Threats of the near future
Written by Harry Papadopoulos on 22/06/2018
We are roughly halfway through 2018 already (which is terrifying when you stop to think about it) and, as we’ve already mentioned, the growing prevalence cyber security stories now in mainstream media shows no sign of stopping. But what threats lie in wait around the corner? Though the digital threat landscape is ever changing, we’ve analysed the current climate and come to a (hopefully rational) conclusion as to how scared we should really be about the threats of the not-so-distant future.
Alarmist reports suggest that a well-equipped group could target critical national infrastructures with sophisticated tech and, particularly if government backed, could disrupt their services. Fortunately, this scenario is unlikely. Wait, no it isn’t. It’s already happened.
In the final weeks of 2015, a cyber-attack on Ukraine’s energy grid left 225,000 people in the dark. Without getting involved in the political minefield of assigning blame, this has set a worrying precedent. Since we’re now a few years down the line, chances are the software (CrashOverride) has evolved or, at the very least, the people behind it have been experimenting with this powerful automated beast. This links to the targeting of other industrial control systems (SCADA), which are often poorly secured thanks to a variety of historical and cultural reasons. Even here in 2018, SCADA systems can be “pwned by 4 lines of code”. Many services are vulnerable. Energy grids, powerplants, water networks, health services and even public transport providers are at risk. To quote Christian Louis Lange: “Technology is a useful servant, but a dangerous master.” If that’s not the most obscure figure you’ve seen referenced today, then I have failed.
Gadgets and gizmos
Further down the list of woe is an increasing threat to businesses and organisations in the form of IoT devices. IoT or Internet of Things devices can include just about any gadget with some form of network connectivity. Almost everything these days comes with Bluetooth capabilities or Wi-Fi enabled. In the name of convenience, innovation or even hubris, organisations are inviting more and more of these gizmos into their network.
Unbeknownst to them, each device added is providing hackers with a doorway into their network. Whilst these risks can be mitigated if well managed, they will always offer another attack vector. IoT devices, innocuous though they may seem, can give hackers a foothold on your network and the means to extract important data.
It’s likely that attacks on IoT devices will become more frequent as the year goes on. And let’s not forget that the biggest DDoS to date was powered by compromised IoT devices. The market is forever expanding and before long we’ll have yet more things with Wi-Fi capabilities.
The threat to companies responsible for these devices is two-fold. Not only will they have the risk of having whatever devices happen to be on their network getting hacked, they’ll also be held accountable should it be discovered that these gadgets are gathering and processing information that they are not being entirely upfront about.
Over the years there have been so many warnings against AI technology and machine learning that you often wonder why we keep at it. Research and deployment of machine learning or AI algorithms is progressing at such a rate, it’s difficult to follow, let alone work out what an algorithm is.
Fortunately, we’re someway off from sentient robots wresting dominance of the globe from our flabby hands. As it stands, machine learning is being employed in a number of industries. Google are working into their search engine, Apple is experimenting with it and a number of tech companies are trying to implement it into their home media hubs. It’s even of interest to us cyber security experts. With the capability of learning patterns of behaviour, machine learning algorithms can spot activity that is out of the norm. Theoretically, this means it’ll be able to spot and isolate potential threats without any human interference. Which is great.
However, like everything, there’s the possibility of misuse. Machine learning, with its adaptability and sophistication, can be used for nefarious means. Machine learning can be used to create a smart chain of botnets or conduct more effective phishing campaigns for example. All of this will require little influence from humans in terms of programming and can adapt to behaviours to become more effective. This obviously means a headache for cyber security experts.
Fileless malware may sound like a bizarre concept. It seems implausible, impossible even. It is far from it however. Hackers are no longer playing fair and have started to exploit trusted, native programs in order to execute demands. Most anti-virus programs work by checking for signatures of known malware and blocking activity related to it. Because fileless malware is making use of trusted components to execute demands, there’s no such signature, which renders anti-virus software all but useless.
Whilst new software is emerging to combat this, these attacks are still new and effective. They pose a very real danger to the modern business.
Cryptojacking is the big thing in cybersecurity at the moment (Russia notwithstanding). It’s the process of a hacker covertly syphoning off a machine’s CPU in order to mine for cryptocurrencies. The bigger the company the more attractive the target. Bitcoin is perhaps the currency everyone thinks of when they think cryptocurrency. Due to artificial scarcity, Bitcoin becomes more valuable as time goes on and subsequently requires more CPU to mine. All this means hackers will be eying up your servers with hungry eyes.
It’s not at all surprising that cybercrime is seeing a rapid increase. After all, various media outlets (yes, us too I suppose) are forever discussing the profitability of various exploits and the relative ease with which they can be done. For example, last year (2017) ransomware became a $1 billion industry..
Hacking is no longer the reserve of those with specialised knowledge. Practically anyone with a piece of downloadable kit can give it a go. Despite the raised awareness, it’s unlikely that we’ll see a drop-in activity any time soon. So, keep your eyes peeled, invest in a good threat monitoring system or get yourself a penetration test because those threats are going to come in thick and fast.
Hope for the future
Before this blog post veers entirely into unchecked doom, let’s take a moment to remember that there’s always hope. There are many companies, like us, fighting the good fight, and user education is increasing all the time.
In fact, the Cyber Security Market Report estimates that between 2017 and 2021, global spending on cyber security products and services will exceed $1 trillion (cumulatively). Humans are always reluctant to spend money, so it’s unlikely that such an investment will have no effect. In the coming years we can expect to see more products and newer, more advanced services popping up to confront this global threat. Moreover, it’s reckoned that many people turn to hacking because they don’t realise that they can earn a living from using their skills legitimately. With awareness growing and technology diversifying, those that would normally turn to hacking may start turning to security instead.
The night is darkest before the dawn. Who knows? We may yet see the rise of a cyber Batman.
ISO 27001 and 9001 certified
Tigerscheme qualified testers
PCI DSS v3.2 Level 1
24/7 on-site Security
Get a quote today
If you’re interested in our services, get a free, no obligation quote today by filling out the form below.