How the Threat Landscape Will Change By 2020

McAfee Labs' five year look ahead attempts to predict how the types of threat actors will change, how attackers’ behaviors and targets will change, and how the industry will meet these challenges over the next five years.

Below-the-OS attacks. Attackers could look for weaknesses in firmware and hardware as applications and operating systems are hardened against conventional attacks. The lure would be the broad control attackers can potentially gain through these attacks, as they can conceivably access any number of resources and commandeer administration and control capabilities.

Detection evasion. Attackers will attempt to avoid detection by targeting new attack surfaces, employing sophisticated attack methods, and actively evading security technology. Difficult-to-detect attack styles will include fileless threats, encrypted infiltrations, sandbox evasion malware, exploits of remote shell and remote control protocols, and the aforementioned, below-the-OS attacks targeting and exploiting master boot records (MBR), BIOS, and firmware.

New devices, new attack surfaces. While there has not yet been a surge in IoT and wearable attacks, by 2020 we may see install bases of these systems reach substantial enough penetration levels that they will attract attackers. Technology vendors and vertical solution providers will work to establish user safety guidance and industry best practices, as well as build security controls into device architectures where appropriate.

Cyberespionage goes corporate. McAfee Labs predicts that the dark market for malware code and hacking services could enable cyberespionage malware used in public sector and corporate attacks to be used for financial intelligence-gathering and the manipulation of markets in favor of attackers.

Privacy challenges, opportunities. The volume and value of personal digital data will continue to increase, attracting cyber thieves, and potentially leading to new privacy regulations around the world. Concurrently, individuals will seek and receive compensation for sharing their data, a market will develop around this “value exchange,” and the environment this market shapes could change how individuals and organizations manage digital privacy.

Security industry response. The security industry will develop more effective tools to detect and correct sophisticated attacks. Behavioral analytics could be developed to detect irregular user activities that might indicate compromised accounts. Shared threat intelligence is likely to deliver faster and better protection of systems. Cloud-integrated security could improve visibility and control. Finally, automated detection and correction technology promises to protect enterprises from the most common attacks, freeing up IT security staff to focus on the most critical security incidents.

“Keeping pace with, anticipating and preempting adversaries requires that we match the intelligence exchange, cloud computing and delivery power, platform agility, and human resource assets that cybercriminals regularly leverage,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “To win battles against future threats, organizations must see more, learn more, detect and respond faster, and fully utilize all the technical and human resources at their disposal.”
Net-security: http://bit.ly/20Zlcpq

 

 

« Artificial Intelligence Could Drive Human Inequality
Low-tech Coppers in the UK »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CloudPassage

CloudPassage

CloudPassage, a cloud security and compliance pioneer, safeguards cloud infrastructure for the world’s best-recognized brands.

Swimlane

Swimlane

Swimlane is a leader in security automation and orchestration (SAO). Our platform empowers organizations to manage, respond and neutralize cyber threats with adaptability, efficiency and speed.

Pathway Forensics

Pathway Forensics

Pathway Forensics is a leading provider of computer forensics, e-discovery services and digital investigations.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

Cyber Command - Estonian Defence Forces

Cyber Command - Estonian Defence Forces

The main mission of the Cyber Command is to carry out operations in cyberspace in order to provide command support for Ministry of Defence’s area of responsibility.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

Argentra

Argentra

Argentra is a specialist engineering company, we have years of experience developing custom security software and providing security risk consulting.

CodeHunter

CodeHunter

CodeHunter is a malware hunting SaaS platform designed to detect all variations of malware, known and unknown, without the need for source code or signatures.

Identity Digital

Identity Digital

Identity Digital simplifies and connects a fragmented online world with domain names and related technologies that allow people and businesses to build, market and own their digital identities.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

CloudCoCo

CloudCoCo

CloudCoCo help UK businesses of all sizes and industries succeed by providing enterprise-grade technology at small-business prices.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.

LetsData

LetsData

LetsData uses AI to provide governments, intergovernmental organizations, civil society, and businesses with data-empowered decisions on communication in the age of online disinformation.

ExactTrak

ExactTrak

ExactTrak provide embedded cyber security solutions for your digital devices – whenever and wherever you need them.