CBR grilled Dr Adrian Nish, Head of Threat Intelligence at BAE Systems, about what he thinks the cyber security landscape will look like in 2018.
Giving us his top eight insights for 2018, Dr Nish painted a picture dominated by bots, malware…….and, of course, GDPR.
After six years of preparation, hype and debate the General Data Protection Regulation (GDPR) will be enforced from 25th May 2019. Any organisations found to be non-compliant will face heavy fines. The spotlight will be on the early breaches and how the regulators react to them. Many firms processing EU citizens’ data from outside of the EU may not have understood that they too will be affected by the regulations.
Recent analysis suggests that few firms are ready for the new regulations, raising the likelihood of breaches and potential fines
2. Malware authors outsmarting NextGen AV /AI
In recent years, a big trend in the anti-malware market has been the use of machine learning algorithms in detection engines that rely on features extracted from known bad samples. These bad samples include metadata values, exported function names, and suspicious actions.
Malware authors get better at building techniques to outsmart them as ‘NextGen AV’ solutions become more commonplace
In recent months we have seen malware filled with legitimate code and functionality which appears to have no purpose but to outsmart machine learning algorithms
3. Market manipulation via hack or Twitter bot
To-date there have been few cases of criminals looking for ways to target and exploit the stock market system online. In theory, these could be attractive targets, as playing the market is ‘out-of-band’ from the hack itself.
We predict that, in 2018, we’ll see a repurposing of ‘fake-news’ Twitter bots to push market relevant information
This could be used in pump-and-dump style attacks, or could be targeted at algorithmic trading ‘bots’
4. The first battle of the bots
It’s inevitable that attackers will begin to incorporate machine learning and artificial intelligence at the same rate as network defence tools. We may already be at this point, with online Twitter bots able to react to emerging events and crafting messages to respond.
2018 could be the year we see the first battle of the AI bots. As cyber-criminals build systems that can ‘learn’ and adapt to defences, while detection engines also evolve using AI
5. Extortion through hack-and-leak
There has been a rise of ransomware over recent years, partly enabled by online criminal malware marketplaces and partly the popularity of Bitcoin and other cryptocurrencies. Businesses are a natural target for such attacks, as seen with WannaCry and Petya last year. Ransomware can be spread across a large number of networked devices for maximum impact. Business rarely pay a ransom of this nature, as they typically have backups they can revert to when needed.
A more dangerous approach we believe criminals will begin to implement is stealing information and extorting victims by threatening to leak if ransom isn’t paid
These leaks could be highly damaging: substantial fines, loss of customers, embarrassment to executives (e.g. stolen emails)
6. Supply chain woes
2017 was a huge year for supply chain attacks. We predict that this will continue in 2018 as criminals see this type of attack to be more and more viable.
The biggest chunk of this may be software supply chain compromise, rather than third-party or hardware compromise
7. Sociotechnical approaches to risk – copy techniques from Safety Engineering
Information Assurance has been around for a long time and technology, threats and vulnerabilities have moved on. Securing information has become less about having firewalls and policies, and more about complex interactions between people and machines. Practitioners have also realized there is need to consider systems as a whole, rather than as discrete components, and have now begun to consider new approaches.
Safety Engineering is a possible new approach, which is already copied across other domains
2018 may see greater emphasis on evolving security beyond traditional approaches, incorporating sociotechnical analysis
8. IDN Homograph Domain Spoofing
The Internationalised domain name (IDN) homograph technique uses similar characters in non-Latin alphabets in order to appear similar to the targeted Latin alphabet domain. The non-Latin characters are interpreted by the Latin web browsers as ‘Punycode’. As an example, the punycode of ‘xn--oogle-qmc’ resolves to ‘ɡoogle’ – note the two different types of ‘g’.
Recently we have observed this technique being employed on a larger scale, though this technique has been a proof of concept and sparingly used for a number of years – attackers can use a vast amount of subtle letter swaps using this technique
We predict this technique to increase in early 2018 if web browsers continue converting the Punycode domain into the Unicode domain, thus appearing to be the legitimate domain to the end user