2018 will be the Year of Automation when ‘big, bad attacks’ will target automated technology processes

Carl Herberger, vice president of security solutions at Radware, has made his top three predictions for security in 2018. He concludes, looking at the attack patterns in 2016 and 2017 and the technological developments expected in 2018, it will be the ‘Year of Automation’, or more precisely, big, bad attacks on automated technology processes.

  • 6 years ago Posted in
Prediction 1: Artificial Intelligence (AI) Is Weaponised
Elon Musk recently made headlines for suggesting we should be more worried about AI than North Korea, reinforcing fears that the human brain simply can’t outperform or keep pace with certain kinds of automation. No one yet knows exactly what AI can do for humankind nor what happens if AI falls into the wrong hands.
But there is evidence that 2018 could be the year that it happens in earnest as the black market for off-the-shelf attacks is starting to mature. We are already facing a barrage of bad bots fighting good ones.
The only hope will be to fight AI with AI. Already most cyber-security applications use some form of AI to detect attack patterns and other anomalies.
And white and black hats are continually hunting for vulnerabilities and zero-day attack concepts. Both can use machine learning/deep learning to collect information and either fix the problem or, in the case of unethical hackers, create one. These are activities that can be easily automated and it has become a race to find the vulnerabilities first - WannaCry being a prime example of why organisations need to win the race to find and fix.
Other hackers, particularly those tasked with state-sponsored attacks, are more ambitious. For them, research is paramount. Consider that Vladimir Putin is on record stating that World War III will be fought over global AI dominance, with nations fighting over access to these new, powerful resources as they battled for fertile land or precious minerals.
Will AI be used to jam communication links, plunge cities into darkness, set oil rigs on fire or destroy emergency services? Those may be worst-case scenarios, but they point to the need for every enterprise to consider how AI could both damage and protect it.
 
Prediction 2: APIs Come Under Attack
APIs are a double-edged sword for modern applications such as mobile apps, IoT apps and third-party services embedded into existing applications. On one hand, they simplify architecture and delivery. On the other, they introduce a wide range of risks and vulnerabilities. Unfortunately, API vulnerabilities still do not get the required visibility. All of the risks that affect web applications also affect web services.
And yet, traditional application security assessment tools such as Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) either don’t work well with APIs or are simply irrelevant to them.
APIs will be at the heart of many AI capabilities. We believe that protecting them may be the biggest problem of the future of the Internet. Read more here about the specific areas of concern for APIs. https://blog.radware.com/security/2017/12/cyber-security-predictions-2018/
 
Prediction 3: Social Engineering Gets Automated
Social engineering is not a new problem. What has changed is the risk of automation transforming human behavior into vulnerabilities. Automated social engineering makes it possible to do two things:  
  • Exploit human inputs into automated processes and cause them to make automated processes to work against us or on behalf of the perpetrator.
  • Accelerate the speed and effectiveness of longstanding social engineering methods such as phone calls, emails, texts and even conversations.
These issues have already emerged as extremely large automation issues. Dropbox, Amazon Web Services and Google have all announced huge outages caused by human interaction errors with automated processes with either networking or application changes.
 
Striving for Cyber Serenity: Is the Best Behind Us?
2017 was a monumental year. The discovery of BrickerBot marked the first time a software-based botnet would render a physical (IoT) device permanently unusable. It also foreshadowed a new genre of botnets and attack techniques that automate dastardly deeds. The WannaCry and NotPetya ransom attacks that followed each demonstrated crude forms of automation.
The conclusion we can draw is this: If growth of attack surface, techniques and means continues into 2018 through various attacks on automated technologies, the best years of security of our systems may be behind us.
Internet-connected devices are being deployed in virtually every aspect of our lives. Yet they are largely implemented in an insecure manner, often prompting decay to insecure architectures or configurations. The result is an environment in which automated attacks can and will thrive. Let us hope that 2018 will be the year when our collective societies learn how to transform the threat.
By Barry O'Donnelll, Chief Operating Officer at TSG.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Milou Lammers, Director of Compliance, iland.
By Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business at...
By Michael Queenan, co-founder and CEO of Nephos Technologies.
By Tawnya Lancaster, Lead Product Marketing Manager, AT&T Cybersecurity.
Why businesses need a bigger boat for tackling IaC security By Robert Haynes, SCA & Open Source...
Cybersecurity continues to be a major challenge for companies, with as many as four in ten...