The digital threat landscape has shifted considerably, with several landmark events transpiring over 2017 that affected the way we view cyber security. The new year will be sure to introduce brand new attacks, but many of the same trends we saw emerge this year will continue and evolve throughout 2018. In our 2018 cyber security predictions, we've outlined what we think will be the key things to watch as we welcome a new year in digital threat management.
Attackers will Continue to Discover and Target Organizations’ Blind Spots
As perimeter security gets stronger and stronger, malicious actors will look for softer entry points to an organization. As a result, hackers are becoming increasingly sophisticated at collecting external data about their targets, and are using it to discover and exploit assets online that security teams are unaware of, or lack the resources to protect.
Conflict in Eastern Europe Will Drive Cyber Attacks
Driven by cyber espionage and warfare, areas in Russia and Ukraine will continue to be an area of digital disruption like we’ve seen with NotPetya and BadRabbit. These attackers will often target unmonitored and undefended, externally (internet) exposed assets such as cloud applications, partner and vendor applications, and third-party hosting providers. This tactic will lead to an increasing number of breaches via digital channels, where many digital assets are unknown and unmanaged by the organizations that are responsible for them
Compromised Infrastructure Will be a Key Infection Vector
As recent attacks have shown, actors will continue to leverage compromised infrastructure as an infection vector to target individuals and organizations of interest. With this avenue of attack now common, it will become crucial for security operations and incident response groups to be able to investigate correlations between compromised and actor-owned infrastructure. As such, web crawling capabilities will be critical to incident response.
Hunt teams will need to deploy increasingly modern sophisticated technology to detect them in the form of combined internet security datasets that link together related hosts, third-party web components, and WHOIS information. This enhanced data will fingerprint and track these new threat actor tactics.
Machine learning Will Not Replace Humans; It Will Empower Them
Tools that leverage vast data sets and predictive analytics to automate investigative processes to keep pace with the ever-shifting threat landscape will serve as a "mech suit" for human analysts. By pivoting between data relationships at accelerated, "superhuman" speed, they'll be able to efficiently gain the offensive edge against an attacker by preventing their next move.
Because automation can sort, classify, and monitor internet data over time to provide a complete picture of an attacker and its evolving techniques, these "mechanized analysts" can begin an investigation with a single domain, IP address, or piece of malware and quickly identify other potentially linked indicators.
Attackers Will Adopt Machine Learning, Too
Threat actors will increase their adoption of adversarial machine learning to evade detection by infrequently trained machine learning models. The good guys' machine learning models will need to evolve quickly to keep up with these threats by incorporating instance-based approaches.
The value of large data lakes will increase as security companies turn to machine learning-based solutions. The most valuable of these datasets will be labeled, hand-curated data sets that can be used to train supervised machine learning models.
Spear Phishing will Become More Sophisticated
Spear phishing (targeted phishing) campaigns will leverage or impersonate respected brands and direct unsuspecting users to realistic destinations to harvest credentials and other personal information. The fact that 50 journalists were recently scammed in this way through a fake Atlantic recruitment campaign attests to the believability of some of the campaigns we'll see in 2018.
Get Prepared for 2018
You can materially improve your security posture by implementing a complete digital risk management framework across your digital channels. Start with comprehensive visibility across your web, social, and mobile assets and adopt an integrated platform for external threat management—one that provides the tools that help you discover your entire attack surface, and alerts your security team as threats materialize in the wild. It should also provide proper workflow and relevant data for quick incident response.
Learn more about how RiskIQ can help prep your security team for 2018 and beyond.