Author: Max Heinemeyer, Director of Threat Hunting
Once confined to just a handful of primitive PCs, today the internet has become so deeply integrated into all facets of our lives — from sensors in public trash cans to app-controlled Batmobiles — that the line between physical and virtual has begun to disappear.
Yet this rapid proliferation of non-traditional IT has rendered traditional cyber security strategies insufficient, and the result has been highly damaging. Cyber-crime cost the world more than half a trillion dollars last year, in large part because conventional security tools are rarely compatible with IoT devices, while perimeter defences struggle to protect the borderless networks engendered by the cloud.
In fact, even visualising these new forms of IT — much less safeguarding them against sophisticated cyber-attacks — has proven to be a daunting challenge for companies and governments around the world. As a result, cloud services and IoT appliances have become key security blind spots.
By monitoring and analysing raw traffic from all our clients’ internet-connected devices and cloud deployments, we saw a number of trends emerge in 2018. As the first instalment of a two-part series, this article will review the IoT, Cloud, and SaaS trends of last year and forecast what we expect to see in 2019.
IoT attacks have increased by 100%
Internet of Things devices now far outnumber human beings, further contributing to the challenge of identifying all such devices on an organisation’s network. On average, upwards of 15% of the devices visualised by our cyber AI were unknown to our clients, and given that a single compromise can cost companies millions in damages and reputational harm, failing to comprehensively monitor the entire digital infrastructure is to play with fire.
Indeed, Darktrace has discovered threats in everything from corporate CCTV cameras to parking payment kiosks to smart lockers at an amusement park. All of these devices were connected to the corporate network, and none were previously known to the security team.
This lack of visibility into the Internet of Things has enabled cyber-attackers to manipulate and exploit it as low-hanging fruit, with our cyber AI detecting a 100% increase in IoT attacks over the last year. And as innovative businesses and smart cities continue to adopt connected devices at an alarming rate, these attacks will almost certainly multiply in 2019. To address the fundamental limitations of IoT cyber hygiene, organisations must be willing to rethink their security tactics, both to gain visibility over their networks and to neutralise IoT attacks that have already breached weak perimeter defences.
28% rise in cloud and SaaS threats
The global migration to cloud and SaaS infrastructures only intensified in 2018, while no less than 83% of enterprise workloads are projected to be run in the cloud by 2020. This development is hardly surprising: not only does the cloud cut expenses for organisations, it provides scalable and flexible services that can evolve as needed. But as these organisations take the next step in cloud innovation, they must also consider the evolution of their security stacks.
Security teams must now cope with an environment wherein they have limited visibility and control. Attackers are aware of the weaknesses inherent to most cloud security systems, and over the last year Darktrace has discovered 28% more threats within Cloud and SaaS than observed in 2017. In fact, the Gartner Risk Management Council identified cloud computing as the most significant emerging cyber-risk of 2018, since even CASBs and native security controls fail to identify the entire spectrum of cyber-threat.
The future of non-traditional IT attacks
Although the perpetual evolution of the cyber-threat landscape prevents anyone from forecasting tomorrow’s attacks with total confidence, we can use these insights to predict some major trends this year and beyond. One overarching trend is the increasing automation of attacks on IoT devices and on the cloud, while there is every reason to suspect that more automated, even artificial intelligence-powered attacks are on the horizon.
For the same reasons that cloud environments are a challenge to protect, they can also be difficult to infiltrate, since they expose attack surfaces that are expansive and constantly shifting. Malware equipped with AI elements, meanwhile, could continuously scan a company’s cloud deployment until it spots a vulnerability, and then use its own ‘judgment’ to exploit that vulnerability before it disappears — without having to ‘phone home’ to the criminals behind the attack for instructions. And when targeting an IoT device, this kind of AI malware could leverage contextualisation to blend in to its surroundings, sitting passively while learning to emulate the device’s normal behaviour.
The blind spots introduced by the explosion of IoT devices and cloud services — as well as the difficulty of securing the network perimeter given the vulnerabilities that these technologies present — will undoubtedly rank among the most severe security challenges of 2019. And as AI-powered attacks become a fact of life, securing such non-traditional IT will require thinking beyond traditional cyber defences.
To discuss more about the biggest cyber threats, why not register for Cyber Security X, Register your interest here.