Everyday threats such as ransomware, phishing or social engineering are likely to stay with us for some time. What could influence or change the state of cyber security beyond that? We have derived possible trends from a pragmatic combination of the predictions of security researcher Dan Lohrmann and cyber security company Mandiant. [1,2]
Top 3 topics that could keep us busy in the upcoming months:
- Crypto technology and Crypto currencies
Many large companies are dealing with this still rather young field of application. Now is the time to gain experience. - Development of cyber-physical systems using IoT/OT and 5G
The introduction of 5G will drive major adaptations and changes. New solutions will have to prove themselves from a cyber security perspective. - Exploiting existing vulnerabilities
Log4j could be just the beginning. Many software products and libraries have been in use inconspicuously for a long time. A specialisation in finding zero-day vulnerabilities would be quite conceivable.
Log4j may have set a big ball rolling: It became visible what potential undiscovered security vulnerabilities could be hiding. Researchers at FortiGuard Labs have noticed that cybercriminals are already devoting more time to finding zero-day exploits. [3] The analysts are observing increased exploration phases in which the victims’ systems are systematically examined. This is to identify vulnerabilities of a technical and organisational nature that can be used to plan the actual attack. Another side effect: The intruders could sell information gained to other attacker groups.
The security researchers’ prognosis: More and, above all, larger and more serious incidents are to be expected. With this strategic preparation, future attacks can be more targeted, faster and more efficient.
MITRE Pre-ATT&K: Improved detection and response to attack indications
The generic MITRE framework classifies cyber-attacks in order to implement methodical countermeasures based on them. While the traditional ATT&CK framework focuses on the attack itself, the upstream pre-attack model attempts to identify anomalies even before a possible attack. Even seemingly unimportant occurrences and events should be actively used to implement preventive measures in time. Often, we tend to ignore small irregularities such as failed port scans, “strange” login attempts or phishing emails as unimportant. Later, however, precisely such attack vectors could be successfully exploited. [4]
Cybersecurity will remain a fast-paced cat-and-mouse game between attackers and defenders in 2022. According to current trend developments, the focus for the upcoming months will expand to new areas of technology. In addition, it is assumed that target systems will increasingly be scouted in advance in order to increase the efficiency of subsequent attacks.
For IT managers, this means that the focus should not only be on detecting and warding off an attack. It is important to better recognise and understand possible indications and irregularities in advance and to implement preventive measures in a timely manner.
Sources: