In the ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like? Doros Hadjizenonos, country manager, Check Point SA offers his predictions.
“The more things change, the more they stay the same.” Jean-Baptiste Alphonse Karr’s famous line resonated back in the 19th century Parisian literary circles, and it resonates today in the 21st century cyber security industry. With every new tool and technology introduced into the business IT environment, new vulnerabilities follow — ripe for cybercriminals and hackers’ hopes of making either a dishonest dollar or cause disruption, fear, uncertainty and doubts in the minds of the general public.
In this ongoing, constantly-escalating security arms race, what do new vulnerabilities in our networks and data-centers look like? Here are Check Point’s predictions for 2018.
Ransomware & Malware Multiply
Ransomware has been a cash cow for criminals, as well as a disguise for more destructive purposes; for example, Petya looked like ransomware but caused damage by locking up data. All types of users – from consumers to corporations – have fallen prey to ransomware, causing reasonable suspicion that it will continue to grow. We can expect to see large, orchestrated worldwide outbreaks along the lines of the early 2017 WannaCry attack. We can also expect to see criminals getting creative in their extortion tactics, tactics such as “if you infect two contacts, we’ll give you your data back at a lower cost.”
Overall, as operating systems beef up their security, we expect to see a decline in the use of exploits to target vulnerabilities, in favor of an increase in the use of human-error driven basic hacking techniques. However, targeted attacks using sophisticated, nation-state sponsored weaponized tools are emerging, and the rate of attack is likely continue to rise.
Utilization of server-less computing and data storage in the cloud is becoming more widely adopted in business. However, it’s worth remembering that cloud technology and the infrastructure that supports it is relatively new and evolving, and that there are still serious security concerns that provide a backdoor for hackers to access enterprise systems and spread rapidly across networks. Misconceptions about the responsibilities and level of security needed operate safely within a cloud environment are common – as are misconfigurations – which leave the door open to breaches.
During 2017, over 50% of security incidents handled by Check Point’s incident response team were cloud-related, and more than 50% of those were account takeovers of SaaS apps or hosted servers. With the increased use of cloud-based file sharing services, data leaks will continue to be a major concern for organizations moving to the cloud. This was seen most recently when a breach at consultancy firm, Deloitte enabled hackers to access confidential records of several clients.
The growing adoption of SaaS-based email such as Office 365 and Google’s G-Suite makes for attractive cybercrime targets, and we expect cybercriminals to ramp up their cloud attacks during 2018.
Mobile devices are part of the business IT fabric everywhere, yet they continue to be rarely, if ever, secured appropriately, in light of the vulnerability risk they present. We’ll continue to discover flaws in mobile operating systems that highlight the need for organizations to take a more serious approach to the protection of their mobile infrastructure and end-point devices against malware, spyware, and other cyber-attacks.
Mobile malware will continue to proliferate, especially mobile banking malware, as Malware as a Service (MaaS) keeps trending upward. MaaS allows threat actors of lower the technical barriers to launching attacks. Cryptominers also gained prominence in 2017, and we can expect to see more cryptomining malware being dropped onto mobile devices to harvest cryptocurrencies for criminals in the near future.
The majority of critical infrastructure networks were designed and built before the threat of cyberattacks. Whether the target involves telephone/mobile phone networks, electrical grids, power plants, or water treatment plants, it speaks to our good luck that there hasn’t been a large-scale, successful attack on critical infrastructure that impacts millions of people… yet. The DDoS attack against domain directory service DynDNS in 2016, which caused an internet outage affecting users of large web businesses such as Netflix and Amazon, provides a glimpse of what is possible in critical infrastructure cyberattack. An attack of this type and scale will happen, and it would not be surprising to see it happen in the next 12 months.
Internet of (Insecure) Things
As more smart devices are built into the fabric of enterprise networks, organizations will need to start using better security practices for their networks and the devices themselves.
The potential attack surface expands with the growth of IoT device usage, and attacks on compromised IoT devices will continue to grow. We will see more variations of the Mirai and BlueBorne attacks coming our way in 2018. Better security practices in IoT will be critical for preventing large-scale attacks – and may even need to be enforced by international regulation.
For every business opportunity that our hyper-connected world is creating, that same hyper-connectivity creates criminal opportunity for cyber attackers. Every environment is a potential target: enterprise networks, cloud, mobile, and IoT connected devices. Defending these networks require proactivity: pre-emptively blocking threats before they can infect and damage. By using threat intelligence to power consolidated, unified security measures, businesses can automatically protect against new and emerging types of attack, across all environments. Proactivity coupled with innovation marks the path to winning the cybersecurity arms race.
Appdate: No wallet? No problem?
In his app roundup, SEAN BACHER highlights VodaPay Masterpass, Charge Running, South African App Integrator Directory, uKheshe Health and LocTransie.
Digital mobility is now a way of life and most are using smartphones to pay bills.
To meet this need Vodacom and Mastercard have launched VodaPay Masterpass, which enables Vodacom customers to load any bank card into a secure digital wallet, downloaded as an app on their smartphone. Once loaded, these cards and the secure credentials associated with them are safely stored, enabling customers to start transacting immediately without the hassle of entering card details each time they make a purchase.
Vodacom customers can buy prepaid data, airtime and SMS, or voice bundles, directly through the app. They can also select the Pay Bills menu option to settle their DStv accounts, pay a utility bill or take care of a traffic fine.
With the app’s Scan to Pay functionality, users can scan a QR code to pay for goods and services wherever Masterpass is accepted, including all SnapScan and Zapper merchants. Once a QR code is scanned, users select the card they wish to use, and enter their bank PIN number on their own device to complete the transaction.
Platform: Android and iOS
Expect to pay: A free download and users will not be charged for any transaction fees.
Most running apps track data like pace and distance and, in some cases play audio designed to motivate you, but don’t give you the push you get when you run with a friend. Charge Running is an app that lets you run alongside other runners, virtually, as well as giving live coaching to help you go the distance.
The app includes features such as:
· Unlimited access to live running classes and virtual races
· The ability to compete with runners anywhere in the world in real-time
· A live leaderboard that shows where you are in the pack to keep you pushing
· Live, personalised feedback from professional trainers
· Group chats with coaches and fellow runners throughout the run
· On-demand runs for times when you can’t join the live groups
· A choice of difficulty levels and race types
Platform: Android and iOS
Expect to pay: A free seven-day trial; thereafter R150 per month
Stockists: Visit the Charge Running site here for downloading instructions.
South African App Integrator Directory
The South African App Integrator Directory from Xero is designed to solve the complexity of choosing apps for small business owners.
The directory is now available in South Africa with six partners, including Realm Digital, Radical Cloud Solutions, Nimacc, Insights, Iridium Business Solutions and Creative CFO. According to Xero, these are all organisations with a proven track record of successfully integrating marketplace apps into Xero businesses. There are also currently over 700 apps in Xero’s App Marketplace worldwide, 21 of which are South African born.
As small businesses become more tech-savvy, they need to know exactly which apps to install on their devices and how the apps will help them. They also need to be able to install these apps from a trusted integrator so they know for what they are paying.
Platform: Any device with an up-to-date Internet browser.
Expect to pay: A one month trial version is offered, after which the App Integrator ranges from R125 to R245 per month, depending on the company’s needs.
Stockists: Visit Xero here for downloading instructions.
Click here to read about uKheshe Health and LocTransie.
Prize offered for drone films
DJI and SkyPixel, the world’s most popular aerial photography community, have announced the first short film contest inviting users to submit cinematic stories shot with camera and gimbal products. The 2019 SkyPixel Short Film Contest will accept entries until 14 October 2019. It welcomes submissions from all creators, ranging from hobbyists to social media users and professional videographers. around the globe.
The 2019 SkyPixel Short Film Contest consists of three storytelling categories—‘Big Moments Start Small,’ ‘Make Your Move’ and ‘Adventure Starts With You.’ There is no restriction on the type or brand of equipment participants use, and they can submit as many videos as they wish.
A total of 100 winners can win a range of prizes totaling $48,600 USD in categories including Recommended Films, Best Editing, Best Story, Nominated Entries, People’s Choice Prize as well as This Week’s Most Popular, sponsored by the partner SanDisk and WD brand from Western Digital Corp. This year’s Best Short Video winners will each receive the new Ronin-SC Pro Combo, Osmo Action as well as WD 2TB My Passport Wireless SSD.
Winning entries will also be showcased on the SkyPixel website as well as to DJI’s millions of fans and followers across its social media platforms.
“DJI has redefined how people capture stable video for all of life’s moments. The compact size, portability and powerful imaging system of our Osmo and Ronin series have also made it possible for anyone to take their creativity and inspirations to the next level,” said Basile David, Director of Brand and Content Partnerships at DJI. “With this contest, we hope to encourage more people to embrace and share their own creative way of storytelling.”
Since 2014, the SkyPixel online community has attracted 16 million professional aerial photographers and content creators from more than 140 countries, growing into the largest aerial photography community today. Over the past five years, SkyPixel has received over 150,000 submissions, becoming a go-to platform for original aerial masterpieces and extraordinary footage powered by other gimbal products focusing on various themes.
Details of the 2019 SkyPixel Short Film Contest
The short film contest consists of three categories:
Big Moments Start Small: Create a video showcasing the small, lightweight design of your camera device and your best cinematic scenes. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Osmo Pocket or other devices.
Make Your Move: Create a video showcasing the stabilized footage from your device. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Osmo Series or other devices.
Adventure Starts With You: Create a short, cinematic narrative film to showcase your creative skills and visual effects. Users are recommended to include at least 10 seconds of behind-the-scenes clips of their product such as DJI Ronin Series or other devices.
*Video submissions should not be longer than three minutes in length.
Submission Start Date: August 15, 2019, 2:00 AM (EST)
Submission End Date: October 14, 2019, 2:00 AM (EST)
Award Announcement: October 31, 2019