These are some takeaways from a briefing with Symantec’s Mark Shaw, technology strategist for the Pacific Region, Peter Sparkes, senior director, Cyber Security Services, APJ, and Ian McAdam, managing director, Pacific region.
The three proceeded to demolish all hope of the good guys winning over cybercriminals in 2017.
McAdam led off saying that company boards could no longer ignore cybersecurity leaving it to the IT guys – they must focus efforts and budgets on increasing cyber security because 2017 presents so many more threats. He commented on the fact that after Symantec’s acquisition of Bluecoat, it now had more than 3000 engineers working on cybersecurity and had combined resources to be the world’s largest global intelligence network.
Shaw said that Symantec had identified ten trends that were all new – these are future issues for concern.
#1 Proliferation of the Cloud generation
Symantec sees more attempts on things like VR, IoT, cameras, routers, wearables – the consumerisation of IT. The biggest issue was a lack of standards; manufacturers back doors for firmware updates and device telemetry, and a general inability to run security on the devices. All these devices needed to have controls on identity and information sent to the cloud.
#2 connected cars will be held for ransom
In the past months, a group of Chinese white hat hackers had taken control of a Tesla using nothing but remote web access – all attacks were contactless and without physically modifying the car. Tesla is updating the firmware accordingly, but it shows the rush to remotely connected cars is not without its issues.
The techniques used were nothing special – it simply exploited weaknesses found in so many IoT devices. Shaw said he expected to see “fleets” of cars held for ransom – pay up, or you can’t drive.
But hacking could also include location tracking, recording conversations, or crashing the car.
#3 IoT devices penetrate the enterprise
Look around now, and you will see IoT devices in the boardroom, office and lunchroom – these smart devices might include cloud-connected cameras, Wi-Fi routers, smart appliances like refrigerators or coffee machines, NEST style climate controls and more.
Also, IoT devices may start to monitor and control things like printers, access points, time clocks, room locks and more. Shaw said that these things provide additional and largely insecure attack points but more importantly are often connected to the company network as they require Internet and cloud access.
#4 An increase in IoT DDoS attacks
Shaw said this could be easily subtitled “Looking for a smart refrigerator”, and pointed to Shodan, that can find weaknesses in IoT devices including refrigerators, webcams, power plants, IoT and building automation.
Again the lack of standards, manufacture’s backdoors for telemetry and firmware, and a general lack security awareness made these obvious devices to use for DDoS. He referred to the 900,000 ZyXEL routers taken offline at Deutsche Telekom last week.
The key issue is that hackers can monetise these massive botnets and sell DDoS as a service. But what if hackers started selling access to security cameras at ATM sites?
#5 Ransomware and the Cloud
Shaw said that the cloud was becoming just as an attractive target as on-premise computers and very often it was less secure than devices behind the corporate firewall.
But he had noticed that ransomware was being delivered from the cloud as well – hidden in corporate files.
#6 Machine learning will require sophisticated big data capabilities
It would not be a prediction without throwing in machine learning. It is being used by both the good guys and the cyber criminals with equal effectiveness. Shaw was concerned however that all the data was generating far too many false positives and a lot more work needs to be done here to make it more useful. At present those false positives are being reviewed by “the wetwork” (humans)
#7 Rogue nation states will fiancé themselves by stealing money on-line
An amazing number of hacks bear the hallmark of one nation, including the Sony hack, SWIFT bank transfers like the Ecuador Bank and spreading of ransomware.
Shaw was too polite to name the nation but is concerned it's becoming clear the action is at least state-sponsored. The definition of a rogue state is here.
#8 File-less malware will increase
Malware that runs in memory overwrites BIOS or firmware, and installs rootkits is the way to the future as its harder to track than malware. Regardless of how good security gets humans will still be the week point clicking on suspect links and allowing “things” to execute on the computing device. While education is a good start it is clearly not enough.
#9 Secure Sockets Layer (SSL) abuse will lead to increased phishing sites using HTTPS
HTTPS is supposed to be safe and Symantec aims to have all websites encrypted by providing free SSL certificates.
Google is getting on board and will start to identify HTTP sites as less secure. But all that does is focus cybercriminals on how to use HTTPS sites as delivery vectors.