February 12, 2018

RSA Event Pod Cast - Predictions for 2018

Featuring James Lyne, Global Research Advisor, Sophos and Mario Vuksan, CEO, Reversing Labs

Listen Pod Cast here: https://soundcloud.com/rsa-conference/hackers-and-threats

In case you missed it during the busy holiday season, RSA Events released a 2018 Predictions Podcast, featuring James Lyne (Global Research Advisor at Sophos) and Mario Vuksan (CEO at ReversingLabs) answering questions on 6 important security topics. Here are the key takeaways.

  1. Indicators of Compromise (IOCs) – what is there future?
    The collection of IOCs and technology that supports that collection continues to grow, but the payoff has not been there. The data is rarely made actionable and with the advent of hybrid and cloud environments, IOC collection will lose additional value. IOC’s in 2018 become the rotary phones of the 70’s – pretty much useless.
  2. Crypto Currencies – what is the future?
    If we look at how cybercriminals use crypto currencies we see a change from the preferred method of illegal payment for services to a focus on attacking the crypto currency wallets and exchanges to steal easy money. In the larger picture, crypto currencies remind us of the private lotteries of the 19th century, an easy way to make money which governments ended up taking over – and that is likely to happen with crypto currencies.
  3. Threat Hunting – what is the future?
    The term is currently too broad. It means everything and nothing. I can do a Google search and I am a threat hunter. But there is value here. The true gumshoe investigation work being done by expert investigators – bring together different data sets, finding hidden connections and relationships, digging into malware code to uncover attributes that can be used for detection and prevention has great value. The problem is there is very little of that occurring and few vendors are focusing on supporting the efforts of those investigators. The result, we will see a decline in the term “threat hunting” as it loses marketing hype, but hopefully the valuable work will continue, even grow.
  4. Security Talent Shortage – what is the future?
    The fact is this problem cycles in and out of the industry every few years. The awareness is has been given, the salary increases that the shortage has created and the increase in exposure and training of the younger generation means a growing pool of talent will be joining the market in the next few years. But this is a natural market cycle so be ready for it to happen again in 5 to 10 years.
  5. NotPetya – How Scary is it?
    NotPetya is very scary and it is the likely shape of future malware. Let’s call it a “symphonic-orchestrated” attack because it brings together multiple attack methods working in a coordinate fashion. NotPetya was “destructiveware” not ransomware, it destroy the computer hard drives and files of the systems it attacked with multiple types of encryption. Its sophistication belies a nation state origin. Its ability to deceive and overcome defenses, carry out multiple stages at the same time and spread very quickly make it a complex attack that security experts need to note and be prepared to defend against. We can expect copycat attacks and improvements on its methods in the future, and if it moves beyond nation state usage and becomes more mainstream, 2018 will be a truly scary year.
  6. Artificial Intelligence – what is the future?
    AI and machine learning are the most over-hyped, misused terms currently in security, and in many other markets for that matter. The terms are messy and confusing. Most security professionals do not really know what they are, and in fact most companies marketing those terms are doing little more than automated database look ups. That said, there are useful applications for these technologies in security and their usage brings a level of sophistication to how security teams work with database and sensor data that has been missing. 2018 is likely to be more of the same hype with very little success in the market, but if it forces us to rethink what we base our decision making on – then there is value.

    We have also heard stories of adversaries using machine learning to optimize attack effectiveness. Our ML battling there ML… isn’t that how “Skynet” started?