A LOOK BACK AT 2014; AND FIVE, PROMINENT CYBER SECURITY TRENDS THAT ARE LIKELY TO DEFINE 2015

by Fortuna's Corner

December 29, 2014 

A Look Back At 2014; And Five, Prominent Cyber Security Trends That Are Likely To Define 2015

The website TechCrunch.com takes a look back at 2014; and, forecasts what they see as the five most prominent cyber security trends they believe will define the sector in 2015. Yoav Leitersdorf and Ofer Schreiber, are partners in YL Ventures, which invests early in cyber security, cloud computing, big data, and Software-as-a-Service companies, and are authors of the article with the title above.

Their basic bottom line for 2014 was, nobody was safe — from JP Morgan Chase, to Sony Entertainment, to Home Depot, Neiman Marcus, government entities, Universities, and private companies/individuals, cyber criminals were brazen, active, persistent, and showed progress in their use of sophisticated, insidious, destructive malware. Industrial grade stealth malware, zero-day bugs selling for $1M a copy, the proliferation of The Dark Internet, the balkanization of the Internet and the rise of “gated-communities,” as well as the proliferation of the use and employment of encryption software were all prominent in 2014.

In a look ahead to 2015, the authors single out these five cyber security trends that they believe will define the year ahead: 1) The Rise of Automated Incident Response. “Today’s enterprises must not only detect and prevent potential threats; but, be prepared to react quickly when breaches occur. Enterprises like Target are being successfully sued by banks for failing to act on security alerts. One of the clear lessons from the Target hack,” the authors contend, “is that the traditional Incident Response process — which is mostly based on manual processes — is broken.” Companies have been slow to react to the threat posed to their systems; and, have mostly confined themselves to a reactive mode — hoping a major hack doesn’t occur — and, failing to adequately posture and prepare ahead of the time. “Reducing the time from discovery/detection, to response and remediation –could dramatically minimize an attacks damage,” they write.

“That’s where Automated Incident Response solutions come in — they don’t leave alerts unhanded, and can react instantly (much faster than humans) when bad scenarios unfold,” the authors write. “Enterprises with limited human resources, face escalating liabilities for failing to adequately respond to detected threats.”

TechCrunch forecasts that Chief Information/Security Officers will increasingly turn to Automated Incident Response solutions in 2015.

2) Cloud Security Becomes A Shared Responsibility: “Enterprise IT departments are generally behind in keeping the cloud secure, heavily relying on security features provided by cloud vendors. Most of the SaaS vendors in particular, don’t have security as a first priority; and so, they fail to provide sufficient data governance, control, and compliance,” TechCrunch notes. Thus, the trend by CIO’s and CISO’s that see the security of the cloud as a shared responsibility is likely to continue and perhaps accelerate on a broader scale in 2015.

“A new crop of startups will provide a deeper visibility and transparency into cloud storage, as well as unique threat analysis, and proactive enforcement of cloud application and security services,” in 2015. And, TechCrunch says, “expect CIO’s and CISO’s to dedicate/allocate meaningful budgets to it in 2015.” Cyber security finally makes it to the boardroom in 2015.

3) Advanced Persistent Threats Surge: “In 2015, cyber security departments should be particularly careful about Advanced, Persistent, Threats (APT’s),” TechCrunch says. “These attacks are stealthy, as they target a specific entity; and, specifically penetrate the network over weeks, or months, waiting for the right moment to make their move — and, exfiltrate valuable data from the enterprise. Credit card numbers will still be valuable to hackers throughout 2015, because the deadline for retailers to upgrade point-of-sale systems capable of processing chip-and-PIN credit cards is not until October 2015; and, TechCrunch foresees this deadline being extended.

According to the Ponemon Institute, the average cost of a data breach in 2014 was $3.5M, while Target optimistically projected more than $148M in damages. “Cloud-first,” detection solutions that leverage multiple sources of threat intelligence (for example: botnet interception + log analysis + sandboxing) are easy for enterprises to deploy — will be the most successful in 2015.”

4) Cyber Vendors Become Frenemies: The constant and ever-evolving cyber threat contributes to a rich field of start-up cyber security companies, offering solutions across a wide-spectrum of domains, including protection, discovery, and remediation software that are: signature-based; comprised of machine-learning algorithms; and/or utilize big-data analytics. TechCrunch notes that “buyers find themselves perplexed by the plethora of choices and are uncertain where the best bang for their cyber buck resides. “Rather than manage all these process separately, CISOs prefer to deploy comprehensive solutions that integrate well with one another, and create a synergetic security posture. TechCrunch forecasts that 2015 is likely to see a more collaborative environment among cyber security vendors.”

5) Increased Mergers And Acquisitions In The Cyber Security Sector Is Likely: “Now, more than ever,” TechCrunch contends, “cyber security innovation is carried out by small teams working within startups. The large vendors are always on the lookout to acquire new products to compliment their existing portfolios.” TechCrunch projects that the cyber security domain is likely to see increased mergers and acquisitions activity, as larger companies gobble up the smaller ones — to enhance their overall posture and offerings, while at the same time, eliminating a potential rival.

The Sobering Cyber Future; Cyber Security Trends From The Perspective Of A Black Hat Hacker

Interesting, and there may be some ideas worth exploring with respect to getting an investment footprint in selected areas outlined above. But, I found their forecasts rather pedestrian. The December 4, 2014 website, IT News Africa, had a story attempting to peer deep into 2015 and make some educated guesses as to what the top five cyber threats [globally] that we’re likely to see. First, some general observations: “as the number of devices connected to the Internet/World Wide Web increases, cyber criminals will continue to hone their prowess when it comes to The Internet of Things (IoT),” using more advanced/sophisticated techniques as well as more devious denial, deception, and evasion practices. Cyber criminals will continue to exploit large-scale server side vulnerabilities for financial gains; and other purposes — putting consumers private and personal information at risk — through cyber breaches of large corporations and their second/third tier suppliers.

1) [Cyber] Blastware To Destroy Systems, Erase Data, And Cover Hacker Tracks: “This destructive new trend of [malicious] malware, following Scareware, and Ransomware, could lead to the ability for hackers to infiltrate systems, gather data, and then wipe out the information to/on systems, and hard drives…to cover tracks and thwart forensics.” IT News Africa quotes the BlackHat hacker. FortGuard Labs observed the first indications of Blastware in 2014. Dorkbot/NGRbot, where the hackers had code routines built-in, that if altered, would — would self-destruct and wipe out all the information on the hard drive/s. This is a direct counter response, the Black Hat hacker contends, to the rise of corporate incident response teams, remediation and restoration/resiliency. The cyber security firm, Fortinet, predicts that “Advanced Persistent Threat (APT) developers will build in sophisticated self-destruct mechanisms — in a seek and destroy fashion — that could hamper law enforcement and forensics efforts — as these resources increase [and become more widely used] to fight cyber-crime. Hackers may also seek to use these tactics for ransom — i.e., threaten to destroy the data, unless a ransom is paid in a certain timeframe — something the malicious program – CryptoLocker – became infamous for.”

2) Hackers Look To Evade Law Enforcement, Frame The Innocent: “As cyber crime increases, law enforcement practices to catch and penalize perpetrators increase with it. Thus, hackers must be more careful and calculating to [successfully] evade discovery and capture. In 2015, advanced evasion techniques will evolve in order for attackers to cover their tracks. To date, evasion has been focused on counter antivirus and intrusion prevention/antibotnet. Fortinet predicts this will evolve with a focus on Sandbox evasion. In addition, similar to counter intelligence, it is possible that attackers will frame the innocent by throwing more red herrings into their attacks — to thwart investigators; and, intentionally planting evidence that points to an unassociated attacker. Intelligence agencies and nation-states, sophisticated hacker groups, and other cyber hacker malcontents are likely already utilizing these tactics — and, they are only likely to become more mature and devious.”

3) The Internet of Things — Becomes The Internet of Threats: “In 2014, we saw an interesting shift — namely HeartBleed and Shellshock — focused on server side vulnerability and exploitation. Looking to 2015, we fully expect this trend to continue in an alarming way — as black hat hackers pry open The Internet of Things. Hackers will continue to follow the path of least resistance, as more and more devices are connected to the world wide web. Vulnerabilities that Black Hat hackers will look to exploit will include: Consumer home automaton and security systems, as well as webcams, which we are already beginning to see. On the Enterprise side, Network Attached Storage and Routers will continue to be targets, as well as critical infrastructure such as Human Machine Interfaces (HMI) and Supply Chain systems, which will create significant problems with third-party components, and patch management. Common malware sold and distributed will include SCADA functionality, such as Havex’s OPC routine that would fingerprint devices used in industrial networks; and, report this back to users.”

4) Denial of Revenue/Data Breaches Continue – And Expand: ” 2014 is becoming known as “the year of the data breach,” with significant thefts from stores like Target, Michaels, P.F. Changs, and Home Depot. FortiGuard, predicts this trend will continue in 2015, as hackers become more sophisticated; and, find new loopholes for infiltrating retail and financial systems. In the New Year, damages will also extend to denial-of-service on assembly line, factory, ERP/SAP systems, as well as healthcare and building management, creating even more challenges in the way of critical consumer data compromises, revenue losses, and reputation damages for organizations globally.”

5) Rise In Counter Threat Intelligence: “Crime services and solutions have already supported QA for malware, including sample scanning. Fortinet predicts this to extend to support QA for threat intelligence; and, undetected coverage for indicator of compromise (IOC) in 2015. As crime services extend their research and coverage, hackers will utilize the same type of processes for determining the best ways to bypass security systems. For example, current crime services scan malware against vendors’ capabilities to stop it; and give them a score result. As vendors expand from malware detection to threat intelligence correlation, criminals will work to counter this movement with the same type of approaches to find out if their botnet infrastructure is flagged in other intelligence systems as well, and work to hide their tracks.”