LTE Ultra Portable Network Infrastructure. It allows rescue personal to set up dedicated LTE networks for communication in an emergency, writes SEAN BACHER.
In the event of an emergency, communications are absolutely critical, but the availability of public phone networks are limited due to weather conditions or congestion.
Motorola realised that this caused a problem when trying to get rescue personnel to those in need and so developed its LXN 500 LTE Ultra Portable Network Infrastructure. The product is the smallest and lightest full powered broadband network to date and allows the first person on the scene to set up an LTE network in a matter of minutes, allowing other rescue team members to communicate with each other.
“The LXN 500 weighs six kilograms and comes in a backpack with two batteries. It offers a range of 1km and allows up to 100 connections at the same time. However, in many situations the disaster area may span more than 1km which is why they can be connected to each other in a mesh formation,” says Tunde Williams, Head of Field and Solutions Marketing EMEA, Motorola Solutions.
The LXN 500 solution offers communication through two-way radios, and includes mapping, messaging, push-to-talk, video and imaging features onboard, thus eliminating the need for any additional hardware.
Data collected on the device can then be sent through to a central control room where an operator can deploy additional rescue personnel where needed. Once video is streamed into the control room, realtime analytics and augmented reality can be applied to it to help predict where future problem points may arise. Video images and other multimedia can also be made available for rescuers on the ground.
“Although the LXN 500 was designed for the seamless communications between on ground rescue teams and their respective control rooms, it has made its way into the police force and in places where there is little or no cellular signal such as oil rigs,” says Williams.
He gave a hostage scenario: “In the event of a hostage situation, it is important for the police to relay information in realtime to ensure no one is hurt. However the perpetrators often use their mobile phones to try and foil any rescue attempts. Should the police have the correct partnerships in place they are able to disable cellular towers in the vicinity, preventing any in or outgoing calls on a public network and allowing the police get their job done quickly and more effectively.”
By disabling any public networks in the area, police are also able to eliminate any cellular detonated bombs from going off but still stay in touch with each other he says.
The LXN 500 offers a wide range of mission critical cases and is sure to transform communications and improve safety for first responders and the people they are trying to protect.
Kaspersky moves to Switzerland
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.
This includes customer data storage and processing for most regions, as well as software assembly, including threat detection updates. To ensure full transparency and integrity, Kaspersky Lab is arranging for this activity to be supervised by an independent third party, also based in Switzerland.
Global transparency and collaboration for an ultra-connected world
The Global Transparency Initiative, announced in October 2017, reflects Kaspersky Lab’s ongoing commitment to assuring the integrity and trustworthiness of its products. The new measures are the next steps in the development of the initiative, but they also reflect the company’s commitment to working with others to address the growing challenges of industry fragmentation and a breakdown of trust. Trust is essential in cybersecurity, and Kaspersky Lab understands that trust is not a given; it must be repeatedly earned through transparency and accountability.
The new measures comprise the move of data storage and processing for a number of regions, the relocation of software assembly and the opening of the first Transparency Center.
Relocation of customer data storage and processing
By the end of 2019, Kaspersky Lab will have established a data center in Zurich and in this facility, will store and process all information for users in Europe, North America, Singapore, Australia, Japan and South Korea, with more countries to follow. This information is shared voluntarily by users with the Kaspersky Security Network (KSN) an advanced, cloud-based system that automatically processes cyberthreat-related data.
Relocation of software assembly
Kaspersky Lab will relocate to Zurich its ‘software build conveyer’ — a set of programming tools used to assemble ready to use software out of source code. Before the end of 2018, Kaspersky Lab products and threat detection rule databases (AV databases) will start to be assembled and signed with a digital signature in Switzerland, before being distributed to the endpoints of customers worldwide. The relocation will ensure that all newly assembled software can be verified by an independent organisation and show that software builds and updates received by customers match the source code provided for audit.
Establishment of the first Transparency Center
The source code of Kaspersky Lab products and software updates will be available for review by responsible stakeholders in a dedicated Transparency Center that will also be hosted in Switzerland and is expected to open this year. This approach will further show that generation after generation of Kaspersky Lab products were built and used for one purpose only: protecting the company’s customers from cyberthreats.
Independent supervision and review
Kaspersky Lab is arranging for the data storage and processing, software assembly, and source code to be independently supervised by a third party qualified to conduct technical software reviews. Since transparency and trust are becoming universal requirements across the cybersecurity industry, Kaspersky Lab supports the creation of a new, non-profit organisation to take on this responsibility, not just for the company, but for other partners and members who wish to join.