Archive - January 2018

Business cyber crime up 63%, UK stats show
DDoS Attacks Become More Complex and Costly
DDoS Attacks Evolve, Remain a Potent Threat
Test your cyber defenses with DIY DDoS
Defense Dept. blocks 36M malicious emails daily, fends off 600 Gbps DDoS attacks
U.K. Hacker Jailed For DDoS Attacking Pok?mon GO
Hackers Will Target Small Business Through the Internet of Things in 2018, New Report Says
Governments should use buying, regulatory power to fight botnets: Expert
New year, new defence: Cybersecurity help and predictions for 2018


ABN Amro, ING, Rabobank and the Tax Authority again faced DDoS attacks on Tuesday, though this time the financial services managed to deter them better than over the weekend. The attacks caused a short disruption in payment system iDeal, but the problems were quickly restored, NOS reports.

ABN Amro?was troubled by attacks all day long, but they were mostly successfully fought off, a spokesperson said to the broadcaster. Around 5:30 p.m. the bank faced a short disruption.

ING reported a disruption on Twitter, and then reported that the problems were solved a short time later. “Due to a short-lived DDoS attack, our services were temporarily inaccessible. The problems have been solved: our services are again available for use. We apologize for the inconvenience.”

Rabobank faced an attack around 5:00 p.m. that lasted around 8 minutes. “Customers experienced a delay, opening the app took longer and there were errors. It is not comparable with [Monday]”, a spokesperson said to the broadcaster.

The Tax Authority’s website was offline for about 7 minutes on Tuesday. The DDoS?attack lasted about half an hour after the site was restored, but did not affect the website’s performance, according to a spokesperson. The attack happened around 7:00 p.m.

SNS also faced a DDoS attack, but customers experienced no problems, NOS reports.

ABN Amro, ING, Rabobank and the Tax Authority all had problems with DDoS?attacks between Saturday and Monday. In a DDoS attack, a website is bombarded with huge amounts of data, overloading the server and crashing the site. Security company ESET determined that the attacks that targeted the banks came from servers in Russia.

Screen Shot 2018-01-31 at 10.34.40

Screen Shot 2018-01-31 at 10.34.50

Screen Shot 2018-01-31 at 10.35.02


Business cyber crime up 63%, UK stats show

Despite an overall decrease in fraud and computer misuse in 2017, the latest Office for National Statistics (ONS) reports show that incidents involving computer misuse and malware against business are way up

There were 4.7 million incidents of fraud and computer misuse in the 12 months to September 2017, a 15% decrease from the previous year, according to the latest crime figures for England and Wales.

Fraud fell from 3.6 million in 2015 to 3.2 million incidents in 2016, while computer misuse dropped from 2 million incidents in 2016 to 1.5 million in 2017, according to data gathered from the Crime Survey for England and Wales (CSEW) (households), and the National Fraud Intelligence Bureau (NFIB) (business).

The fall in fraud was driven mainly by decreases in consumer and retail fraud, such as offences related to online shopping or fraudulent computer service calls, the ONS report said, while the fall in computer misuse was mainly due to a 26% fall in reported incidents of computer malware and distributed denial of service (DDoS) attacks.

However, the report also reveals that 56% of fraud incidents were cyber related, 23% of computer misuse incidents (410,000) involved loss of money or goods relating to computer malware and DDoS attacks, and computer misuse crime?referred to the NFIB by Action Fraud increased by 63%.

This rise in business-related computer misuse to 21,745 offences, the report said, is largely accounted for by a 145% rise in computer malware and DDoS attacks the past year to 8,292 offences.

More specifically, this is thought to be due to a rise in levels of malware, mainly ransomware and Trojans, including several high-profile attacks and security breaches on national institutions, including the WannaCry attacks in May 2017.

The latest figures suggest that while consumer-targeted attacks might be falling, as consumer-grade security improves, cyber criminals are now shifting their gaze to the potentially more profitable enterprise sector.

Andy Waterhouse, pre-sales director for Europe at RSA Security, said UK business is facing tougher conditions than ever as cyber attackers chase greater profits.

?In this post-WannaCry world, both consumers and organisations need to do more to assess their data, identify their most valuable assets, and protect these ?crown jewels? as best they can through a mix of multi-factor authentication, strong and unique passwords and a greater level of education on cyber skills,? he said.

Fraser Kyne, European CTO at Bromium, said the increase in in computer misuse incidents involving business is no surprise given the spate of ransomware and Trojan attacks in the past year.

?Last year was a year of mega-breaches that made clear how far ahead the bad guys are compared to the security industry. Businesses were shut down for long periods of time, too many ransoms were paid, the bad guys got richer and the security industry looked on, often powerless, as its tools were rendered useless by new and constantly evolving techniques,? he said.

However, Kyne said it was worth noting that this the ONS figures related only to reported crime. Reports can only tell us what has been detected and reported.

?These detected events prove that things are getting in; so we must also assume that things are getting in that are remaining undetected too. This is why we need tools that can protect us from the things that we can?t see or detect,? he said.

?Cyber crime will continue to flourish as long as the security industry remains reliant on detection-based security tools. With cyber criminals becoming more successful every year, we have to admit that the detection model is broken.

?The industry must respond with new ways of defending enterprises and the public at large to ensure that we don?t see the continued rise of cyber crime.?

According to Kyne, virtualisation can provide this protection to enterprises. ?By running applications within their own completely isolated virtual machine, you can ensure that any malware directed at businesses is contained to that environment, unable to escape and infect the rest of the system.?

Josh Gunnell, fraud specialist at the Callcredit Information Group, said the latest ONS statistics clearly indicate that fraud remains a threat to every organisation in the country.

?With 3.2 million incidents of fraud in England and Wales and 1.8 million being cyber related, the worrying trend shows no signs of abating,? he said.

?This is especially pertinent considering the damaging impact the ongoing fraud threat has had on trust in organisations, with a majority of consumers we spoke to believing that fraudsters are always one step ahead of businesses.

?To win back consumer confidence, which is key to long-term success, businesses need to do everything they can to keep data and identities safe. Implementing smarter, more dynamic fraud prevention strategies, such as artificial intelligence, alongside traditional fraud prevention methods ? and communicating these to their customers ? can go a long way towards achieving this. In addition, the importance of using behavioural and location data to provide fraud insights cannot be overstated,? he added.


DDoS Attacks Become More Complex and Costly

Distributed denial-of-service (DDoS) attacks are more complex and cause more financial damage than ever, new data shows.

According to NETSCOUT Arbor’s 2017?Worldwide Infrastructure Security Report?published today, the number of DDoS attacks that cost organization between $501 to $1,000 per minute in downtime increased by 60%. In addition, 10% of enterprises estimated a major DDoS attack cost them greater than $100,000 in 2017, five times more than previously seen.

Now in its 13th year, the report is based on 390 responses from service providers, hosting, mobile, enterprise, and other types of network operators from around the world. A full 66% of all respondents identify as security, network, or operations professionals.

Gary Sockrider, principal security technologist with NETSCOUT Arbor, says there was a 20% increase in multi-vector attacks in 2017 compared to the previous year. Multi-vector attacks combine high-volume floods, TCP state exhaustion attacks, and application-layer attacks in a single sustained offensive, which makes the attacks more difficult to mitigate and increases the attackers chance of success.

“We found that nearly half the group said they experienced a multi-vector attack,” Sockrider says.

“Along with revenue loss, companies also experience customer and employee churn as well as reputational damage,” he says.

DDoS attacks last year originated primarily from China, Russia, and inside the US, according to the report. The top motivators for the attacks were online gaming-related (50.5%), criminals demonstrating DDoS capabilities to potential customers (49.1%), and criminal extortion attempts (44.4%). Political/ideological disputes were fifth on the list at 34.5%.

Sockrider says due to the global shortage of IT security talent, many respondents were turning to automation? for DDoS mitigation: 36% of service providers use automation tools for DDoS mitigation, and 30% of providers employ on-premise or always-on cloud services for thwarting these attacks.

Meantime, researchers at Imperva researchers developed a list of the Top 12 DDoS Attack Types You Need to Know. Among them:

DNS Amplification: In a reflection type of attack, a perpetrator starts with small queries that use the spoofed IP address of the intended victim. Exploiting vulnerabilities on publicly-accessible DNS servers, the responses inflate into much larger UDP packet payloads and overwhelm the targeted servers.

UDP Flood: The perpetrator uses UDP datagram?containing IP packets to deluge random ports on a target network. The victimized system attempts to match each datagram with an application, but fails. The system soon becomes overwhelmed as it tries to handle the UDP packet reply volume.

DNS Flood: Similar to a UDP flood, this attack involves perpetrators using mass amounts of UDP packets to exhaust server-side resources. However, in this attack the target is DNS servers and their cache mechanisms, with the goal being to prevent the redirection of legitimate incoming requests to DNS zone resources.


DDoS Attacks Evolve, Remain a Potent Threat

Distributed denial of service (DDoS) attacks continue to evolve, and will remain a major threat to most organizations for the foreseeable future. A combination of factors is driving the trend, including the emergence of IoT and mobile botnets, the easy availability of for-hire services in criminal marketplaces and an increase in criminal actors seeking to monetize DDoS attacks.

?DDoS is and will continue to be an often-used tool in the attacker?s toolkit,? said Mike Kun, manager of the security intelligence team at Akamai. ?It is a cheap, easily customizable way to disrupt and degrade a target?s Internet assets.?

Reports from multiple security vendors show that DDoS attacks grew in number in 2017. Kaspersky Lab estimated that some 33 percent of organizations faced a DDoS attack last year from just 17 percent in 2016. Forty-one percent of the victims were large enterprises, 33 percent were SMBs and 20 percent were very small business. Certain types of DDoS attacks?such as ICMP and UDP attacks?became rare, while other types of attacks including HTTP attacks and SYN DDoS attacks grew.

The IoT and Mobile Botnet Threat

Few expect attack trends to reverse dramatically in volume anytime soon. For one thing, the proliferation of IoT and mobile devices in recent years has given attackers new resources for assembling massive DDoS botnets. Last year?s WireX botnet, one of the largest ever used for DDoS purposes, was built entirely using tens of thousands of infected Android devices from some 100 countries. Malware including Mirai and Reaper have given attackers the ability to assemble similarly huge attack botnets from routers, webcams, DVRs and other ordinary consumer IoT devices. Such botnets have given attackers new, harder-to-disrupt resources for launching damaging DDoS attacks.

?Many attackers have seen the value in exploiting a vast pool of poorly secured and, occasionally, unpatchable devices,? Kun said. ?As more vendors add an IP address to a device, companies willing to cut corners on security to save costs will keep feeding the pool of vulnerable devices that attackers can leverage.?

DDos as a Service

Threat actors offering DDoS-for-hire services are another factor. Last October, the FBI warned of an increase in the scale and frequency of DDoS attacks resulting from the ready availability of so-called ?booter? and ?stresser? services via cybercrime forums. Such services sell access to botnets that malicious actors can use to anonymously launch DDoS attacks against targets of their choice. Booters and stressers have made it possible for adversaries to execute DDoS attacks without having to create their own infrastructure for it and with little risk of attribution.

?Bad guys no longer need a great deal of sophistication to launch a DDoS attack,? said Joseph Blankenship, an analyst at Forrester Research. ?So long as I am able to pay, I am able to conduct a DDoS attack.?

The Monetization of DDoS Attacks

Attack motivations have changed, as well. For many cybercriminals, DDoS attacks are no longer just a way to disrupt a victim?s services?they are using the attacks to extort money, or as a distraction to hide other malicious activity and as a tool to hurt competitors.

Threat groups such as Lizard Squad and the Armada Collective have extorted tens of thousands of dollars from organizations by merely threatening to hit them with a DDoS flood. Another group, DD4BC (DDoS For Bitcoin), has harassed several financial services companies for bitcoin payment in exchange for not hitting them with a DDoS attack.

In a growing number of instances, enterprises are being asked to pay up to make an actual DDoS attack stop, said Blankenship. ?One thing we have seen is a trend toward attacking businesses for competitive benefit.? This has been a problem especially in the gaming industry, with businesses sometimes using DDoS attacks to slow down a rival site, he noted.

The Mitigation Challenge

From a mitigation standpoint, bad actors these days operate under the notion that their target is likely to be protected by a service that can handle vast?amounts of?DDoS attack traffic, said Igal Zeifman, security evangelist for Imperva.

?As?mitigation solutions have scaled up,?bad actors have been forced?to think outside of the [box] and look for other, more clever?ways to break through?security services and appliances,? he said. The result: DDoS attacks these days tend to be less predictable and, therefore, more difficult to stop.

For instance, DDoS attacks have become generally shorter, more powerful and more persistent than in previous years, Zeifman said. Nearly 70 percent of DDoS attacks at the network layer in 2017 lasted less than 30 minutes and targeted the same victim 17.7 times. There also has been an increase in the use of high-packet-rate assaults, wherein the target has to deal with a massive amount of DDoS payloads?each second. ?Measured?in millions of packets per second, we saw these attacks scale as high as 650Mpps,? in 2017, he said.

Cybercriminals have also begun mixing up DDoS attacks to make mitigation harder, Blankenship noted. A growing number of attacks these days are targeted at the application layer, which means network-level mitigations alone are no longer enough. It is not uncommon these days to see organizations being targeted with a combination of attacks at the network and layer, he said. In fact, according Kaspersky Lab, mixed multi-component attacks that combined SYN, TCP connect, HTTP flood and UDP flood attacks represented a substantial proportion of DDoS attacks last year and are gaining in popularity.

DDoS mitigation has become essential to protecting digital businesses, Blankenship said in a recent Forrester DDoS report. Firewalls and intrusion prevention systems that come with some built-in DDoS mitigation are not sufficient. Organizations, especially in heavily targeted sectors such as financial services, should also consider some of the on-premises, in-cloud and hybrid DDoS mitigation options currently available, he said.



Test your cyber defenses with DIY DDoS

CANADIAN cybersecurity company DOSarrest?has released a new service which allows organizations to test their systems? resilience against distributed denial of service attacks.

The Cyber Attack Preparation Platform?(CAPP) allows anyone to choose from a variety of options which specify the attack type, velocity, duration, and vector. The service is paid for according to the options chosen, and can be used by anyone ? previously, only DOSarrest?s clients had access to this type of facility.

The attacking machines are distributed across the world and employ a variety of methods, thus accurately emulating an attack ?in the wild.?

The company?s literature states that in some cases, larger hosts (such as cloud provider services like AWS or Google Cloud) simply scale up their hosted sites? provisions in order to mitigate an attack: in short, when the going gets tough, the tough throw resources.

However, this style of mitigation can cost companies large sums of money if they are funding their cloud computing activities on the basis of pay-as-you-use.

Users of DOSarrest?s service can choose to pick specific attack types from a range?of TCP?attacks, plus a focussed range of attacks usually aimed at web services.

DOSarrest?s CTO, Jag Bains commented:

?It?s interesting to see how different systems react to attacks; CAPP not only shows you the traffic to the victim but also shows you the traffic response from the victim. A small attack [on] a target can actually produce a response back that?s 500 times larger [?] This is the best tool I?ve seen to fine tune your cybersecurity defenses, if you fail you can make changes and launch the exact same attack again, to see if you can stop the attack.?

The company advises that attacks are chosen carefully as it is plainly possible to bring down an entire enterprise?s systems ? by equal measures alarming and reassuring that large attacks can be emulated.

The company provides a handy pricing calculator?by which interested parties can scope out what their testing might cost them: a ballpark of $US1,500 might be considered a bare minimum.

Of course, the cost of an attack by unknown actors will be much more, by some significant factor, and DOSarrest?s facility should hopefully go some way in mitigating the chances of such an attack being successful.


Defense Dept. blocks 36M malicious emails daily, fends off 600 Gbps DDoS attacks

That the Defense Department blocks 36 million malicious emails daily aimed at accessing U.S. military systems, as Defense Information Systems Agency Director of Operations?David Bennett recently said, underscores that attackers continue to consider email an attractive attack vector and highlights the stresses that security pros face daily trying to sort through threats.

“Our threat labs?have observed?cybercriminals?recently?migrating?to email as the most common attack vector.?As the?tension between nations is increasing,?more of the conflict is being fought online. They use email because it is effective,? said Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, noting that he wasn’t surprised that the Defense Department had seen an uptick in email attacks. “While most such attacks are simple phishing scams, the most dangerous?ones are?usually?the work of rogue nation states and?can be?political in nature.?

Bennett, speaking at an Armed Forces Communications and Electronics Association?(AFCEA) event, confirmed that ?emails are the number one delivery mechanism globally? and lamented the near-constant vigilance required of cybersecurity pros. ?The reality is we’ve got to get it right all the time, they only have to get it right once,? he said, according to a report in NextGov.

The agency also has thwarted distributed denial of service (DDoS) attacks as large as 600 Gbps ?on internet access points, and unique and different ways of attacking us we hadn’t thought of before,? some of which are classified, said DISA Director Lt. Gen. Alan Lynn, who will leave his post February 2. Lynn is also commander of Joint Forces Headquarters-Department of Defense Information Network.

The Pentagon anticipates the size of DDoS attacks to grow. ?We call it the terabyte of death looming outside the door,? the report quoted Lynn as saying. ?We’re prepared for it. It’s just a matter of time before it hits us.?

Noting that state-sponsored attacks have caused power outages and mucked with election systems, Bilogorskiy called for rules ?to be established?to define the protections of non-combatants in and around the cyber-war zone,? restricting ?certain technologies or attack scenarios? like ?DDoSing life-support systems? or ?causing civilian plane crashes through custom malware.?

While ?interfering with communication system computers?are starting to seem like a?part of standard military tactics,? he said, ?hacking attacks that cause a direct loss of life should be considered war crimes,?in my opinion.”


U.K. Hacker Jailed For DDoS Attacking Pok?mon GO

A U.K. man is now sitting in prison for the next two years, all because he decided?he wanted to take down Pok?mon GO. The Metro is reporting that 21-year-old hacker?Alex Bessell has been sentenced to 24 months in prison for what is probably the crowning achievement in his hacking career so far, being one of the few people to shut down the mobile app. Bessell set up a website called Aiobuy?that had over 9.000 zombie computers with the singular goal of selling viruses and using them to create DDoS attacks. This also included ?remote administration tools, Botnet tools, crypters, booter access and other malware and illegal items.?

Bessel has actually made a career out of being a hacker, aside from making over $500k on Aiobuy, he also helped with a group of other hackers develop the ?Galaxy JDB? hacking tool and running a money-laundering scheme between 2012-2013. Many of his attacks took down big companies in the U.K. including Skype, Google, and Pok?mon GO. Bessell pled guilty to nine different counts of different cybercrime offenses, which landed him the two-year sentence. No word yet as to whether or not he can apply for parole down the road or if there will be any restrictions placed on him after being released.

(Last Updated January 19, 2018 7:38 pm )

Hackers Will Target Small Business Through the Internet of Things in 2018, New Report Says

A new report finds hackers are poised to target small businesses that use Internet of Things (IoT) technology to gain access to data from larger global firms in 2018. The ?2018 Cybersecurity Predictions by Aon?s Cyber Solutions?predicts a small business Internet of Things (IoT) breach will create a domino effect that damages a larger company.

2018 Cybersecurity Predictions

The report also found that while? 55 percent of small businesses were breached between 2015 and 2016,? only a small minority see cybersecurity as a critical issue. This is despite the fact that the overall money spent on cybersecurity in 2017 was $86.4 billion, an increase of 7 percent over 2016.

New Threat

The Internet of Things (IoT) is at heart of this new threat.? It?s loosely defined as all software enabled devices we use (from appliances to smartphone sand computers) that can exchange data.

Criminals hijacked hundreds of thousands of Internet of Things (IoT) devices worldwide in 2017. They?ve even fine tuned? social engineering and spear-phishing tactics according to the report.

Jason J. Hogg, CEO of Aon Cyber Solutions explains the looming threat as small businesses use this technology.

?IoT is notoriously unsecured: manufacturers often lack necessary security expertise, constant product innovation creates vulnerabilities, and companies frequently overlook proper patch management programs. Hackers exploit this reality, targeting IoT as a pivot point to enter systems and take control of physical operations.?


The report found that hackers favored botnets like ?Hajime? and ?IoT_reaper? last year. The growing trend caused concerns about DDoS attacks and other issues. DDoS attacks occur when hackers flood servers with bogus data and websites and networks get shut down.

High Cost

Any attack can really harm a small businesses? operations as well as a larger organization.? There?s always a high cost to having your business shut down for any amount of time. What?s more, there?s lasting reputational damage because these smaller firms are working more and more with big organizations that have a large reach.

Hogg also says there are some other reasons why small businesses are ripe for this new Internet of Things (IoT) cybersecurity threat.

?Small businesses, lacking resources and/or awareness to effectively secure their systems, are particularly vulnerable to cyber attacks on IoT,? he says. ?The breach will serve as a wake-up call for small and midsized businesses to implement better security measures so as not to risk losing business.?


The report also predicts passwords will continue to be hacked. Multifactor authentication will become critical as hackers learn to get around biometrics.? Larger businesses will adopt standalone cyber insurance policies and chief risk officers will play a larger role.

The report also sees the spotlight on regulation strengthening and widening as calls for a harmonized approach to cyber security get more intense.? It points to the EU?s attempt to set? a universal standard for consumer data privacy and Global Data Protection Regulation (GDPR), that oversees companies collecting data from EU citizens.

Criminals will also target transactions that use points as currency like retailers who use rewards, gift and loyalty programs.? The use of cryptocurrencies will encourage an increase in ransomware attacks in 2018 like the WannaCry ransomware that affected 200,000 computers in 150 countries in 2017.


Governments should use buying, regulatory power to fight botnets: Expert

Draft U.S. government recommendations on ways to reduce the threat of automated botnets launching denial of service attacks and spreading malware are too weak, says a cyber security expert.

The report from the departments of Homeland Security and Commerce issued last week, ?definitely did not go far enough,? John Pescatore, director of emerging security trends at the SANS Institute, said in an interview.

While praising the report?s urging that manufacturers and end users follow best practices in cyber hygiene, much of it came down to ?let?s do the same thing we?ve been doing, but more ? more information sharing, government standards,? Pescatore complained.












Instead, he said the U.S. ? and all governments around the world ? should use their existing buying and regulatory power to force organizations to better use current technology and force makers of Internet of Things devices to tighten their security.

For example, Pescatore said, the report suggests Washington develop profiles for denial of service protection, then go to the private sector and say it should be providing denial of protection services. ?We (already) have denial of service protection services out there,? Pescatore said. ?If the government were simply to say every government Web site that touches data or provides information to the public must use denial of service protection services, that would help drive the entire market to ensure they use those types of services.

?And if it said everyone who does business with the (U.S.) government over the Internet must also be using denial of service protection services that also would help. Instead what this report did is say, ?OK, once we can write documents that would have a government definition of denial of service protection services, then we can talk about doing something.??

As for IoT manufacturers, Pescatore said there?s no reason for more study. Most governments already have regulatory agencies covering a wide range of products from food to medical devices to transportation that have safety mandates. They should issue cyber security regulations as well, tailored for those industries.

Instead, he said, the report suggests an ecosystem-wide solution is needed. But ?making a self-driving car as secure as a medical implant is impossible.?

Pescatore isn?t the first to say regulators have to do more to control IoT devices. U.S. digital security expert Bruce Schneier said much the same thing at last November?s SecTor conference in Toronto. It was also hotly debated at the RSA Conference.


New year, new defence: Cybersecurity help and predictions for 2018

Organisations will adopt AI and other emerging technologies to help fight this year’s growing cyber threats.

With 2017 seeing an enormous number of data breaches, businesses should be looking at their cybersecurity processes and planning how to effectively monitor their network security in the year to come. With massive developments in monitoring and AI providing unmissable cybersecurity opportunities, here are five predictions of what we expect to see in 2018.

1. Organisations will increasingly adopt AI-based systems to help with Cybersecurity

In 2018, we?ll see companies using AI-based tools to benchmark their networks to ensure that companies know exactly what systems should ?normally? look like, allowing abnormalities to be identified faster before cyber incidents become full-blown attacks.

Despite hackers constantly evolving their attack methods to target new vulnerability points and bypass existing defence systems, AI-based tools can use real-time analytical models to search for anomalies. While analysts still need to decide whether these anomalies require urgent action or not, AI can help make them more productive.

We can also expect to see AI being used more to evaluate and prioritise security alerts. This will automate the more routine procedures that analysts have to undertake, and may even reduce threat related ?false positives? alerts in networks. Many companies are relying on rule-sets provided by third-party providers to deal with false positives, and they often don?t have the ability to tune and change the rules. This means that they either suffer the false positives and ignore them, or turn off that rule if the false positives are too prevalent ? neither of which is an effective strategy.

AI-based systems can help by filtering out the noise of false positives, making it easier for analysts to identify, and focus on, the real threats.

2. Companies will handle breach communication much better than they did in 2017

PayPal is a great example of this. The company should be commended for implementing good hygiene practices that resulted in identifying and announcing the breach at TIO on 4th December, and for showing leadership in claiming responsibility for dealing with the outcome. We?re set to see a big difference between those companies that try and sweep breaches under the carpet, and those that are set up with the right processes to investigate breaches and respond appropriately. Those who attempt to hide breaches ? we?re looking at you Uber – will be treated with contempt by customers and the media, as indicated by surveys that indicate as many as 85% of respondents wouldn?t do business with firms that had suffered a data breach.

Of course, on 25th May, 2018, the General Data Protection Regulation (GDPR) will come into effect, which means companies will have to notify the Information Commissioner?s Office (ICO) of a breach within 72 hours, or a fine of up to 4% of global revenue.

Sensible organisations will look to implement stronger protection using application whitelisting, encryption and other techniques and improve their detection capability. They should also look to collect and store more definitive evidence about what takes place on their networks ? in the form of more verbose log data, NetFlow history and full packet capture. Without this, organisations will find it impossible to investigate a breach quickly enough to satisfy regulatory obligations.

3. Retailers will be far more risk averse during holidays

Companies have begun to accept that optimised monitoring needs to take place all year-round, and Christmas will be no exception. However, companies will become more risk adverse, and whether it?s a bank or a retailer, as the holiday period approaches, often there?s a ?blackout? period during which network and security teams are not allowed to make updates and changes to their networks other than urgent patches.

Threat actors may step their activity during the holiday period because there is a higher chance of evading identification and more to gain. This year, Shopify revealed that at the peak of Black Friday, online shoppers were making 2,800 orders per minute, worth approximately US$1million. Had Shopify experienced an outage of just five minutes during this busy period, it would have cost them US$5million in revenue. Protecting against outages ? such as might result from a Distributed Denial Of Service (DDOS) attack ? is critical at these times. Additionally, this volume of online activity makes it easy for hackers to hide their movements while everyone?s focus is on making sure systems stay up and handle the load.

4. New housekeeping and the end of BYOD

Basic house-keeping will play a big role in cybersecurity in 2018. We?ll see a lot more staff training, and more focus on patching and standardisation so that companies avoid attacks like the widespread ransomware outbreaks we saw this year.

We?re also likely to see more companies moving away from BYOD. The reality is that BYOD has simply proven too hard to regulate and the risk it poses too difficult to protect against. In sensitive networks, with a lot at stake, this risk is not acceptable any longer.

5. Increasing use of strong encryption, and attacks over encrypted connections.

We already know that encryption of network traffic is being used more frequently by attackers as way to hide evidence of their activity. Analysts and their detection tools can?t see into the payload of encrypted traffic.

Unless, of course, they have the encryption keys. If operators force all SSL connections to pass through a proxy, they can decrypt the traffic and see inside the payload. This allows the proxy to provide a clear-text version of the traffic to security tools for analysis, or to full packet capture appliances like the EndaceProbe Network Recorder.

?We should expect to see the adoption of SSL proxy appliances increasing in 2018 ? great news for companies like Ixia, Gigamon, Bluecoat, Juniper and others that make these appliances.


So, will 2018 be just as unpredictable when it comes to cybersecurity, data breaches and network infiltration? Chances are, most likely it will. However, with the right plans, practices and network monitoring in place, companies can at least prepare themselves for the worst, and prevent any possible breaches from being anywhere near as extensive as those that took place in 2017.


Copyright © 2013. Created by Meks. Powered by WordPress.