Although predicting the future is fraught with risk, emerging technologies continue to raise interesting questions as to their vulnerability and predilection to threats.
Hackers are not the elite group of IT experts we might have thought they were in the past. With the vast publication of generic exploitation toolkits that have been used it is now a field open to virtually anyone who can download, install, and run via a wizard control program with a menu of exploitation choices and subsequent payloads.
There are currently over 70 different exploitation kits out “in the wild”, each taking advantage of hundreds of vulnerabilities on various operating systems and applications.
But in truth, most businesses make some embarrassingly basic mistakes when it comes to cyber security. The biggest mistake being ignorance—not educating yourself about the latest developments in cyber crime could seriously damage your business.
For example, in 2015 TalkTalk fell foul of an SQL Injection vulnerability that has been known since 1998, apparently wielded by a teenager.
So let’s call out some of the latest developments, one by one. Because when you know about them, you can start to educate yourself and protect your business.
1. Machine-to-Machine Exploits
The rise of Machine-to-Machine (M2M) technology is expected to increase as the Internet of Things (IoT) explodes to over 6.4 billion devices in 2016, according to Gartner.
We have already seen interest in attacking PoS devices and researchers Miller and Valasek demonstrated flaws in the compromise and control of connected vehicles in 2015. Gartner also predicts that 20 billion devices will be connected by 2020 and as well as the bulk of industrial engineering end points and a multitude of medical devices such as heart monitors connected into various reporting systems.
The scope and availability of many more devices for the average hacker to exploit are huge.
2. Land and Expand
Fortinet predicts a “Land & Expand” tactic in which hackers look to exploit further away from the defensive core by first targeting employees’ personal technology.
Security policies that incorporate end-point protection for BYOD - extending the protected perimeter outwards - will be well placed for the future.
Fortinet also predicts that headless devices such as smartwatches may well be targeted by worm attacks like the virus codes that were seen in the early 00s.
3. Jailbreaking the Data Centre
The Data Centre is not exempt from vulnerability; a form of Jailbreaking of the hypervisor has already been exploited. Venom used floppy disk drivers to break out of the hypervisor and gain access to host operating systems.
There may well be more of this type of exploitation as the continual expansion of virtual platforms proceeds.
4. The Rise of Ghostware/Blastware
Fortinet foresees the rise of Ghostware, which follows in the footprint of identity protection services such as Snapchat.
Malware which can perform a function and then delete and trace itself has already been proved as viable when researchers saw Rombertik as the first Blastware which, once installed, determines if it has been detected or reverse-engineered, then self-destructs, permanently crashing the host system to avoid detection.
5. Two-faced Malware
As Sandboxing technology becomes more prevalent in “testing” the intentions of applications entering the enterprise, Fortinet predicts the growth of Two-Faced Malware.
This Malware is designed be appear to be benign to avoid detection but then executes a malicious process once it passes security scrutiny. Even worse, on passing through a sandbox successfully, the malware may get awarded a “safe” category, which proliferates throughout the organisation or even globally.
There are enough concerns in the future to safely predict that as threats morph and increase, the platform on which business security resides will need to scale up and adapt to meet them.
It is vital that investment now forms a sound foundation and is not lost in the near requirements of the future.
So, if you would like more advice on securing your business, please get in touch. We’d love to help you out.