Virtualization and Cloud executives share their predictions for 2017. Read them in this 9th annual VMblog.com series exclusive.
Contributed by Security Experts from Morphisec
Security Experts from Morphisec Make Industry Predictions for 2017
Day-to-day, Morphisec's moving target defense technology works to keep organizations consistently ahead of attacks. As 2016 comes to an end, the Morphisec team takes the opportunity to look ahead to the new year. While they cannot predict the future, analyzing trends can point to a few key ones that can help organizations plan their security strategies.
Netta Schmeidler, Morphisec VP Product
Continuing rise in ransomware attacks and against more varied targets:
Ransomware will continue to increase in amount and variety, and employ more sophisticated delivery vectors. Moreover, it could move from a strictly financially-drive crime into attempts to affect strategic outcomes. Like exfiltrated data was used in an attempt to influence the 2016 US election, ransomware attacks against critical infrastructure or enterprises could be used to influence policy or business decisions.
Larger-scale disruptions to businesses and operations, including healthcare:
2016 saw several hospitals attacked resulting in appointments being cancelled, surgeries postponed and patient information stolen. If IoT attacks reach the health industries we could see even more disruptions, at a more horrific scale: incorrect dosage of medicines, erroneous test results, disruptions to life-saving machinery. Financial sector attacks could move from relatively isolated incidents that resulted in individual banks shutting down online access to a complete halt in national trading. Transportation systems may be immobilized.
The insurance industry will take a more active role:
Today, cyber security standards are enforced by regulations, like HIPPA and PCI. In the future we may see the insurance industry taking a more active stand for their customers, even to the point of enforcing the use of various tools.
Countries, industries and organizations will start to rally together:
We cannot fight cyber threats effectively alone. We are already seeing some joint initiatives: Banks working together to share threats, the EU-wide cybersecurity directive. This will may grow in scale and spread across industries and countries. We will see it more in law enforcement, like the Global Cyber Alliance, founded by the NY County DA's office and City of London police to work together to identify cyber criminals.
Omri Dotan, Morphisec CBO
- The target surface for advanced attacks is quickly and vastly expanding, from already not effectively protected endpoints to barely secure Containers, Cloud infrastructures, SCADA controllers, IOT and Mobile platforms.
- Existing security products continue to defend based on previous attack knowledge and history; the asymmetry between unpredictable attackers to predictable defenders is growing in favor of the attacker.
- There is an increasing number of broad-based and targeted attacks that are skilled, evasive and focused on a large gains farming approach, i.e. penetrate unrecognized, plan a massive event undetected, and exfiltrate. As a result, corporations keep adding incremental security layers at a decreasing marginal return but at exponentially increasing cost, complexity and OPEX.
- The world cannot add enough security professionals fast enough to cover all the products, reports, alerts, forensics and remediation required to support this heavier and heavier security stack.
We are reaching a discontinuity point, where doing much of the same just a little bit better will not work any longer. Expect in the years to come a new set of innovative products that focus on changing the asymmetry by giving the "unpredictability advantage" to the defender; that will deliver "preemptive defense" in "millisecond response times" and which will reduce security costs. They may be called Moving Target Defense (MTD), Preemptive Deception (Deception), New Generation Endpoint Threat Prevention (NGETP), but their essence will be the same.
Michael Gorelik, Morphisec VP R&D
Looking at predictions in endpoint technology developments, both from a security and attack point of view:
- Despite the fact that behavioral detection solutions are prone to false positives and carry a high performance impact, more big-player AV solutions will add NextGen capabilities based on machine learning / behavioral analytics. This will lead to consolidation in the market as startups primarily focused on developing machine learning-based NextGen products will lose momentum.
- Detection tools will shorten the time between infection and detection. However, malware and especially ransomware will continue to outpace these tools with more sophisticated and much faster infection.
- Enterprises will be hit with new targeted attacks and new evasion techniques on a daily basis (we already see weekly trends of new targeted attacks with new evasion techniques). They will increasingly include new evasion techniques to bypass AI/ Machine learning-based products.
- We will see new attack waves based on Flash zero-days, although the trend will probably shift to Flash exploits delivered through document files and not web exploit kits unless RiG is replaced by a more advanced exploit kit.
- Macro and OLE-based attack vectors will remain more or less the same despite Microsoft's new macro-blocking administrative capability, simply because employees in certain sectors, such as finance, need to use macros for their daily operations.
- We will see an increase in attacks targeting Virtual application delivery servers or virtual desktops (e.g. Citrix XenApp/XenDesktop, etc.). Such platforms make an attractive target as they are often under protected due to their performance sensitivity and the high performance impact of adding more security solution capabilities.