Connect with us

Cyber Security News

2020 cybersecurity predictions

Published

on

2020 cybersecurity predictions

Curtis
Simpson, CISO, Armis
Voice Deepfakes will
become the new phishing bait: C-level executives, politicians and other
high-profile individuals are already high-risk targets for standard email
phishing attacks given their level of access and financial decision making
within their organization. With advancements in the deepfake voice technology,
I expect a rise of voice phishing schemes in 2020 in which employees are
tricked into sending money to scammers or revealing sensitive information after
getting voice messages and calls that sound like they are from the CFO or other
executives. We’ve already seen one fraudulent bank transfer convert to $243,000
for criminals. Given how hard it is to identify these deepfakes compared to
standard phishing attacks, I expect these operations will become the norm in
the new year.

PJ
Kirner, CTO & founder, Illumio
We’ll start to hear
more about the convergence of physical infiltration with cyberattacks,
challenging security across the board. Cyberattacks on an enterprise or a
government can be carried out remotely but, in 2019, we started hearing more
about the physical element added to the mix. It doesn’t take sophisticated
software or intelligence operations to execute these attacks – a well-planned,
staged scenario is all it takes. For instance, someone could pose as an
electrician to gain physical access to a hospital being built, walking around
unimpeded until they find an unprotected device to access the network. I
believe we’ll see more of these high-profile, hybrid cyber-physical attacks in
2020.

Matt Ulery, chief product officer, SecureAuth
Get ready for SMS attacks to go mainstream. We adopted two-factor authentication with little hesitation: get a text on your phone with the one-time authentication code, enter it in after entering your password and gain access to your account. Most consumers haven’t had an issue with an extra step for a little peace of mind. The problem is that second-factor methods can now be easily defeated by your average hacker.

SMS
overrides have become a common and intensifying threat over the past year, and
they’ll only become more prominent in 2020. This type of attack will come in
three main forms: SIM swap, IMSI factors and SS7 hacks.

From
intercepting SMS messages and voice calls to eavesdropping and location tracking,
these types of attacks highlight the weakness of relying on two-factor
authentication to protect our identities. Businesses and organizations —
especially those handling and storing customer data — have an obligation to
look towards more advanced, adaptive approaches to securely verify their users
by utilizing verification factors like location, time of day, behavior and IP
addresses. It’s no longer safe to assume a six-digit code sent to your phone
will protect your identity.”

Michael
Morrison, CEO, CoreView

Office 365-specific security issues will finally get the attention they
deserve: Office 365 is a major target for IP theft, data leakage, credential
cracking, and O365-specific attacks because that’s where a big bulk of sensitive,
enterprise data is. Yet, O365 security issues often don’t get the attention
they deserve. In 2020 and beyond, IT should expect new O365 phishing and
malware attacks, as well as modified versions of KnockKnock and ShurtLOckr, two
attacks that focus on Office 365 that have been active since May 2017—and are
still running.

Mark Sangster, vice president and industry security strategist, eSentire
Company microtargeting with industry-specific tools will rise. Throughout 2019, eSentire has observed numerous instances of mid-sized organizations being targeted using tools specific to their industry, and this approach will continue into 2020. Phishing emails related to common industry tools or masquerading as trusted sources will be a common attack vector for stealing credentials and sensitive information. For example, phishing lures unique to the legal industry will use avenues, including cloud services, from vendors such as Adobe, to access to stores of sensitive information and credit vendors, like American Express, to gain short-term access to personal and/or company credit accounts. Access to personal or organization emails can lead to the theft of sensitive information. It can also aid attackers in crafting more familiar and friendly-looking lures for spear (targeted) phishing. As this trend towards microtargeting continues, organizations need to ensure they have technical controls in place to detect these threats and also ensure they have a robust security education program in place for their employees.

DRaaS is
Now Mainstream

Disaster
Recovery-as-a-Service (DRaaS) is now mainstream, with large organizations
adopting DRaaS at the highest rates. However, expect in 2020 to see the
adoption of DRaaS by small and mid-sized organizations to drastically increase
as organizations discover that not all DRaaS services require their IT
departments to become experts in hyper-scale clouds. As a result, SMBs will
outsource DRaaS to experts at a fixed price and with little requirement for
their time or technical overview.

Josh
Lemos, VP of research and intelligence, BlackBerry Cylance
State and
state-sponsored cyber groups are the new proxy for international relations. Cyber
espionage has been going on since the introduction of the internet, with
Russia, China, Iran and North Korea seen as major players. In 2020, we will see
a new set of countries using the same tactics, techniques, and procedures
(TTPs) as these superpowers against rivals both inside and outside national
borders. Mobile cyber espionage will also become a more common threat vector as
mobile users are significant attack vector for organizations that allow
employees to use personal devices on company networks. We will see threat
actors perform cross-platform campaigns that leverage both mobile and traditional
desktop malware. Recent research discovered nation-state based mobile cyber
espionage activity across the Big 4, as well as in Vietnam and there’s likely
going to be more attacks coming in the future. This will create more complexity
for governments and enterprises as they try to attribute these attacks, with
more actors and more endpoints in play at larger scale.

Gaurav
Banga, CEO and founder, Balbix

The accepted definition of a vulnerability will broaden. Typically associated
with flaws in software that must be patched, infosec leaders will redefine the
term to anything that is open to attack or damage. The impact will be
systematic processes, similar to those commonly applied to patching, extended
to weak or shared passwords, phishing and social engineering, risk of physical
theft, third party vendor risk, and more.

Chris
Howard, VP of federal, Nutanix
In 2020, we expect
to see federal agencies to increasingly differentiate their IT consumption
models. For example, I expect to see a movement of IT infrastructure to managed
service offerings in hosted data centers in order to take advantage of the
solutions that MSPs provide. In doing so, they will also be taking some of the
work off of their plate. This will not only allow agencies to access better connectivity,
but it will also address some of the same benefits that agencies look for when
moving to the public cloud, like agility and the ability to move away from
managing physical infrastructure, but with added security controls.

John
Summers, VP and CTO, Akamai
The digital
advertising ecosystem will be the next top target as a new class of attacks
emerges – As consumer experience becomes more important — and elaborate —
advertisers harvesting troves of customer data will find themselves susceptible
to a new wave of attacks from cybercriminals. Hoping to capitalize on the data
possessed by agencies, adversaries will increasingly go after the ad delivery
process, compromising the countless amount of customer data stored. In the
coming year, we can expect digital advertisers to amp up security efforts to
combat this, yet we can also expect to see more consumers opting-out of
experiences that require data collection.

Gerry
Beuchelt, CISO, LogMeIn
The use of and
evolution of biometrics. Decentralized, device-managed biometrics will continue
to rise as a convenient way to authenticate users. Biometric data stored
locally on the user device is best for security and eliminates the privacy
risk. These biometrics are good because they make life easier for people to
authenticate with devices in their possession and don’t pose a further security
risk because that info isn’t online and never leaves the system.

Centralized
biometric databases will continue to be promoted (and in some cases forced) by
governments, but we’ll continue to see pushback from civil society.

Centralized systems,
i.e. having one giant database, is not good biometrics because a lot of
sensitive personal information is in one location and invites abuse. People are
understanding this and some citizens in Europe and the U.S. are pushing back
against centralized databases.

In terms of
voluntary centralized databases, there is going to be some form of material
abuse of the type of info people are sharing so freely (i.e. if 23 and Me is
hacked), creating a privacy nightmare. That nightmare is just waiting to happen,
whether through a hack, breach or government subpoena.

Published at Sat, 28 Dec 2019 14:00:35 +0000

Continue Reading

Cyber Security News

Broadcom flips Symantec to Accenture Security

Published

on

By

Broadcom flips Symantec to Accenture Security

Symantec’s Cyber
Security Services business has been purchased by Accenture Security from Broadcom,
almost five months to the day from when the latter firm paid $11 billion for
the unit.

Accenture
announced the acquisition on January 7 which includes Symantec’s enterprise
level business unit that operates six security operations centers located in
the United States, UK, India, Australia, Japan and Singapore which handle global
threat monitoring and analysis.

Financial
details were not revealed, but Broadcom
entered into an agreement to pay $10.7 billion for this division in August 2019
with the deal officially closing on November 4. Accenture did note in a
statement on this purchase that it had spent $1.2 billion on 33 other acquisitions
in 2019. So, if a similar price was paid this time it would make it Accenture’s
largest financial move in recent months.

Accenture’s
deal with Broadcom is subject to customer closing conditions but is expected to
close in March 2019.

“This
acquisition is a game-changer and will help Accenture provide flexibility
rather than a ‘one size fits all’ approach to managed security services. With
Symantec’s Cyber Security Services business, we can now bring clients our
combined expertise fine-tuned to their industry with tailored global threat
intelligence powered by advanced analytics, automation and machine learning,”
said Kelly Bissell, senior managing director of Accenture Security.

Broadcom executives made similar statements in November when Symantec was fully brought on board and began operating as a unit of the processor and technology infrastructure company.

Broadcom has
not yet responded to an SC Media inquiry regarding its decision to turn around
and sell its recent acquisition.

When
Symantec cut its deal with Broadcom it retained control of its device security,
identity threat protection and privacy software that that is sold to consumers
and small businesses. This segment of Symantec’s business provides the majority
of the company revenue.

Published at Tue, 07 Jan 2020 17:16:14 +0000

Continue Reading

Cyber Security News

Solving man in the middle cyberattacks with cloud-native SDPs

Published

on

By

Solving man in the middle cyberattacks with cloud-native SDPs

When
it comes to the workplace, we are office-bound no more. While it still may seem
counterintuitive, most work today actually gets done (at least some of the
time) from remote locations, not company offices. Whether from home, a
co-working space, or an airport, subway, hotel, or Starbucks, employees and
contractors alike can be found working virtually for a good chunk—or all—of
their workday from public settings. 

How
does this reality affect enterprise security? Traditionally, the enterprise approach
for working beyond the perimeter has relied on a virtual private network, or
VPN. Yet while VPNs are the most common solution for enabling remote workers to
access the corporate network and the data that resides on it, the shifts
mentioned above have rendered them outdated when it comes to security. That’s
because the idea was based on the assumption that users on a local network could
be “trusted,” which resulted in a sizable attack surface being left vulnerable
to potential attackers. 

Undefended

One
type of well-known security threat in the enterprise environment that VPNs are
ill-equipped to defend against are called Man in the Middle (MITM) attacks. In
this worrisome security breach, a cybercrook positions himself or herself in a dialogue
between an application and a user. Yet despite the perpetrator’s malintent—which
is usually either to listen in on a conversation or pretend to be one of the
people in the exchange—it looks to the user as though everything is perfectly normal. 

As
explained in International Journal of Data and Network Science, the purpose of a MITM
attack might be to “take individual information, for example, login
certifications, account points of interest and charge card numbers. Targets are
normally the clients of financial
applications, SaaS businesses, web-based business locales and other sites where
logging in is required. Information obtained during an attack could be utilized
for many purposes, including fraud, unapproved support exchanges or an unlawful
watchword exchange.”

Network-based Man in the
Middle attacks result from weaknesses in the network communication framework,
where network traffic is intercepted by the hacker instead of the assigned
router. At this point, the hacker transmits spoofed Address Resolution Protocol
Messages to any open LAN, oftentimes in airports, coffee shops or hotel lobbies.
These altered transmissions are designed to persuade network administrators to upgrade
routing data, enabling the MITM attacker to falsly notify users that the correct
MAC address for the location’s IP address will be located on the hacker’s computer. 

VPN vs. SDP Against
MITM

Conventional
VPN solutions can defend against MITM attacks on the public wifi; they can send
network traffic via an encrypted tunnel as protection. But VPNs often use a
split tunnel to save money and reduce latency. They send private data-center
traffic over the VPN, while sending web traffic out directly and leaving
endpoints vulnerable. Another problem with VPNs is that they are generally not
used all the time; users activate them when they need access to the enterprise
network, but the rest of the time they use the internet without the VPN,
significantly increasing the risk of a breach. Finally, VPNs do not offer
zero-trust security, therefore, potential attackers have broad access to
network resources.

A
more effective solution to better defend against MITM attacks is a software-defined
perimeter (SDP) that includes “always on” security, which secures both network access and web traffic. Such SDPs
offer a dependable security framework by encrypting all traffic from the user
device, whether it’s going to the data center, the cloud, or the web. By micro-segmenting
enterprise network access, SDP solutions reduce the attack
surface compared to VPNs.

Advanced,
cloud-native SDPs are built around a zero-trust architecture that provides each
user with a unique, fixed identity for one-to-one network connections. These are
dynamically created on demand between the user and the specific resources that
he/she needs to access. No access is possible unless it is explicitly granted
and any access that is granted is continually verified at the packet level.
Once data centers, clouds, and branches are onboarded to the SDP, policies
define what is visible to authenticated users.

In
contrast to the old “trust but verify” approach, the new way of thinking is
based on never trust, continually verify, as well as minimizing access to a
company’s resources with dynamic micro-segmentation. Given the growth in the
sophistication and impact of MITM security attacks, IT organizations must move
quickly to adopt this new security model. Many will find that the optimum place
to start is where the current security model has the greatest weaknesses –
remote access – and look into replacing VPNs with a zero-trust Software-Defined
Perimeter.

With VPNs less able to protect IT resources and applications
migrating to the cloud, SDPs are emerging as the superior alternative to
traditional VPNs in helping to prevent MITM attacks. By allowing organizations
to standardize remote access security for all users while reducing the risk of potential
attacks, zero-trust
SDPs offer a compelling new paradigm for remote access.

Published at Mon, 06 Jan 2020 13:00:48 +0000

Continue Reading

Cyber Security News

State actors may be behind ongoing cyberattack on Austria’s foreign ministry

Published

on

By

State actors may be behind ongoing cyberattack on Austria’s foreign ministry

An ongoing and “serious cyberattack” at
Austria’s foreign ministry could be the work of nation-state actors, the
country’s government said.

The ministry has set up a “coordination
committee” to respond to the attack, which started as the country’s Greens
party okayed an alliance with conservatives.

While the foreign ministry discovered the attack
and responded quickly, the incident is ongoing.

“Due to the gravity and nature of the attack, it
cannot be excluded that it is a targeted attack by a state actor,” the foreign
and interior ministries said in a joint statement cited in a report by the
Associated Press.

It is similar in nature to a pair of attacks against Germany in 2015 and 2018 believed to be the work of Russia’s Fancy Bear APT group.

Published at Mon, 06 Jan 2020 05:05:03 +0000

Continue Reading

Trending