This post is also available in: עברית (Hebrew)
Summary of 2018
2018 has begun with a recovery from the events of 2017 such as WannaCry, Petya, and the information leak from Equifax – an event that preoccupied the industry throughout 2018 and will serve the negative model for cyber crisis management.
2018 has brought with it new events and consequent threats. One of the worst events of the year in cyber security was the hacking of the Marriott chain after purchasing Starwood and the exposure of personal information of over 500 million customers, an event that was spread onto four years.
Alongside information leaks that were the result of hackers’ malintent, 2018 had also other reasons for cyber security breaches. It had processes where sensitive information was exposed as a result of error or negligence, usually events of data mobility like the transference of infrastructure and data to cloud servers, decentralization, operating advanced interfaces (API), etc. In this category we could recall the exposure of Exactis’ database, and the event of personal information exposure on Twitter, resulting from improper data security procedures.
In 2018, which was expected to be the year where privacy regulations would advance both locally and globally, including GDRP, we were acquainted with much unauthorized and improper sharing of information through social media to third party companies (such as Facebook and its cooperation with Cambridge Analytics). Information breaches have increased in cloud servers because of the data’s availability, but the same migration of information had drawn hostile agents anywhere it was to be found, while hackers have focused in places where accessibility to info was highest. This was especially prevalent in digital and mobile applications.
in 2018, out of 600 information-leak events, a significant portion was done on application infrastructure like fitness, recreation and lifestyle apps such as Under Armor, Ticket Fly, Pumpup and My Heritage.
Noted cyber events included the spreading of false information in legitimate science channels (in a disinformation model, or “fake news”), which took shape in different political campaigns.
On the national level 2018 was bound with significant cyber campaigns and attacks by Russia and Iran. A lot of focus was put on information leaks in big corporations and on tapping into research and different academic networks in the world alongside critical infrastructure.
In the field of critical infrastructure there was seen a sharp increase in the amount of threats from IoT and OT networks while the main targets being the user (either locally or as a product of working procedures), the points of interface between OT and IT, and high vulnerability and lack of professional personal for arresting events throughout time.
2018 has raised awareness to critical national infrastructure such as weapons platforms, atomic energy infrastructure, and emergency systems (such as the Triton event which was identified in the TRICONEX system of Snyder Electronics) alongside IoT networks that have come to be intricate and more common.
2018 has seen an increase in the complexity of IoT systems, and the transition from focusing on DDOS events to complicated network events that work on the same plane with applicative interfaces (API), which exploit this plane for multi-system campaign cyber attacks whose purpose is the diversion of traffic, surveillance, etc. (such as the VPNFILTER event).
Cyber criminal groups have signalled their presence throughtout the web in 2018, where small criminal groups merged into criminal syndicates with resources and the ability to cope with enforcement, both physically and cybernetically. Alongside this, there was also seen a change in the model of ransomware, with a transition to localized threats combined with other kinds of threat.
Trends in 2019
Significant Challenges in Information Security and Privacy
The challenge in the cyber defense model for protection against cyber threats stems from a short exposure time and from a lack of adequation to a long time frame required for identification and recovery. This challenge will worsen due to threats a new models that will allow for reduced time lapses from the moment of exposing the weakness to the moment of “arming” the Exploit.
The risk for information leaks will increase due to the hackers’ shift of focus to the places where information is vulnerable including mobile and cloud based apps, alongside information exposure risks that will grow due to insecure info migration.
2019 will be the year where Data Custodians, which is to say information managers entrusted with data security, will have to take initiative action in order to guard our information. They will be required to heavier enforcement of privacy and data protection. This will be done in accordance with the enforcement of local and international regulations such as the GDRP, according to the demand of the interests of the relevant organizations.
Artificial Intelligence as Both Protection and Threat
Artificial Intelligence Technologies (AI) found in the forefront of analytical cyber defense systems will continue to root themselves in defense systems, but in 2019 AI technologies are also expected to form the basis for complex security threats. AI technologies could serve hackers in quickly identifying weaknesses, in the automation of attack procedures, and in creating elaborate campaigns of Social Engineering alongside the improvement of mechanisms for bypassing defense systems, hacking of WEB services defenses, and further mechanisms whose aim is to identify a human user, or a machined BOT, etc.
Threats on Critical Infrastructure
2019 is expected to see an escalation in threats posed on critical infrastructure, both in focusing on strategic-national ones such as energy, water, industry and the like, and also by a focused threat on ICS and IoT infrastructure, both public and private. Focusing on these two sectors will force the move from network-based events to more “secret” threats, allowing the operation of a multi-system and multi-phased threat.
2019 is expecting a rise in Cryptocurrency BOT threats, whose source is in the access to different WEB services. Activating such a threat will give rise to to both decentralized and inclusive events.
A more extensive use of Best of Breed threats is expected this year, in the form of threats that combine a number of attack mechanisms used in a troubling synergy. This model will create a challenge difficult to ignore for cyber security personal since it requires an accordance with procedures for arresting and classifying events.
New Defense Methodologies and Technologies
The dangers in information leaks alongside the increase of network threats coming from the use of Lateral Movement technologies by attackers will lead to a wider implementation of the Zero Trust conception in both business and critical networks, together with the application of advanced analytical defense technologies.
The need for advanced Network Visibility infrastructure will increase throughout 2019 due to the need of dealing with a growing complexity of media networks, the wide migration to cloud servers, and the adoption of micro-nano segmentation conceptions alongside the increase in the amount of encrypted traffic.
The growing lack in professional personnel in the cyber field will require, in 2019 more than ever, an investment in the enrichment of teleprocessing personal using the different technologies, and the application of automation and rapid response time to threats.
By Tomer Nuri, CTO and VP of Technologies in Malam Team