How the Threat Landscape Will Change By 2020

Uploaded on 2015-11-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

McAfee Labs' five year look ahead attempts to predict how the types of threat actors will change, how attackers’ behaviors and targets will change, and how the industry will meet these challenges over the next five years.

Below-the-OS attacks. Attackers could look for weaknesses in firmware and hardware as applications and operating systems are hardened against conventional attacks. The lure would be the broad control attackers can potentially gain through these attacks, as they can conceivably access any number of resources and commandeer administration and control capabilities.

Detection evasion. Attackers will attempt to avoid detection by targeting new attack surfaces, employing sophisticated attack methods, and actively evading security technology. Difficult-to-detect attack styles will include fileless threats, encrypted infiltrations, sandbox evasion malware, exploits of remote shell and remote control protocols, and the aforementioned, below-the-OS attacks targeting and exploiting master boot records (MBR), BIOS, and firmware.

New devices, new attack surfaces. While there has not yet been a surge in IoT and wearable attacks, by 2020 we may see install bases of these systems reach substantial enough penetration levels that they will attract attackers. Technology vendors and vertical solution providers will work to establish user safety guidance and industry best practices, as well as build security controls into device architectures where appropriate.

Cyberespionage goes corporate. McAfee Labs predicts that the dark market for malware code and hacking services could enable cyberespionage malware used in public sector and corporate attacks to be used for financial intelligence-gathering and the manipulation of markets in favor of attackers.

Privacy challenges, opportunities. The volume and value of personal digital data will continue to increase, attracting cyber thieves, and potentially leading to new privacy regulations around the world. Concurrently, individuals will seek and receive compensation for sharing their data, a market will develop around this “value exchange,” and the environment this market shapes could change how individuals and organizations manage digital privacy.

Security industry response. The security industry will develop more effective tools to detect and correct sophisticated attacks. Behavioral analytics could be developed to detect irregular user activities that might indicate compromised accounts. Shared threat intelligence is likely to deliver faster and better protection of systems. Cloud-integrated security could improve visibility and control. Finally, automated detection and correction technology promises to protect enterprises from the most common attacks, freeing up IT security staff to focus on the most critical security incidents.

“Keeping pace with, anticipating and preempting adversaries requires that we match the intelligence exchange, cloud computing and delivery power, platform agility, and human resource assets that cybercriminals regularly leverage,” said Vincent Weafer, vice president of Intel Security’s McAfee Labs. “To win battles against future threats, organizations must see more, learn more, detect and respond faster, and fully utilize all the technical and human resources at their disposal.”
Net-security: http://bit.ly/20Zlcpq

 

 

« Artificial Intelligence Could Drive Human Inequality
Low-tech Coppers in the UK »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

CyberTech Network

CyberTech Network

CyberTECH is a global cybersecurity, Internet of Things (IoT) and Smart City network ecosystem and incubator operator.

HackHunter

HackHunter

HackHunter’s passive sensor network continuously monitors, detects and alerts when a malicious WiFi network and/or hacking behaviour is identified.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

Viettel Cyber Security

Viettel Cyber Security

Viettel Cyber Security is an organization under the Military Telecommunication Industry Group, conducting research and developing information security solutions for domestic and foreign customers.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

Onyxia Cyber

Onyxia Cyber

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.

Ethnos Cyber

Ethnos Cyber

Ethnos Cyber is Africa’s leading cybersecurity and compliance management company. We provide Information Security, Risk Management, Cybersecurity and Compliance Management solutions to clients.

Cynch Security

Cynch Security

Cynch Security are passionate about building a world where every business is resilient to cybersecurity risks, no matter what their size.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.

DataKrypto

DataKrypto

DataKrypto’s advanced data encryption solutions protect data throughout its lifecycle.