How the Threat Landscape Will Change By 2020

Uploaded on 2015-11-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

McAfee Labs' five year look ahead attempts to predict how the types of threat actors will change, how attackers’ behaviors and targets will change, and how the industry will meet these challenges over the next five years.

Below-the-OS attacks. Attackers could look for weaknesses in firmware and hardware as applications and operating systems are hardened against conventional attacks. The lure would be the broad control attackers can potentially gain through these attacks, as they can conceivably access any number of resources and commandeer administration and control capabilities.

Detection evasion. Attackers will attempt to avoid detection by targeting new attack surfaces, employing sophisticated attack methods, and actively evading security technology. Difficult-to-detect attack styles will include fileless threats, encrypted infiltrations, sandbox evasion malware, exploits of remote shell and remote control protocols, and the aforementioned, below-the-OS attacks targeting and exploiting master boot records (MBR), BIOS, and firmware.

New devices, new attack surfaces. While there has not yet been a surge in IoT and wearable attacks, by 2020 we may see install bases of these systems reach substantial enough penetration levels that they will attract attackers. Technology vendors and vertical solution providers will work to establish user safety guidance and industry best practices, as well as build security controls into device architectures where appropriate.

Cyberespionage goes corporate. McAfee Labs predicts that the dark market for malware code and hacking services could enable cyberespionage malware used in public sector and corporate attacks to be used for financial intelligence-gathering and the manipulation of markets in favor of attackers.

Privacy challenges, opportunities. The volume and value of personal digital data will continue to increase, attracting cyber thieves, and potentially leading to new privacy regulations around the world. Concurrently, individuals will seek and receive compensation for sharing their data, a market will develop around this “value exchange,” and the environment this market shapes could change how individuals and organizations manage digital privacy.

Security industry response. The security industry will develop more effective tools to detect and correct sophisticated attacks. Behavioral analytics could be developed to detect irregular user activities that might indicate compromised accounts. Shared threat intelligence is likely to deliver faster and better protection of systems. Cloud-integrated security could improve visibility and control. Finally, automated detection and correction technology promises to protect enterprises from the most common attacks, freeing up IT security staff to focus on the most critical security incidents.

“Keeping pace with, anticipating and preempting adversaries requires that we match the intelligence exchange, cloud computing and delivery power, platform agility, and human resource assets that cybercriminals regularly leverage,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “To win battles against future threats, organizations must see more, learn more, detect and respond faster, and fully utilize all the technical and human resources at their disposal.”
Net-security: http://bit.ly/20Zlcpq

 

 

« Artificial Intelligence Could Drive Human Inequality
Low-tech Coppers in the UK »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

Telecommunications & Digital Government Regulatory Authority (TDRA) - UAE

TDRA focuses on regulating the telecommunications sector and enabling government entities in the field of smart transformation. It is responsible for the overall digital infrastructure in the UAE.

DivvyCloud

DivvyCloud

DivvyCloud protects your cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

Root9B (R9B)

Root9B (R9B)

R9B offers advanced cybersecurity products, services, and training to enhance the way organizations protect their networks.

McIntyre Associates

McIntyre Associates

McIntyre Associates is an Executive Search boutique specialized in recruiting for the Cybersecurity industry. Our clients range from Venture Capital backed startups to Fortune 100 companies.

Crypsis

Crypsis

Crypsis was built based on a shared vision of creating a more secure digital world by providing the highest quality incident response, risk management, and digital forensic services.

Rizikon Assurance

Rizikon Assurance

Rizikon Assurance is an Online System that improves Third-Party Assurance and Risk Management, through efficiency, automation and better visibility.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.