Fileless attacks are becoming more and more prevalent. The Ponemon Institute estimate that 35% of all attacks during 2018 were fileless. And more importantly, they conclude that fileless attacks are 10 times more likely to succeed than any other form of attack. The reason for this haunting reality is simple: traditional anti-virus protection relies on file scanning, and with these attacks, no files are stored on the hard drive. Another reason for the popularity of this specter is that they leave no footprint, making forensics after the event difficult. The inclusion of fileless methods in many exploit kits contributes to their prevalence.
Containerisation is now an additional tool in the security arsenal which may enhance the protection of many applications and sensitive data.
Recent missile launches from the DPRK have received a lot of attention, however their cyber offensives have also been active and are growing in sophistication.
Cryptocurrencies such as Bitcoin have been the focus of acute attention recently. Just about everybody knows someone or has heard of someone making windfall profits from 2017’s spectacular price rises in Bitcoin and other cryptocurrencies. The sector has also not escaped attention from cybercriminals with incidents of cryptojacking rapidly escalating. Higher cryptocurrency prices increase the returns from coin mining, making cryptojacking an attractive target of cybercrime. IBM reported a 6-fold increase in cyptocurrency mining attacks between Jan-Aug 2017, and Wandera found a 287% increase on mobile devices between October and November 2017.
On several occasions I’ve written about insecurities of the Internet of Things – such as here, here, here, here and here. Recently, four US Senators decided to do something about it, and with the help of the Atlantic Council and Harvard University, have drafted a bill outlining minimum security requirements for IoT device purchases by US Federal agencies. The bill is bipartisan, proposed by two Republican Senators – Steve Daines (MT) and Cory Gardner (CO), and two Democrats – Mark Warner (VA) and Ron Wydon (OR). The proposed legislation is to be known as the Internet of Things Cybersecurity Improvement Act of 2017. It is a good start, and examining its provisions provides insight into many IoT device security vulnerabilities and solutions.
After years of enjoying relative security through obscurity, many attack vectors have recently proved successful on Apple Mac, opening the Mac up to future attack. A refection of this is the final quarter of 2016, when Mac OS malware samples increased by 247% according to McAfee. Even though threats are still much lower than for Windows OS users, Mac users cannot afford to be blissfully complacent as they may have been in the past.
At the start of a new year we look ahead to identify broad technological advancements with disruptive potential – and examine likely security implications. I believe there are two trends which will shape IT security in a profound way.
I am thrilled to have won the Great British Entrepreneur of the Year Award for cyber security at a gala event at the Lancaster Hotel in London last night. Thanks to the judges for selecting us ahead of finalists from companies such as Sophos, DarkTrace, Becrypt and others.