30 Jul Rising Cyber Threats And Stiffening Defenses Are The Bellwether Trends In Q2 2018
The dark side of digital transformation, and leading-edge cybersecurity solutions
Kingston, Wash. – Jul. 28, 2018
It has been a dizzying summer, in terms of malicious threats morphing and scaling up. But it’s not just the bad guys who’ve been diligently toiling as the weather heats up.
I’m happy to report that tech innovation to improve privacy and security appears to be keeping pace. Having attended the full week of RSA Conference 2018 in San Francisco last April and, as I prepare to head off to Black Hat USA 2018 in Las Vegas, it is clear that there is no shortage of cool new technology available to help detect and deter threat actors.
Closing the gap on threat actors who’ve become accustomed to operating with impunity isn’t as simple as buying the latest, greatest tech solutions, of course. With that in mind, I’ve pulled together this summary of emerging cybersecurity trends — both ominous and encouraging — that I wrote about in the second quarter. Admittedly, these are nuanced shifts; my instincts as an old-school investigative business reporter is to flush out clarifying insights that haven’t yet risen to the fore. My aim is to foster wider understanding for the greater good. That said, here are a few notable takeaways spinning out of Q2 2018:
THE DARK SIDE OF DIGITAL TRANSFORMATION
Accelerated use of cloud services, DevOps, software containers and microservices are giving companies amazing flexibility and scalability. But they’ve also given rise to a vast new attack surface, one that threat actors have only just begun to take advantage of. Welcome to the dark side of digital transformation.
Machine-identity theft. Digital transformation relies heavily on use of virtual instances of computers created and maintained in the Internet cloud, as well as untold millions of instances of software “microservices” and “containers” that come and go.
Each one of these virtual “machines” must continually communicate with countless other machines, virtual and otherwise. And as the number of machines has skyrocketed, so has the volume of machine identities. From a criminal’s perspective, each machine represents an opportunity to slip into the mix and take control. And each machine identity represents a key to get in the door. So, no surprise: machine-identity theft has arisen as a lucrative criminal endeavor.
Machine-identity theft, I’m convinced, is destined to increasingly trigger the type of deep breaches digitally-transformed organizations are now experiencing. Case in point: Timehop, a popular social media peripheral service, in early July disclosed how hackers breached their well-defended network, conducted several reconnaissance forays, and then moved swiftly to pilfer personal information for 21 million Timehop users before the company could cut them off. Machine-identity theft had to have come into play in several phases of this meticulously orchestrated cyber attack on a digitally transformed company.
API exposures. Application Programming Interfaces fueled the rise of social media and web apps. And now APIs, which make it possible for software applications to exchange data across the Internet, have emerged as the catalyst of digital transformation. APIs help knit together cloud services, mobile computing and the Internet of Things.
And yet APIs sorely lack anything close to robust security. APIs, in fact, typically are deployed using simple, browser-based parameters that can be trivial to hack. An attacker showed what is possible by burrowing into the API panerabread.com used for its online ordering service, managing to siphon off 37 million customer records. This is a sign of things to come. With so many vulnerable APIs in wide use, and more being pumped out every day, the API attack vector is sure to rise in prominence.
Mobile malware. Digital transformation is all about pushing services out to individual users with their attention riveted to their mobile devices. Cyber criminals know this and continue to steadily intensify mobile platform hacks. One group of threat actors recently sneaked a variant of the BankBot banking Trojan into Google’s official Play Store, tucked away inside apps for services ranging from online shopping to live stock-market monitoring.
We’ve seen Android malware like this before, designed to steal login credentials for banking apps, e-wallets and payment cards — and go undetected by antivirus software. Increasingly sophisticated mobile platform attacks are sure to come.
LEADING-EDGE TECHNOLOGY SOLUTIONS
It’s almost quaint to hark back 15 years and recall the difficulties companies faced protecting networks comprised of servers, databases and user devices kept largely on premises. Today companies must defend mission-critical systems housed on-premises and in multiple public and private clouds. And they must account for employees, partners and customers logging in with their mobile devices. This presents a convoluted security challenge, one which security vendors are innovating like crazy to address.
Advanced authentication. Vendors in the Identity and Access Management, or IAM, space are thriving at the moment, as they bring to market systems that give companies comprehensive visibility and control over who gets to log onto what. Tech security vendors like Centrify, Bomgar and Thycotic are leading players in this space. They are refining systems that can make precise judgements about anyone trying to access sensitive assets, the better to deter imposters.
Meanwhile, an Israeli start-up, Silverfort, is seeking to make a great leap forward by introducing a centralized authentication appliance that uses machine learning to recognize the logon patterns of all employees, and then makes strategic use of that analysis in real time. Silverfort’s technology derives from techniques its founders used when they were members of Unit 8200, the elite cybersecurity arm of the Israeli military. The company’s expressed mission is to help corporations address unprecedented authentication exposures arising from digital transformation.
Leveraging deception. Another start-up touting a unique solution is Acalvio Technologies, a pioneer in what it calls “deception-based security systems.” In essence, Acalvio’s technology lays in wait for intruders who manage to get inside a company’s firewall, and then leads them down a path rife with decoy systems and faux data.
What I like about Acalvio’s approach is that it uses an age-old stratagem. Animals and insects use deception to survive in the wild. Even more to the point, phishers deceive to gain trust; hackers deceive to avoid detection. I like the notion of putting cyber criminals, for once, on the receiving end of deceptive tactics.
Acalvio does this by distributing virtual honeypots in scattered locations throughout an organization’s network, and by planting faked data, tokens and credentials where an intruder skulking around the network is likely to find them. By accessing a decoy system, the attacker exposes himself and the advantage goes to the company. Harm gets minimized and the option to commence counterintelligence tracking opens up.
CASBs make a comeback. Cloud Access Security Brokers made a big splash in 2014 – 2015 by addressing a fast-rising security nightmare: Shadow IT. The solutions CASBs developed to address the trend of employees racing out to use web apps unvetted by IT were so successful that six of nine top CASBs quickly got gobbled up in an acquisition binge.
While Shadow IT has been largely quelled, the core dynamic that started all this fuss — eager humans scrambling to use the latest, greatest cloud-enabled services — remains a major security issue, one that now connects directly to digital transformation.
The good news is that CipherCloud, Netskope and Bitglass, along with the half dozen CASBs swallowed up by much bigger tech companies, have settled into a new role securing what our business networks have morphed into, as the result of digital transformation.
CipherCloud, for instance has built a broad portfolio of CASB services around a core of leading-edge encryption services. Its systems are designed to enable security collaboration, by selectively encrypting only sensitive assets, in real time, in a cloud environment. And CipherCloud says it can do this without detracting from the development speed and nimbleness, the desirable characteristics associated with digital transformation.
LIGHT AT THE END OF THE TUNNEL
The fact that the good guys are innovating as intensively as the bad guys, in and of itself, isn’t going to materially close the yawing security gap. As I mentioned at the top, these are nuanced shifts. The underlying trend remains unshakeable: corporate interests continue to aggressively drive wider use of Internet-centric digital systems with only a token nod to security. Productivity and cool new functionalities rule the day. Preserving privacy and security all too often is an afterthought.
That shouldn’t detract from the fact that some of our best and brightest technologists, backed by hefty venture capital investments, are diligently churning out some pretty amazing technical innovations to better defend modern business networks. The defensive weaponry to make digital commerce as secure as it ought to be is steadily getting better all the time. There’s every reason to view this is a light at the end of the tunnel. Here’s hoping things continue to move in a positive direction in the second half of 2018, and beyond.
– Byron V. Acohido is a Pulitzer Prize-winning business journalist dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. His body of work on cybersecurity topics can be accessed at lastwatchdog.com.