Intel Security’s McAfee Labs 2017 Threat Protection Report (free) is a compelling 54-page read – gripping if you want any chance of keeping up with cybercriminal’s wiles. If you intend to read the report, there is no need to continue with this summary.
There are the big-picture problems that cannot be addressed by patches or software updates. Solving these problems requires foundational research, new classes of products, heavy development time and effort, and a sustained focus, often by multiple industry participants working together. The rapid growth of cloud services, the disappearing perimeter between internal and external networks, and an incredible flood of new IoT devices are challenging traditional methods of protecting everything digital.
Andy Hurren, Intel Security Solutions architect, said, “In 2016 we saw breaches affect a wide variety of industries and consumers as adversaries pivoted their focus to attacking emerging technologies and platforms with increased market adoption. We have observed that as new defensive approaches are developed to protect these platforms, protection effectiveness will increase until adversaries eventually invest effort to bypass it. We have identified 14 key areas in cybersecurity that we predict will see significant change in 2017 – both from a positive perspective such as a welcome decrease in the success of familiar attack methods and, unfortunately, from a negative perspective with adversaries expected to shift their focus to attack targets with immature security controls and a higher return on investment.”
Vincent Weafer, vice-president of Intel Security’s McAfee Labs, said, “To change the rules of the game between attackers and defenders, we need to neutralise our adversaries’ greatest advantages. To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralised data, and detecting and protecting in agentless environments.”
The “big picture” issues include:
- Adversaries have more information about our defences than we have about their attacks. Attacks can be tested against security defences with impunity. We must find ways to prevent attackers from testing against us, detect and learn from their experiments, and mislead them where possible.
- Investigation and prosecution of cybercrime is inversely related to the severity of the crime. We must change the economics of the attack process, reduce the success rate of attacks, and make capture more likely, so we can make targets less interesting.
- We have finite control over information assets, and the level of control is diminishing due to the massive increase in the number and location of assets. We need to help organizations improve their security visibility.
- Many attacks begin using stolen credentials. Telling the difference between when a legitimate tool is used for a legitimate purpose versus a suspicious activity is very difficult. We need to move toward a model that conducts legitimacy tests for every transaction.
- Data is moving around outside of the corporate perimeter, making it much more vulnerable to unintentional leaks and targeted attacks. It is moving to clouds and personal devices, but also to partners, suppliers, and customers. We need to better protect data as it moves and when it gets to its destination.
- The ability to place agents on devices to protect them will not be possible in many future instances. We must find other means of protection.
The 2017 predictions include:
- The volume and effectiveness of ransomware attacks will go down in the second half of 2017.
- Vulnerability exploits on Windows cool down as other platforms heat up. But those targeting infrastructure software and virtualization software will increase.
- Hardware and firmware threats are an increasing target for sophisticated attackers
- “Dronejacking” – really IoT jacking places threats in the sky.
- Mobile ransomware will continue to grow, but the focus of mobile malware authors will change. Attackers will combine mobile device locks with other forms of attack such as credential theft, allowing them to access such things as banks accounts and credit cards.
- Cybercriminals are leveraging machine learning to target victims. Tools to perform the complex analysis behind target selection are readily available, and there are a plethora of public sources of data required to build and train malicious machine learning algorithms. We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks.
- Fake “Likes,” advertisements, product and service reviews, online security warnings, alerts and more will make the Internet even less trustworthy.
- The cat-and-mouse game between advertisers and ad blockers will continue. Some of the advertiser's techniques for bypassing active content blockers will be used by malware distributors to enable drive-by downloads of malware.
- Hacktivists will work to educate consumers about their digital footprints by targeting and successfully breaching some of the corporate clouds that contain customer data. Hacktivists will then expose that personal data to generate consumer outrage and force action. These actions will continue until they are no longer newsworthy or public outrage forces changes in privacy laws and corporate policies.
- The number of takedown operations against the authors of distributed denial-of-service attacks and botnets around the world will grow as the result of increased cooperation between private industry and law enforcement agencies. More countries will see the effects of cybercrime on their economies and increase their investment in cyber response capabilities.
- ISAO communities of trust will be established. We will also see new ISAO platforms emerge that will allow businesses to automatically add threat intelligence into their security systems.
- Due to changes in international laws and agreements between countries, we predict that former state-sponsored cyber espionage teams will move into the role of information brokers, providing “access” for money. Their modus operandi will remain the same.
- The physical and cyber security industries will join forces and begin hardening security products from digital threats. They will leverage each other to enhance security and safety for the next generation of products and services.