Beef up your infosec in 2019 with these recommendations.
This has been quite a year for data breaches, with reports that numerous unsecured Amazon Web Services storage containers were inadvertently made public, a rise in hidden cryptomining malware, and lots of victims continuing to fall for ransomware and other botnet attacks. So, with that context, let’s look at what security trends 2019 could bring and ways to prepare for the coming year.
1. Hidden coinminers continue to proliferate, and malware authors are taking advantage of them to disrupt your business. At the beginning of 2018, hidden coin=miners were popular malware tools because of the rising price of cryptocurrencies. As we moved through the year, malware authors got more sophisticated and designed better tools that were harder to detect. As examples, one piece of malware exploited blockchain technologies, while another one was disguised as an application update.
Trend: Cryptomining will continue to be a threat as long as attackers can make quick cash from infections. Be on the lookout and deploy tools designed to detect these exploits.
2. Better automation will be essential for defenders, especially as networks and threats become more complex. The time between when a vulnerability is discovered and when the malware authors have developed an exploit now can be measured in a matter of minutes. This means that automated patching tools such as SaltStack for SecOps, Tachyon, and numerous others are critical to successfully deploying fixes across the large digital infrastructures that run many modern businesses.
Trend: Expect to see more sophisticated artificial intelligence features in security tools in 2019.
3. Cloud security remains an issue, mainly due to user neglect and configuration errors. The most recent example was a batch of documents from the United Nations that were leaked because of an insecure Trello board. Checking a single box is all it would have taken to easily secure the data in such situations.
Trend: While new cloud security measures will come out in 2019, user error is still the weak link, as protections are often neglected or workloads are often mistakenly misconfigured. The news is filled with reports of numerous companies leaving AWS S3 storage buckets open, unintentionally or otherwise. GoDaddy, Level One Robotics, Nice Systems, the Los Angeles 211 service center, LocalBlox, Octoly, and Viacom all had their private data records harvested in this fashion over the past year.
4. The old chestnut of having better backup verification still holds true. Don’t be another city of Atlanta or Equifax, which both mistakenly thought their data was protected with backups. However, neither bothered to really examine the backups or practice recovery drills to learn how to respond to incidents.
Trend: Sadly, you can’t fix stupid. So expect these sorts of problems to continue in 2019.
5. Speaking of drills, you need to develop the offensive side of your house. Activities such as red team and table top exercises will become more important in efforts to find holes in your security infrastructure and hone breach responses. A number of vendors offer one or both of these, such as Cybergym, FireEye/Mandiant, SANS/Kroll, Context Security and Cyberbit. Mitre has a detailed 50-page playbook here and offers the ATT&CK red team matrix for self-assessment.
In addition, you should examine how to incorporate into these exerciseslaw enforcement personnel like the St. Louis Regional Computer Crimes Education and Enforcement Group. It brings together the area’s law enforcement officers and computer professionals to help solve crimes, similar to what the major case squad does for ordinary crimes. The group holds a series of classroom training courses to help law enforcement identify, collect, and preserve digital evidence.
Trend: Expect to see more of these types of drills and exercises conducted in 2019.
6. Get serious about multifactor authentication. This year saw the announcement of FIDO2 tools and protocols that can help improve security using hardware keys. Cisco’s acquisition of Duo is an indication of how important smartphone authentication apps can become in the coming year.
Trend: FIDO2 will continue to gain adherents (see this recent announcement about better browser integration), and smartphone authenticator apps will improve and become better integrated into numerous mobile products.
7. Try to rid yourself of Windows 2000 and XP once and for all. Those ancient machines are just asking for trouble, no matter how well they are segmented and protected. Do you really know all your endpoints that are running these operating systems? This past year saw Microsoft release patches for Windows 7 versions.
Trend: Unfortunately, we can expect to see additional exploits based on these older PC versions, with “older” being defined as anything before Windows 10.
8. Attackers are getting more sophisticated, but they’re still lazy. We continue to see new exploits, but often they just leverage existing methods with a twist. Network printers are still a threat, but now multifunction fax machines can be infected with malware. While Office files still are a popular malware distribution mechanism, hackers are using IQY files that can infect unwary users. IoT devices continue to be compromised via their default telnet passwords, but then malware authors have found new vulnerabilities to take advantage of.
Trend: Many attacks try brute-force password attacks, such as the one experienced by AdGuard recently. Make sure your intrusion detection defenses are set up properly to warn you of these kinds of efforts.
9. Attackers are also working harder to hide their malware from detection. Doing this helps malware persist longer on enterprise networks: Recent news about an attack on Chegg and another at the United Nations shows that the infections lasted for months before their respective IT staffs found out about them. It is a cat-and-mouse game—as defenders get better at their skills, the attackers improve their obfuscation techniques.
Trend: Fileless malware attacks that leverage PowerShell and other OS-native commands and code will continue. These techniques leave very little evidence of their work or use misleading actions that appear to be normal OS tasks. Security staffs will have to improve their detection prowess to track down these infections in 2019.
10. More security awareness training will need to happen and do so on a continuous basis. This kind of training will become more essential in 2019. With security awareness, you are only as good as yesterday’s response. Every day, someone is trying to leverage their way into your network, your data, and your corporate reputation. Every day, your network is being bombarded with thousands of phishing attempts. Someone is sending multiple emails with infected attachments. Hackers are continuously trying reused or common passwords and coming up with new blended threats—and we don’t even know how they are constructed. Every day, users are attaching infected phones and laptops to your network that can serve as new entry points for attacks. Having awareness training is the best way to combat user errors and fight these phishing attacks.
Trend: 2018 has seen the acquisition of numerous vendors in this market segment, including Wombat (bought by Proofpoint), PhishLine (by Barracuda), Securecast (by Webroot), and Popcorn Training (by KnowBe4). We’ll see additional consolidation in this space in 2019, and hopefully more IT shops will get the message that continuous training is the default method of operations.
Destination url: http://hpe.to/6006DCZDn
