5 cybersecurity predictions (that might actually come true)
Below are some Sophos Researchers and their predictions on tomorrow's internet:
1. More file-less attacks
Principal Threat Researcher 2, Fraser Howard:
To date file-less attacks have been fairly isolated, but it seems to be growing in prominence (Poweliks, Angler for a bit, Kovter and more recently Powmet). This is a natural response to the widespread deployment of machine learning. I also expect to see a rise in Powershell abuse.
2. Smarter fuzzing for everyone
Senior Security Analyst 2, Stephen Edwards:
I’m expecting the sophistication of fuzzing to improve significantly. Fuzzing can be used to automatically create billions of ‘stupid’ tests and the next challenge is to make those tests smarter, by informing the test creation process with knowledge about how a program works. Automatic exploration of code is hard though. Hybrid techniques try to balance the speed of stupid tests with the efficiency of smarter ones, while avoiding getting lost in too many choices. A number of promising approaches to improving fuzzing have already been demonstrated and it feels to me that we’re almost at a breakthrough where those different techniques will be combined and made public.
3. Ask who and what, not where
Cyber Security Specialist, Mark Lanczak-Faulds:
Traditionally, security focuses on the domain as a whole. As we look to blur the boundaries of a traditional network and the internet, what matters are the identities and assets residing within the domain. We need to determine risk based on identity and the assets associated with that identity. When you trigger an alert accounting for those factors, you know what’s at stake and can act proportionately and swiftly.
4. Focus on exploit mitigation
Sophos Security Specialist, Greg Iddon:
Patching is no longer something you can save until after change freeze or a rainy day. I think that in the next six to twelve months, implementing exploit mitigation – protection against the abuse of known or unknown bugs and vulnerabilities, and the underlying way attackers take advantage of these bugs and vulnerabilities – is going to be key to staying ahead. What concerns me most is that there is a swathe of new vendors who are only focusing on detection of Portable Executable (PE) files, touting machine learning as the be-all and end-all of endpoint security. This simply isn’t true. Don’t get me wrong, machine learning is great, but it’s just a single layer in what must be a multi-layered approach to security.
5. Ransomware repurposed
Global Escalation Support Engineer, Peter Mackenzie:
Based on some trends we’re seeing now I think we could see a shift in the way that ransomware is used. Unlike most other malware, ransomware is noisy and scary – it doesn’t work unless you know you’ve got it, and it has to make you feel afraid. As security tools get better at dealing with ransomware, some attackers are using that noisiness as a technique for hiding something else, or as last resort after making money off you another way using, say, key loggers or cryptocurrency miners. Once you’ve removed the noisy ransomware infection it’s easy to think you’ve cleaned your system. What you need to ask is “why did it detonate now?” and “what else was, or still is, running on the computer where we found the ransomware?”.
To read the full article, Click Here!