Elliot Thompson, Principal Security Consultant, SureCloud.
As ever, the end of the calendar year is a useful time to look at the months ahead and make some predictions as to which security threats will afflict businesses over the next year. What can we learn from the tools and techniques being harnessed by cyber-criminals, in conjunction with the ways in which enterprise IT infrastructures are changing? And how can organisations best protect themselves in this changing world?
Cybersecurity practices are constantly improving, and increasing adoption of technologies like harder-to-crack multi-factor authentication, cyber-criminals are similarly evolving. Their combination of well-established infiltration and data extraction techniques with next-generation technologies can be highly sophisticated – and devastatingly effective.
Going phishing in the cloud
Social engineering and credential phishing techniques, for example, have been prominent in cyber-criminals’ arsenal for years now. Now, however, the infrastructure they can gain access to has dramatically evolved, with even the most reluctant organisations recognizing that the scalability, agility and flexibility of the cloud cannot be ignored. Criminals have demonstrated remarkable success in gaining access to Microsoft Azure and Amazon Web Services (AWS) cloud dashboards, usually through credential stuffing or phishing. All it takes is for one individual with admin access to production environments to fall victim to a social engineering or phishing email – and, in large organisations with an array of different user accounts, this is far more common than it should be. In 2020, then, expect to see more and more cloud infiltration which can ultimately be traced back to an individual being successfully tricked.
Ransomware has undoubtedly matured into a stable business model and has truly become one of the most powerful and effective weapons that bad actors can deploy. We’ve seen fewer and fewer instances where ransomware’s poorly implemented cryptography can be exploited to unlock files for free. Likewise, we’ve seen fewer occurrences where an attacker takes over a large network and demands a small amount of money. Unfortunately, many threat actors are capitalising on incomplete backup coverage across organisations.
What does this mean for 2020? I’m predicting a large, fully deployed BlueKeep-based malware campaign. This security vulnerability in Microsoft’s Remote Desktop Protocol, which enables remote code execution on the part of cyber-criminals, could be the starting point for truly devastating attacks.
Machine learning and AI for protection – and nefarious ends
We all know how powerful machine learning and AI are proving for the cybersecurity industry, with more and more security tools and applications leveraging them in order to flag unusual network traffic or user behavior logs. Unfortunately, cyber-criminals have exactly the same tools at their fingertips.
Just as machine learning is being harnessed in exciting ways by security professionals, it is also offering criminals rather more devious possibilities. It will be used more and more frequently when generating malicious content attempting to bypass the already-prevalent machine learning-powered filters. We are truly in a machine learning arms race – and unfortunately there are still too many incidences where the so-called AI powering an apparent clever security tool is in fact just a series of nested ‘if’ statements. Security professionals need to take AI seriously and harness it properly – just as criminals are.
Read Blog 2 here – Learn about the 3 near-timeless classics that will most likely effect SME’s AND enterprises in 2020.
Elliott Thompson OSCP, CTL/CCT-APP, one of SureCloud’s senior security consultants, delivers on a variety of large and unusual pen-testing engagements. Elliott engages targets throughout Europe, Asia, and the Middle East through infrastructure testing and reverse engineering to physical, social engineering and red teaming. Elliott has also appeared on the BBC as a cybersecurity expert, is a CVE identifier, CHECK Team Leader and CREST Registered Tester.
SureCloud is a provider of Gartner recognised GRC software and Cyber & Risk Advisory services. Whether buying products or services your organisation would benefit from automated workflows and insight from the award-winning SureCloud platform. All of SureCloud’s service offerings are fully compatible with the GRC suite of products enabling a seamless integration of information, taking your risk programmes to the next level.