By John Conwell, data scientist at DomainTools
The security industry is in constant flux. As attackers move the goal posts in order to further their own nefarious aims, the security industry scrambles to keep up. As we approach the beginning of a brand-new year, and a brand-new decade, I have outlined some areas where I believe we will see security threats developing into 2020 and beyond.
DeepFake Driven Phishing: DeepFake is a machine learning technique used to create realistic yet fake audio or video of someone. Over the past year, researchers have been able to create models that can render DeepFake videos in real time at the quality of a mediocre video conference. Such tools have the potential to create a paradigm shift in how we identify and defend against phishing attacks. We’ve been taught to not blindly trust many forms digital communications, but most people wouldn’t second guess the authenticity of a phone call with a voice they recognize. What happens when you get a call or video conference from your CEO asking for their login credentials or to initiate a wire transfer?
Traditional Phishing: Here to Stay
Although we have large leaps in our ability to detect malicious code, we will still see the most unsophisticated types of cyberattacks still continue to see success: phishing. Despite Google’s Gmail service offering really good spam and phishing detection capabilities, the rest of the email platforms are still woefully behind. Phishing is a low-level attack vector that works often and it’s not going away anytime soon.
Mass Cloud Migration
As more companies migrate their infrastructure and services to the Cloud, we will continue to see a growing emphasis on Cloud being a risk. Cloud providers will have to move fast and respond to new attack vectors such as inter-Cloud attacks (“customers” attacking other customers of the same provider or “customers” attacking the hypervisor itself). Responding to these appropriately will be a new challenge and will put the onus on the Cloud providers to get their detection/response processes perfected. Once customers don’t feel safe with a Cloud provider it will be extremely difficult to grow.
Open source software is vital to the Internet, both for building and protecting it’s infrastructure. One risk we are going to continue to see rise is open-source sophisticated malware. This would be the source code to malicious code being made public, which would make it trivial for less technically skilled individuals to attack other organizations while simultaneously making it difficult for threat-actor attribution.
From a security practitioner perspective, an emphasis on knowing how to write automation is going to keep rising. With the merging of Systems Engineering and Development into ‘DevOps’, we will see security engineers following suite. With the emergence of “CI/CD” pipelines, security engineers will need to know how to write automation and security tests in conjunction. Security has to scale with the business and writing automation is no longer a “nice to have” but a “need to have”.
Offensive Machine Learning, Coming to A Red Team Near You:
Security practitioners have long been sceptical of Machine Learning (ML), but I’ve seen that perspective is really starting to shift this year, I think in part due to how accessible ML has become to people with basic programming skills. The proliferation of open source toolkits, examples, and tutorials have made getting started with ML much easier, and I’ve started to see Red Team projects get released that make use ML in creative ways. But as always, Red Team innovation can be a mixed bag. It forces Blue Teams to up their game, but Red Team innovation will inevitably end up in the hands of attackers. TLDR: Offensive ML innovation will be driven by red teams, not hackers.
What the future will really hold for the security space only time will tell: AI and machine learning have been hotly promised as new solutions and threats for years now for example, but if they ever hold up to their much-lauded promise. What we can be sure of however is that the threat landscape will expand, the sums of money and data involved will continue to shock, and organisations will need to continue to step up their security measures in order to stay safe.