December is a great time to look back on the year and look forward to what to expect in the new year. The McAfee Labs security team released their annual report about the cybersecurity threats to expect in the next five years. Unfortunately the news is that if you thought ransomware, data breaches and hacked Jeeps were disruptive; just wait to see what’s coming.
Hardware attacks are a relatively new vector for cyberattacks. USB flash drives have spread worms that conduct surveillance and remain installed even if the drive is reformatted. Attacks on disk drive firmware and GPUs have shown that vulnerabilities in BIOS and other firmware can give attackers more control by providing access to the entire physical machine without triggering any alarms. The same goes for virtual machines and memory. It’s a race to control the bottom of the stack for both defenders and attackers.
Looking forward, the report states: “Intel’s famous Moore’s Law will accelerate mathematical operations to the point where the cost of hardware-based data encryption will approach zero.” Improvements in encryption will encourage developers to use it more, improving the protection of data at rest, in use, and in motion.
Ransomware has expanded over the last year and is predicted to only increase in sophistication in the future. Cryptowall, CryptoLocker, CoinVault, Bitcryptor… McAfee expects new families of ransomware to expand on stealth tactics like silent encryption of both system and backup data, with potential use of kernel components to encrypt data on the fly. Another trend predicted to continue is ransomware-as-a-service where inexperienced cybercriminals gain access to the services through the Tor network and use virtual currencies as payment while staying relatively anonymous.
Adobe Flash continues to be the most frequently attacked application, though McAfee sees some progress on that front with mitigation features deployed in recent Flash Player patches. Still, the transition away from Flash is expected to be slow with all of the legacy content still out there for desktops. One bright point is that the new Microsoft Windows 10 browser is expected to be more resilient to hacking with features like the Memory Garbage Collector than the frequently targeted IE browsers it’s replacing.
Cloud? The short answer is that while it’s great for companies as a money saver its adoption also means the Cloud is a treasure trove for hackers. Beyond embarrassment of data leaks like the Ashley Madison site, hackers penetrated the computer systems of a major newswire service, stealing information used to illegally make stock trades resulting in millions of dollars in illegal profits over five years.
The expansion of Internet of Things, whether as wearable devices on humans, home automation hubs, or distributed devices in cars and sensors of all sorts are all potential keys to our digital kingdoms. Just add some poorly-written code or a systemic vulnerability and that must-have device of modern life can become a liability. McAfee predicts that within the next year wearables will be compromised and providing valuable data for spearphishing campaigns. Automotive attacks will increase to the point that vehicles without foundational security principles will be hacked in ways that result in a loss of life.
Improving Cybersecurity in your network with Uplogix
Uplogix is part of a secure distributed network. With security features developed for customers in finance and the military, Uplogix is a secure gateway for policy enforcement and compliance – whether the network is down or degraded. Not all console servers are created the same. In addition to all of its security functionality, Uplogix is a closed appliance. Other console servers are open implementations of Linux which could mean trouble.