Wednesday, December 14, 2016

Ten Cybersecurity Predictions for 2017

by Dr. Chase Cunningham, ECSA, LPT 
Director of Cyber Operations, A10 Networks 

The cyber landscape changes dramatically year after year. If you blink, you may miss something; whether that’s a noteworthy hack, a new attack vector or new solutions to protect your business. Sound cyber security means trying to stay one step ahead of threat actors. Before the end of 2016 comes around, I wanted to grab my crystal ball and take my best guess at what will be the big story lines in cyber security in 2017.

1. IoT continues to pose a major threat. In late 2016, all eyes were on IoT-borne attacks. Threat actors were using Internet of Things devices to build botnets to launch massive distrubted denial of service (DDoS) attacks. In two instances, these botnets collected unsecured “smart” cameras. As IoT devices proliferate, and everything has a Web connection — refrigerators, medical devices, cameras, cars, tires, you name it — this problem will continue to grow unless proper precautions like two-factor authentication, strong password protection and others are taken.

Device manufactures must also change behavior. They must scrap default passwords and either assign unique credentials to each device or apply modern password configuration techinques for the end user during setup.

2. DDoS attacks get even bigger. We recently saw some of the largest DDoS attacks on record, in some instances topping 1 Tbps. That’s absolutely massive, and it shows no sign of slowing. Through 2015, the largest attacks on record were in the 65 Gbps range. Going into 2017, we can expect to see DDoS attacks grow in size, further fueling the need for solutions tailored to protect against and mitigate these colossal attacks.

3. Predictive analytics gains groundMath, machine learning and artificial intelligence will be baked more into security solutions. Security solutions will learn from the past, and essentially predict attack vectors and behvior based on that historical data. This means security solutions will be able to more accurately and intelligently identify and predict attacks by using event data and marrying it to real-world attacks. 

4. Attack attempts on industrial control systems. Similar to the IoT attacks, it’s only due time until we see major industrial control system (ICS) attacks. Attacks on ecommerce stores, social media platforms and others have become so commonplace that we’ve almost grown cold to them. Bad guys will move onto bigger targets: dams, water treatment facilities and other critical systems to gain recognition.

5. Upstream providers become targets. The DDoS attack launched against DNS provider Dyn, which resulted in knocking out many major sites that use Dyn for DNS services, made headlines because it highlighted what can happen when threat actors target a service provider as opposed to just the end customers. These types of attacks on upstream providers causes a ripple effect that interrupts service not only for the provider, but all of their customers and users. The attack on Dyn set a dangerous presedent and will likely be emulated several times over in the coming year.

6. Physical security grows in importance. Cyber security is just one part of the puzzle. Strong physical security is also necessary. In 2017, companies will take notice, and will implement stronger physical security measures and policies to protect against internal threats and theft and unwanted devices coming in and infecting systems.

7. Automobiles become a target. With autonomous vehicles on the way and the massive success of sophisticated electric cars like Teslas, the automobile industry will become a much more attractive target for attackers. Taking control of an automobile isn’t fantasy, and it could be a real threat next year.

8. Point solutions no longer do the job. The days of Frankensteining together a set of security solutions has to stop. Instead of buying a single solution for each issue, businesses must trust security solutions from best-of-breed vendors and partnerships that answer a number of security needs. Why have 12 solutions when you can have three? In 2017, your security footprint will get smaller, but will be much more powerful.

9. The threat of ransomware growsRansomware was one of the fastest growing online threats in 2016, and it will become more serious and more frequent in 2017. We’ve seen businesses and individuals pay thousands of dollars to free their data from the grip of threat actors. The growth of ransomware means we must be more diligent to protect against it by not clicking on anything suspicious. Remember: if it sounds too good to be true, it probably is.

10. Security teams are 24/7. The days of security teams working 9-to-5 are long gone. Now is the dawn of the 24/7 security team. As more security solutions become services-based, consumers and businesses will demand the security teams and their vendors be available around the clock. While monitoring tools do some of the work, threats don’t stop just because it’s midnight, and security teams need to be ready to do battle all day, every day.

About the Author

Dr. Chase Cunningham (CPO USN Ret.)  is A10 Networks' Director of Cyber Operations. He is an industry authority on advanced threat intelligence and cyberattack tactics. Cunningham is a former US Navy chief cryptologic technician who supported US Special Forces and Navy Seals during three tours of Iraq. During this time, he also supported the NSA and acted as lead computer network exploitation expert for the US Joint Cryptologic Analysis Course. Prior to joining A10 Networks, Cunningham was the director of cyber threat research and innovation at Armor, a provider of cloud-based cyber defense solutions. 


Yahoo! -- One Billion Accounts Compromised

Yahoo! confirmed that hackers stole data and compromised more than one billion user accounts in August 2013. The exploit was first disclosed by Yahoo! in November and is most likely different from incident disclosed on September 22, 2016.

Separately, Yahoo previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users' accounts without a password. Based on the ongoing investigation, the company believes an unauthorized third party accessed the company's proprietary code to learn how to forge cookies. The outside forensic experts have identified user accounts for which they believe forged cookies were taken or used. Yahoo is notifying the affected account holders, and has invalidated the forged cookies. The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.

https://yahoo.com/security-update

Yahoo Cites State Actor for Massive Security Breach

Yahoo believes a state-sponsored actor breached its network in late 2014 and may have stole names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers from at least 500 million accounts.

Yahoo said its ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information.

http://www.yahoo.com

FBI Arrests USC Student in DDoS Sweep

The FBI announced the arrest of Sean Sharma, a graduate student at the University of Southern California, for his suspected role in a distributed denial of service (DDoS) attack against a San Francisco chat service company.  The arrest came as part of an operation aimed at users of “DDoS for hire” services. The sweep, which was coordinated from The Hague in the Netherlands by Europol’s European Cyber Crime Centre (EC3), yielded nearly three dozen arrests in 13 countries.

https://www.fbi.gov/news/stories/international-cyber-sweep-nets-ddos-attackers

Alibaba Cloud for Japan Ready for Launch

Alibaba Cloud for Japan is ready for commercial launch on December 15, 2016.

The service is provided by SB Cloud Corporation, which is a joint venture between SoftBank Corp. and Alibaba Group Holding Limited.

Alibaba Cloud, the cloud computing arm of Alibaba Group, has the largest share of the Chinese market with its services. Its services provide the critical infrastructure that supports the Alibaba Group’s e-commerce sites, which recently processed a maximum 175,000 orders per second during this year’s Singles’ Day, a large-scale sale that takes place in China on November 11.

With Alibaba Cloud, customers can use Alibaba Group hosted data centers in China, the United States, Hong Kong, Singapore and other locations in addition to those hosted by SB Cloud in Japan.

https://www.sbcloud.co.jp/

AWS London Opens for Business

Amazon Web Services officially launched its AWS London Region, offering two availability zones (data centers).  The new London Region is currently available for multiple services, including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and Amazon Relational Database Service (Amazon RDS).

The London Region joins Ireland and Frankfurt as AWS’ third European location. This brings the number of AWS Regions worldwide to sixteen, and the total number of AWS Availability Zones to 42.

https://aws.amazon.com/about-aws/whats-new/2016/12/announcing-the-aws-europe-london-region/

AT&T Connects NASA's Deep Space Network Radio Antennas

AT&T will provide a global VPN linking the giant radio antennas of NASA's Deep Space Network.

AT&T said its highly secure and reliable VPN lets NASA protect and transmit data 3x faster than before. It also lets NASA increase of decrease bandwidth on demand.

NASA’s Deep Space Network supports communications for interplanetary spacecraft missions. It also provides radar and radio astronomy observations that improve our understanding of the solar system and the larger universe

http://www/att.com
http://deepspace.jpl.nasa.gov/about/

Arista Wins in Copyright Case Versus Cisco

A U.S. jury in the Northern District of California has found that Arista is not liable for copyright infringement related to Arista’s use of a small number of commands similar to those found in Cisco’s Command Line Interface (CLI), and does not owe damages to Cisco.

“We would like to thank the jurors and Judge Freeman for their tireless efforts. Today’s verdict represents an important victory not only for Arista but for the entire industry,” said Marc Taxay, Senior Vice President and General Counsel of Arista.

http://www.arista.com


Cisco Confirms Import Ban for Infringing Arista Products


In a blog posting, Cisco's Mark Chandler confirmed that the office of the U.S. Trade Representative has stated that the International Trade Commission’s import ban and cease and desist order covering all Arista products that infringed three core Cisco patents is now in effect. In the statement, Chandler said Cisco is prepared to bring an enforcement action if Arista violates the ban and continues to sell or support infringing products. http://blogs.cisco.com/news/protecting-innovation-facing-the-facts Cisco...


Blacksky Integrates Satellite Imagery wtih Data Streams

Spaceflight Industries introduced a cloud-based platform that integrates satellite imagery, social media and other data feeds – to reveal timely and relevant insights around specific topics or locations.

The new BlackSky global intelligence platform offers two major capabilities:


  • Imagery: Customers can discover, purchase and download imagery via the BlackSky platform, which currently provides access to more than 10 high-resolution imaging spacecraft including those from 21AT’s TripleSat, SIIS’s KOMPSAT, and UrtheCast’s Deimos-2. The platform will incorporate data from BlackSky’s 60-satellite constellation as it enters commercial operation in 2017. Additionally, customers can acquire real-time images by tasking partner satellite systems and soon the BlackSky constellation.
  • Insights: The platform fuses the satellite imagery with information from other sources including news outlets and social media to create curated data feeds by location (ex: port, pipeline, border) or theme (ex: geopolitical conflict, natural disasters, energy, or health/outbreak). Through machine learning, predictive algorithms and natural language processing techniques, the platform triangulates these relevant global events in time and space. Customers then receive customized results that are prioritized based on their preferences.

“Our business plan has always been to look at the planet in real time, in every spectrum, to solve real-world problems,” said Jason Andrews, chief executive officer of Spaceflight Industries. “Today we are announcing significant progress on that journey. For the first time, organizations can fuse satellite imagery with a wide array of data services contextualized in time and space”

http://www.blacksky.com

See also