The Cybersecurity Landscape Is Expanding and Evolving Yet The Future Seems Uninspiring

Date : 20-Jan-2020
Location: Global

Key Takeaways:

1. Ransomware attackers raise the stakes
   
   Ransomeware attackers are able to level the fight against Cybersecurity products via reverse engineering concept.
   
   You are watching them, they are watching you - you progress, they catch up.
   
   The main agenda is to ransom you. 


2. Mobile malware trends: Dirty tricks are lucrative
   
   The main agenda is to cheat money - false ad-click, fleeceware, bank-credential stealing.


3. The growing risks of ignoring "internet background radiation"
   
   Unwavering attempts to penetrate enterprise networks in the background by capitalizing on the Remote Desktop Protocol (RDP) and sophisticated automation - slow and deadly.
   
   The main agenda it to penerate a network to cause havoc by planting malware and ransomware (i.e wannacry).


4. Cloud security: Little missteps lead to big breaches
   
   Misconfiguration drives the majority of incidents - usually brought about by new software updates of the cloud platform which results in difficulty in terms of understanding the ramifications and that leads to security compromise inadvertently - i.e Large data breaches.
   
   For example, a security researcher earlier this year serendipitously discovered several Amazon S3 buckets belonging to the backup provider. The buckets contained massive repositories of those companies' email archives, and entire backups of employees' OneDrive storage accounts.


5. Attackers leverage on automation to discover security loopholes whilst relying on human intervention as the last mile to wreck havoc.


6. Machine learning to defeat malware finds itself under attack.

Machine learning systems can be evaded in ways that are analogous to how attackers evade “conventional” malware detection.


7. Ten years out, machine learning targets our "wetware"
   
   Machine learning as a subset of automation, both the Jedi and the Dark Side will capitalize on the technology to progress further.
   
   Machine learning will benefit by tapping on the raw creativity of the human brain, the line is blurred even further.

 Spokeperson:

• Joe Levy, Chief Technology Officer, Sophos, said that Cybersecurity companies need to master the ability to simplify the vast sea of real world Cybersecurity complexity - better understanding drives better decision making.

Insights:

1. Cryptomining Cloud Breach Scenario
   
   Some criminals continue to try to spread malicious cryptominers even onto major cloud platforms, despite the declining return on investment such schemes deliver, because, after all,the resources required for cryptomining don't belong to the criminal and cost them nothing.
   
   Cryptomining criminals target breached cloud platform accounts to provision hundreds of new machines on the victim's account, each running Cryptomining software.
   
   The chain reaction would be triggered by a home PC infected with credential-stealing malware is used by the victim for work when he login to the enterprise network.



2. Attackers are using a combination of automated tools and humans to more effectively evade security controls than ever before.



3. Attackers are clever to mimic legitimate administrator activities and behaviours, evading basic monitoring radar scan for malicious activities.



4. Attackers have realized that when they are able to destroy backups, it results in a higher percentage of victims paying the ransom.



5. PowerShell and PsExec continue to be stalwart tools for IT administrators when conducting normal administration activities in their environment. Unfortunately, they are also utilized in techniques for persistence, propagation of ransomware, and to exfiltrate data.
   
   The security challenge is determining the difference between malicious and non-malicious use of these commonly utilized administrative tools while conducting the investigation.



6. Automated content generation combined with some degree of personalization scales much more effectively than individual-to-individual scamming, and lends itself naturally to personalization for and micro-segmentation of potential victims.

Cryptomining Cloud Breach Scenario

Editor's comments:

• Security compromise can be greatly reduced if the standard-operating-procedure (SOP) for security-safety working environment is constantly reviewed and all employees play by the rules without compromising a single step.
• Transparency of both directions (bottom-up and top-down) is critical to ensure that an environment's security is integrated.
• The biggest lesson of this threat report is that IT operations must not be too creative and ambitious - better slow and safe - automation and A.I are liabilities.
• Cybersecurity team requires a keen sense of crime investigation in order to discover not just potential security loopholes but security breaches and compromises.
• The future looks high tech yet uninspiring and emits darker fate for humanity - is good to stay offline sometimes.

Reference:

• Sophos 2020 Security Threat Report.