Blind Spots, or unseen dangers, are an inevitable fact of life. This is particularly true in the cybersecurity industry. This is because it's simply impossible to predict the next big thing. Who could have predicted Spectre and Meltdown coming even though the vulnerabilities sat dormant on chips for over 20 years? Additionally, when Joseph Popp created his AIDS Trojan back in 1989, few could have predicted the scourge that ransomware would eventually become.
Now, all these years later, we're still paying for these epic blind spots and many more just like them. Today, there are a few things that stand out to me as our greatest obstructions, which we need to put greater attention towards:
1. IoT Exposing Corporate Data
By 2020, there will be more than 20 billion devices connected to the internet and by 2030, that number is expected to jump to more than 125 billion devices. As it stands, in five years time, we will essentially be living within the internet of things.
IoT product designer typically push gadgets to production regardless of whether or not they are actually bug-free. This is often because they need to get their offering to market before their competitors. Moreover, some companies skimp on security measures for fear of harming performance and others cut corners to keep prices down. What this means is that the market is full of these bug-ridden connected devices — and it's only going to get worse.
There's no escaping IoT — it's the future, whether we like it or not. But there are ways we, as an industry, can minimize the potential negative security impact. The first step that organizations can take is to build awareness among employees, who are generally in the dark about the risks they create. It's critical that they understand that the gadgets they bring to the office are very likely not as secure as they think and may wind up exposing corporate data.
Employees should also understand that just because something can be connected to the internet doesn't mean that it should be connected to the internet. Also, they need to know more than just the very basics; while they might be adept at remembering to change device default passwords, they are probably clueless regarding other critical issues like turning of Universal Plug and Play. Make sure they are applying patches and updates to their devices as soon as they become available, and by the way, now is a good a time as any to create a strict and nuanced BYOD policy if you don't already have one.
2. The Bad Guys Using AI:
There is a lot of talk nowadays about using AI to help fight cybercrime. We have already seen that artificial intelligence can compliment the human side of security quite well. Using AI power in a security operations center can translate into less time spent on false positives and more incidents located with greater speed and accuracy. To this end, it's become something of a darling in the eyes of security gurus.
But the reality is, that anything can be harnessed for good can be used for bad as well. Already, criminals are using artificial intelligence to discover critical flaws in software that otherwise would go undiscovered. It can also create perfectly targeted social engineering attacks. And criminals are using AI to mimic writing styles so that they can pretend to be specific individuals and lure people into various high-level scams. But all this is just the beginning.
The use of AI will make ID theft, password cracking and DDoS attacks more efficient and effective. Smart botnets will be able to create self-directed attacks at potentially unfathomable scale. Attackers will use AI to create better and faster malware variants that have built-in advanced obfuscation techniques. Phishing rouses may become nearly undetectable as tools like speech recognition and natural language processing (NLP) are applied to algorithms.
According to Ronen Slavin, Client Team Leader here at Reason “AI will be used to build incredibly intuitive chatbots that will be used in highly sophisticated phishing ploys. There is even speculation that AI will be used to mimic voices of trusted entities. Soon with AI, it may be impossible to discern if you're talking to your IT manager or a bot with malicious intentions.”
The question is if businesses are prepared for such possibilities. It's simply impossible to anticipate every attack vector, but organizations need to ready their enterprise for whatever they can. Now is the time to build a strategic “Attack SOP” outlining who will be responsible for what in times of crisis.
3. The Legal, Ethical and Security Ramifications of Cryptomining:
The funny thing about malicious cryptomining is that attackers aren't looking to get their hands on their victim's data — instead, they want their CPU to generate new crypto coins. This leaves a lot of people thinking that cryptomining malware isn't really a major concern.
Interestingly, playing the “This isn't really all that illegal” card, some legitimate websites like Salon.com and even UNICEF have begun asking users for their permission to use their CPU in return for allowing them to block ads, access exclusive content or get higher streaming quality.
This brings up some ethical questions: Do users actually understand what they are agreeing to? Do they really know that they will have higher electricity bills? That their devices will need to be replaced far sooner than if they had not been being used for such resource-depleting activities? Questions like these need answers before enterprises decide that this is a new legitimate business model.
Another concern with cryptomining is that while attackers are mainly after CPU, it may not be the only thing they are looking for when they plant their malware on devices. Allowing mining software to run on devices may also allow other malware to run on your devices. Security firm Trend Micro found that cryptomining malware often triggers other attacks, including SQL injection attacks, cross-site scripting attacks, brute force password attacks and denial of service attacks, among others. Taking a laissez-faire approach to malicious cryptomining might just be exposing your entire network. Make sure your enterprise has the necessary tools to detect and prevent this emerging threat.
These are issues that must be addressed and solved now, or they will become the problem that our children and grandkids will be paying for.