Daily Archives: December 20, 2019

Selling Privacy: The Next Big Thing for Entrepreneurs

Black Friday and Cyber Monday made clear that the online-offline divide in consumers’ minds has almost disappeared. Among the big winners for sales in 2019 will be a device that is perhaps the best physical representation of that diminishing online-offline divide: the digital assistant.

The main contenders for consumer dollars this year come by way of Amazon, Google, and Apple.

Amazon Echo smart home products have been among the company’s most popular items for a while now, but they hit new records in the recent four-day stretch from Black Friday to Cyber Monday. Internet connectivity continues its march to omnipresence in everyday consumer goods.

Televisions feature built-in internet functionality, and the FBI just released a warning about them.

A number of the newer TVs also have built-in cameras. In some cases, the cameras are used for facial recognition so the TV knows who is watching and can suggest programming appropriately. There are also devices coming to market that allow you to video chat with Grandma in 42″ glory.

Beyond the risk that your TV manufacturer and app developers may be listening to and watching you, that television can also be a gateway for hackers to come into your home. A bad cyber actor may not be able to access your locked-down computer directly, but it is possible that your unsecured TV can give him or her an easy way in the backdoor through your router.

Hackers can also take control of your unsecured TV. At the low end of the risk spectrum, they can change channels, play with the volume, and show your kids inappropriate videos. In a worst-case scenario, they can turn on your bedroom TV’s camera and microphone and silently cyberstalk you.

The conveniences afforded by all this new connected technology are great, but it’s important to bear in mind that it also has its downside.

Even basic home goods like doorbells and light bulbs are commonly being sold with Wi-Fi connectivity and the ability to integrate into Google Home-, Siri-, or Alexa-enabled networks. These devices don’t just talk to one another. They’re also providing the companies that manufactured them with a gold mine of data about how they’re being used–and, increasingly, who is using them.

It’s not just IoT gadgets. Tech companies are busy these days trying to weave their way into your wallet, your entertainment, and your health, all the while mining as much data as possible to leverage into other markets and industries.

This has an air of inevitability about it because the right entrepreneur has not yet had the right aha! moment to make it stop being an issue. That said, cracks in the current personal information smash-and-grab approach to consumer data are beginning to appear, and consumers are becoming increasingly wary of how their data is being collected and used as well as who has access to it.

Break Out the Torches and Pitchforks

If a consumer revolt sounds overly optimistic, consider the uproar earlier this year over revelations that smart home speakers were eavesdropping consistently and sometimes indiscriminately on consumers, and the resulting semi-apologies issued by Apple, Amazon, and Google.

Or look at the ongoing civil rights concerns regarding Amazon’s Ring surveillance cameras, or the recent lawsuit against TikTok for allegedly offloading user data to China, or the reports of customers abandoning their Fitbits after the company was acquired by Google.

The message seems clear to me. Consumers may enjoy the convenience and easy access to the internet, but more and more they bristle at the lack of transparency when it comes to the way their data is being handled and used by third parties, and the seeming inevitability that it will wind up on an unsecured database for any and all to see.

While the fantasy of consumers uninstalling and unplugging en masse is common among a small community of sentient eels indigenous to the Malarkey Marshes of Loon Lake, there remains a business opportunity for the larger online community.

Will the Genius of Loon Lake Please Stand Up?

The effort to create a more privacy- and security-centric internet experience for consumers has largely been led by nonprofit organizations. World Wide Web inventor Tim Berners-Lee has been publicly discussing plans to create a follow-up with the aim of reverting to its original ideals of an open and cooperative global network with built-in privacy protections.

Meanwhile, the nonprofit Mozilla organization has revamped its Firefox browser to block several types of ad trackers by default and provide greater security for saved passwords and account information, in addition to publishing an annual guide to score internet-connected devices for their relative privacy friendliness and security. Wikipedia founder Jimmy Wales announced in November a service meant to provide an alternative to Twitter and Facebook reliant on user donations rather than the other social platforms’ often Orwellian ad tracking software.

Without a user base or killer app to drive adoption, Berners-Lee’s new web has been in the works for years, and Wales’s idea is a rehashing of a similar project called WikiTribune that also never managed to find its footing. Firefox is a quality browser, but its market share pales next to Google Chrome’s.

Thus far, nonprofit-driven alternatives have found no lure to drive consumer adoption. The next stage of privacy-centric development may need to have a profit motive to make inroads into the privacy protocols and proxies that dominate apps and devices. It can’t be merely self-sustaining, but rather must be compelling for users, developers, and engineers. One such company, Nullafi, has the right idea: anonymizing and individualizing a user’s most common digital identifier by creating email burners that redirect to the user’s private account. (Full disclosure: I’m an investor.) We need to see more of this kind of development, and we need to see it get adopted.

The current large-scale investment in cybersecurity proves there’s a market in our post-Equifax-breach world where awareness of data vulnerability and the possibility of getting hacked have hit critical mass. The time for the unicorns to arrive is now.

The post Selling Privacy: The Next Big Thing for Entrepreneurs appeared first on Adam Levin.

Cisco ASA DoS Bug Attacked in Wild

This post authored by Nick Biasini

Cisco Talos has recently noticed a sudden spike in exploitation attempts against a specific vulnerability in our Cisco Adaptive Security Appliance (ASA) and Firepower Appliance. The vulnerability, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal bug found in the web framework of the appliance. The attacker can use a specially crafted URL to cause the ASA appliance to reboot or disclose unauthenticated information.

This vulnerability was first noticed being exploited publicly back in June 2018, but it appeared to increase in frequency in the past several days and weeks. As such, we are advising all customers to ensure they are running a non-affected version of code. Additionally, we want to highlight that there is a Snort signature in place to detect this specific attack (46897). Concerned customers should ensure it is enabled in applicable policies that could detect this exploitation attempt.

Read More>>

The post Cisco ASA DoS Bug Attacked in Wild appeared first on Cisco Blogs.

Threat Roundup for December 13 to December 20

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between Dec 13 and Dec 20. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats.

As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net.

Read More

Reference:

TRU12202019 – This is a JSON file that includes the IOCs referenced in this post, as well as all hashes associated with the cluster. The list is limited to 25 hashes in this blog post. As always, please remember that all IOCs contained in this document are indicators, and that one single IOC does not indicate maliciousness. See the Read More link above for more details.

The post Threat Roundup for December 13 to December 20 appeared first on Cisco Blogs.

Maze Ransomware Operators Publish User Information

As if it wasn’t hard enough to have their data compromised, businesses who fell victim to Maze ransomware are now facing another threat: their data could become public.

Maze’s operators have been collecting data from victim organisations for a while, ultimately using it as a weapon until payment is received to decrypt archives. Now, for all those victims who refuse to pay the ransom, they threaten to release the data.

In this respect, a website was created by the threat actor where they identified the names and websites of eight businesses who allegedly refused to pay the sum demanded to retrieve their records.

According to technology journalist Brian Krebs, even though the event did not make news, at least one of the businesses on that list was actually targeted by Maze ransomware.

The Maze operators publish data on that page, such as the initial date of contamination, certain compromised records (office, text and PDF files), the overall volume of data allegedly obtained from the company, and the IP addresses and computer names of the infected servers.

The step is not shocking, particularly since the people behind Maze have been engaging in exfiltrating victim details for a while now and are also threatening to publicly disclose that information if the victim does not pay the demanded ransom.

Throughout one instance in which the Maze ransomware was introduced, the perpetrators first leveraged Cobalt Strike since obtaining access to the network, collecting data about the target area before advancing laterally. Also used was a tactic commonly associated with Russian agent of danger Cozy Bear.

The hackers then began using PowerShell to exfiltrate data and connect to a remote FTP server. They only implemented Maze ransomware after this phase was done to encrypt the data of the victim.

Cobalt Strike was used again after the original breach in another event that Cisco Talos attributed to the same perpetrator, and PowerShell was used to dump large amounts of data using FTP. Without making the information available, the attackers then demanded payment.

The two events are primarily linked through the Command and Control (C&C) technology used— the data was deposited to the same server as in the previously mentioned accident— using 7-Zip to compact the collected data, interactive logins through Windows Remote Desktop Protocol, and remote execution of PowerShell.

“The use of targeted ransomware attacks isn’t new and, unfortunately, it’s not going anywhere anytime soon. This is an extremely lucrative attack avenue for adversaries and as such, its popularity is likely only going to increase. What makes these particular attacks interesting is the additional monetization avenue of exfiltrating data in the process,” Talos points out.

The threat agent could demand more money from the victim with this data in hand, or could monetize it by selling it to other cyber criminals on dark web platforms. Not to mention that entities will pay for the damage incurred by their data being published.

“This trend of achieving maximum monetary gain for their nefarious activities is increasingly common in the crimeware space […]. Expect adversaries to be increasingly aware of the systems and networks they are compromising as all systems and networks are not created equally and some have much higher profit margins, when compromised,” Talos concludes.

The post Maze Ransomware Operators Publish User Information appeared first on .

The 3 W’s in Zero Trust Security

Picture this scenario: you are a security guard at an office building. Today you are looking after a restricted area. A person you’ve never seen before walks straight past you into one of the rooms. Would you stop them or would you just assume they are allowed to be there?

In a physical world, trust is most commonly based on who you are, not where you are. A savvy security guard would ask you for your ID before allowing you in. Virtually, though, the situation is different: being in the right place is often enough. If you are inside of a company’s network perimeter, it is often assumed you have the right to be there. You gain access to the same data and tools that any other trusted user would. It’s clear that such an approach is no longer enough.

Zero trust security comes in as an alternative model, more in line with the current threat landscape.  It is based on the principle of “always check, never trust“, originally introduced by Forrester. It takes into account 3 main factors:

  • Workforce: Employees are at risk of identity theft, which is one of the most widespread types of fraud today.
  • Workload: New vulnerabilities in applications and their improper management open highways for cybercriminals.
  • Workplace: With more and more connected devices, the workspace has extended far beyond the four walls of you company building.

Moving from a perimeter model to Zero Trust means assessing, adapting and implementing new security policies that address threats in a constantly changing environment. In this trust-centric approach access is granted to users and devices, not a network.

What's different in a Zero-Trust Approach

This means that policies now need to be calculated based on a vast number of data sources. All network activities must be continuously taken into account. Any indications of compromise or changes in the behaviour of apps, users and devices must be examined, validated and receive immediate responses.

How to apply a Zero Trust model

Cisco’s practical approach to Zero Trust includes six important steps.

  1. Establish levels of trust for users and user devices (identity verification with multi-factor authentication and device status, which must be compliant and properly updated)
  2. Establish levels of reliability for IoT and/or workloads (profile and baseline)
  3. Establish SD perimeters to control access to the application (authorised access)
  4. Establish SD perimeters to control access to the network (segmentation and micro-segmentation)
  5. Automate the adaptive policy using normalisation (network, data centre and cloud)
  6. Automate the adaptive policy using the response to threats (adapt the level of trust)

 

Cisco Zero-Trust Model: Duo for Workforce, SD-Access for workplace and Tetration for Workload

Zero Trust Security involves people, processes and technology in its adoption. It can provide a roadmap for a truly efficient and automated security infrastructure.

Join us at Cisco CISO Day in Barcelona

We will cover zero trust security and other strategic topics at the “Cisco CISO Day“, an exclusive event for CISOs, taking place on 27 January 2020 in Barcelona at the Cisco Co-Innovation Center. It is a great opportunity to talk with colleagues and experts and find concrete answers to any burning security questions.

 

Register for Cisco CISO Day

 

The post The 3 W’s in Zero Trust Security appeared first on Cisco Blogs.

This Week in Security News: Microsoft vs. Amazon in the Cloud and Escalated Risk in the Oil and Gas Industry

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about cybersecurity risk facing the oil and gas industry and its supply chain. Also, read about what Trend Micro’s CEO, Eva Chen, has to say about Microsoft and Amazon’s battle for cloud leadership.

Read on:

How to Get the Most Out of Industry Analyst Reports

In this video blog, Trend Micro’s Vice President of Cybersecurity, Greg Young, taps into his past experience at Gartner to explain how to discern the most value from industry analysts and help customers understand how to use the information.

Top Gun 51 Profile: Trend Micro’s Jeff Van Natter Sees Distributors as Key to Reaching New Partners

In an interview with Channel Futures, Trend Micro’s Jeff Van Natter explains why he believes distributors will continue to play an important role for Trend as it looks to expand its partner ecosystem.

How to Speed Up a Slow PC Running Windows OS

The first step to improving your Windows PC performance is to determine what’s causing it to run slow. In this blog, learn about eight tips on how to fix a slow PC running Windows and how to boost your PC’s performance.

We Asked 13 Software Execs Whether Microsoft Can Topple Amazon in the Cloud, and They Say There’s a Chance but It’ll Be a Hard Battle

Business Insider talked to 13 executives at companies that partner with Microsoft and Amazon on cloud platforms for their take on the rivalry between the two, and whether Microsoft can win. In this article, read about what Trend Micro CEO Eva Chen has to say about the rivalry.

DDoS Attacks and IoT Exploits: New Activity from Momentum Botnet

Trend Micro recently found notable malware activity affecting devices running Linux. Further analysis of the malware samples revealed that these actions were connected to a botnet called Momentum, which has been used to compromise devices and perform distributed denial-of-service (DDoS) attacks.

Oil and Gas Industry Risks Escalate, Cybersecurity Should Be Prioritized

The oil and gas industry and its supply chain face increased cybersecurity risks from advanced threat groups and others as they continue to build out digitally connected infrastructure, Trend Micro research reveals.

Christmas-Themed Shopping, Game and Chat Apps Found Malicious, Lure Users with Deals

Security researchers caution Android users when downloading apps for shopping, games, and Santa video chats as they found hundreds of malicious apps likely leveraging the season to defraud unwitting victims via command-and-control (C&C) attacks, adware or “excessive or dangerous combinations of permissions,” such as camera, microphone, contacts and text messages.

New Orleans Mayor Declares State of Emergency in Wake of City Cyberattack

New Orleans Mayor LaToya Cantrell declared a state of emergency last Friday after the city was hit by a cyberattack where phishing attempts were detected. Cantrell said the attack is similar to the July 2019 attack on the state level where several school systems in Louisiana were attacked by malware.

Credential Harvesting Campaign Targets Government Procurement Sites Worldwide

Cybersecurity company Anomali uncovered a campaign that used 62 domains and around 122 phishing sites in its operations and targeted government procurement services in 12 countries, including the United States, Canada, Japan, and Poland.

Schneider Electric Patches Vulnerabilities in its EcoStruxure SCADA Software and Modicon PLCs

Schneider Electric released several advisories on vulnerabilities they have recently fixed in their EcoStruxure and Modicon products. Modicon M580, M340, Quantum and Premium programmable logic controllers (PLCs) were affected by three denial of service (DoS) vulnerabilities.

FBot aka Satori is Back with New Peculiar Obfuscation, Brute-force Techniques

Trend Micro recently observed that the Mirai-variant FBot, also known as Satori, has resurfaced. Analysis revealed that this malware uses a peculiar combination of XOR encryption and a simple substitution cipher, which has not been previously used by other IoT malware variants. Additionally, the credentials are not located within the executable binary — instead, they are received from a command-and-control (C&C) server.

15 Cyber Threat Predictions for 2020

As 2020 nears, this article outlines the cyber threats that Trend Micro’s research team predicts will target organizations in the coming year, and why.

Negasteal/Agent Tesla Now Gets Delivered via Removable Drives, Steals Credentials from Becky! Internet Mail

Trend Micro recently spotted a Negasteal/Agent Tesla variant that uses a new delivery vector: removable drives. The malware also now steals credentials from the applications FTPGetter and Becky! Internet Mail.

Into the Battlefield: A Security Guide to IoT Botnets

The internet of things (IoT) has revolutionized familiar spaces by making them smarter. Homes, offices and cities are just some of the places where IoT devices have given better visibility, security and control. However, these conveniences have come at a cost: traditional cyberthreats also found a new arena for attacks and gave rise to realities like IoT botnets.

 

What’s your take on whether or not Microsoft can topple Amazon in the cloud? Share your thoughts in the comments below or follow me on Twitter to continue the conversation: @JonLClay.

The post This Week in Security News: Microsoft vs. Amazon in the Cloud and Escalated Risk in the Oil and Gas Industry appeared first on .

Apple Opens Its Invite-Only Bug Bounty Program to All Researchers

As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago, Apple's bug bounty program was open only for selected security researchers based on invitation and

Cyber News Rundown: Honda Customer Data Leak

Reading Time: ~ 2 min.

Honda Customer Database Exposed

Officials have been working over the past work to secure a database containing highly sensitive information belonging to more than 26,000 North American customers of the Honda motor company. The database in question was originally created in October and was only discovered on December 11. While no financial information was included in the leak, the records did contain names, VIN numbers, and service details for thousands of customers.

Boeing Contractor Data Leak

Nearly 6,000 defense contractors working for Boeing have had personal information leaked after a user error left an Amazon web service bucket publicly exposed. The 6,000 Boeing staff are only a small portion of the 50,000 individual records found on the leaked server, many of whom were involved in confidential projects for the Department of Defense. These types of data leaks are increasingly common as more users are not properly securing their servers or using any form of authentication.

Sextortion Email Campaign Shutdown

After months spent chasing them across Europe, authorities have arrested the authors responsible for the Nuclear Bot sextortion campaign. With their Nuclear Bot banking trojan, the team was able to compromise roughly 2,000 unique systems and use them to help distribute malicious emails. Though it’s been verified that the original authors are in custody, the source code for Nuclear Bot was made public in the hope no money would be made from its sale.

Emotet Sent from Phony German Authorities

A new email campaign has been disguising itself as several German government agencies and spreading the Emotet trojan, infecting multiple agency systems. This campaign differs from previous Emotet attacks by appearing as a reply from a prior email to appear more legitimate. To best defend against these attacks, users are strongly encouraged to check both the sender’s name and address as well as ensuring that macros aren’t enabled in their Office apps.

LifeLabs Pays Ransom After Cyber-Attack

Canadian testing company LifeLabs decided to pay a ransom after attackers illicitly accessed the sensitive information for all 15 million of its customers. Oddly, many of the records being found date back to 2016 or earlier and have yet to be identified on any illicit selling sites. LifeLabs has since contacted all affected customers and has begun offering identity monitoring services.

The post Cyber News Rundown: Honda Customer Data Leak appeared first on Webroot Blog.

Hackers Stole Customers’ Payment Card Details From Over 700 Wawa Stores

Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at

12 days of Christmas Security Predictions: What lies ahead in 2020

Marked by a shortage of cyber security talent and attackers willing to exploit any vulnerability to achieve their aims, this year emphasised the need for organisations to invest in security and understand their risk posture. With the number of vendors in the cyber security market rapidly growing, rising standard for managing identities and access, and organisations investing more in security tools, 2020 will be a transformational year for the sector.

According to Rob Norris, VP Head of Enterprise & Cyber Security EMEIA at Fujitsu: “We anticipate that 2020 will be a positive year for security, and encourage public and private sector to work together to bring more talent to the sector and raise the industry standards. As the threat landscape continues to expand with phishing and ransomware still popular, so will the security tools, leaving organisations with a variety of solutions. Next year will also be marked by a rush to create an Artificial Intelligence silver-bullet for cyber security and a move from old-fashioned password management practices to password-less technologies.”

“As cyber criminals continue to find new ways to strike, we’ll be working hard to help our customers across the world to prepare their people, processes and technology to deal with these threats. One thing to always keep in mind is that technology alone cannot stop a breach - this requires a cultural shift to educate employees across organisations about data and security governance. After all, people are always at the front line of a cyber-attack.”

What will 2020 bring with Cybersecurity?

In light of this, Rob Norris shares his “12 Days of Christmas” security predictions for the coming year.

1. A United front for Cyber Security Talent Development
The shortage of cyber security talent will only get worse in 2020 - if we allow it to.

The scarce talent pool of cyber security specialists has become a real problem with various reports estimating a global shortage of 3.5 million unfulfilled positions by 2021. New approaches to talent creation need to be considered.

The government, academia, law enforcement and businesses all have a part to play in talent identification and development and will need to work collaboratively to provide different pathways for students who may not ordinarily be suited to the traditional education route. Institutions offering new cyber security courses for technically gifted individuals are a great starting point, but more will need to be done in 2020 if the shortage is to be reduced.

2. Cloud Adoption Expands the Unknown Threat Landscape 
It will take time for organisations to understand their risk posture as the adoption of cloud services grows.

While the transition to cloud-based services will provide many operational, business and commercial benefits to organisations, there will be many CISO’s working to understand the risks to their business with new data flows, data storage and new services. Traditional networks, in particular, boundaries and control of services are typically very well understood while the velocity and momentum of cloud adoption services leaves CISO’s with unanswered questions. Valid concerns remain around container security, cloud storage, cloud sharing applications, identity theft and vulnerabilities yet to be understood, or exposed.

3. The Brexit Effect 
Brexit will have far-reaching cyber security implications for many organisations, in many countries.

The UK and European markets are suffering from uncertainty around the UK’s departure from the European Union, which will affect the adoption of cyber security services, as organisations will be reticent to spend until the impact of Brexit is fully understood.

The implications of data residency legislation, hosting, corporation tax, EU-UK security collaboration and information sharing are all questions that will need to be answered in 2020 post-Brexit. There is a long-standing collaborative relationship between the UK and its EU counterparts including European Certs and Europol and whilst the dynamics of those working relationships should continue, CISO’s and senior security personnel will be watching closely to observe the real impact.

4. SOAR Revolution 
Security Orchestration, Automation and Response (SOAR) is a real game-changer for cyber security and early adopters will see the benefits in 2020 as the threat landscape continues to expand.

Threat intelligence is a domain that has taken a while for organisations to understand in terms of terminology and real business benefits. SOAR is another domain that will take time to be understood and adopted, but the business benefits are also tangible. At a granular level, the correct adoption of SOAR will help organisations map, understand and improve their business processes. By making correct use of their technology stack and associated API’s early adopters will get faster and enhanced reporting and will improve their security posture through the reduction of the Mean Time To Respond (MTTR) to threats that could impact their reputation, operations and bottom-line.

5. Further Market Fragmentation will Frustrate CISOs 
The number of vendors in the cyber security market has been rapidly growing and that will continue in 2020, but this is leading to confusion for organisations.

The cyber security market is an increasingly saturated one, often at the frustration of CISO’s who are frequently asked to evaluate new products. Providers that can offer a combined set of cyber security services that deliver clear business outcomes will gain traction as they can offer benefits over the use of disparate security technologies such as a reduction in contract management, discount provisioned across services, single point of contacts and reduction in services and technologies to manage.

Providers that continue to acquire security technologies to enhance their stack such as Endpoint Detection and Response (EDR) or technology analytics, will be best positioned to provide the full Managed Detection and Response (MDR) services that organisations need.

6. Artificial Intelligence (AI) will need Real Security 
2020 will see a rise in the use of adversarial attacks to exploit vulnerabilities in AI systems.

There is a rush to create an AI silver-bullet for cyber security however, there is currently a lack of focus on security for AI. It is likely we will see a shift towards this research area as “adversarial” approaches to neural networks could potentially divulge partial or complete data points that the model was trained on. It is also possible to extract parts of a model leading to intellectual property theft as well as the ability to craft “adversarial” AI which can manipulate the intended model. Currently, it is hard to detect and remediate these attacks.

There will need to be more focus on explainable AI, which would allow for response and remediation on what are currently black-box models.

7. Organisations will need to Understand how to make better use of Security Tools and Controls at their Disposal 
Customers will need to take better advantage of the security measures that they already have available. 

The well-established cloud platforms already contain many integrated security features but organisations are failing to take advantage of these features, partly because they do not know about them. A greater understanding of these features will allow organisations to make smarter investment decisions and we expect to see a growing demand for advice and services that allow organisations to optimally configure and monitor those technologies to ensure they have minimal risk and exposure to threats.

Fujitsu predicted last year that securing multi-cloud environments will be key going forward and organisations continue to need to find a balance of native and third-party tools to drive the right solution for their objectives.

8. Do you WannaCry again? 
The end of support for Windows Server 2008 and Windows 7 will open the door for well-prepared attackers.

January 2020 sees the official end of support life for all variants of Windows Server 2008 and Windows 7, which share elements of the same code base. This means that both end-user devices and data center servers will be equally vulnerable to the same exploits and opens the possibility that organisations could be susceptible to attacks that cause large outages.

In 2017, Wannacry surfaced and caused some well-publicised outages including well-known organisations from across the healthcare, manufacturing, logistics and aerospace industries. Microsoft had released patches two months before and recommended using a later version of the impacted components. We also learned in 2017, via Edward Snowden, that nation-states have built up an armoury of previously undisclosed exploits. These exploits are documented to target the majority of publicly available Operating Systems and so it stands to reason that cyber criminals could have also built a war chest of tools which will surface once the end of vendor support has passed for these Operating systems.

9. Rising the Standard for Managing Identities and Access
Federated Authentication, Single Sign-On and Adaptive Multi-Factor will become standard, if not required, practices in 2020.

2020 will see organisations continuing their adoption of hybrid and multi-cloud infrastructures and a ‘cloud-first’ attitude for applications. This creates the challenge of managing the expanding bundle of associated identities and credentials across the organisation.

Identities and associated credentials are the key attack vector in a data breach - they are ‘keys to the kingdom’. Without sufficient controls, especially for those with privileged rights, it is becoming increasingly difficult for organisations to securely manage identities and mitigate the risk of a data breach. Capabilities such as Federation Authentication, Single Sign-On and Adaptive Multi-Factor address the challenge of balance between security and usability, and we see this becoming standard, if not required, practice in 2020.

10. Extortion Phishing on the Rise 
Taboo lures enhanced phishing and social engineering techniques will prey on user privacy.

We are seeing an increase in a form of phishing that would have a recipient believe their potentially embarrassing web browsing and private activity has been observed with spyware and will be made public unless a large ransom is paid.

Since their widespread emergence last year, the techniques used by these extortionists to evade filters continue to develop. Simple text-only emails from single addresses now come from ‘burnable’ single-use domains. Glyphs from the Cyrillic, Greek, Armenian and extended Latin alphabets are being used to substitute letters in the email to bypass keyword filters and Bitcoin wallets are rotated often and used to associate a recipient with a payment.

The psychological tricks used in the wording of these emails will develop and likely aid their continued success.

11. Passwords become a Thing of the Past 
We will see increasing adoption of end-to-end password-less access, especially in scenarios where Privileged Access Management (PAM) is required.

Next year we will see a move from old-fashioned password management practices to password-less technologies. The increasing number of cases where privileged credentials and passwords are required, but are painful to manage in secure and cost effective, way will drive this shift. Passwords are easy to forget and the increasing complexity requirements placed upon users increases the chances of passwords having to be written down – which is self-defeating. Biometric technologies and ephemeral certificates will provide a more secure and user-friendly way to manage credentials and ensure assets and data are kept secure.

12. Ransomware not so Random
As more organisations employ negotiators to work with threat actors, ransomware is likely to decrease next year.

In 2019, we observed a shift in the way certain ransomware ransom notes were constructed. Traditionally, ransomware notes are generic template text informing the victim that their files are encrypted and that they must pay a set amount of Bitcoin in order to have their files unencrypted.

When threat actors successfully deploy ransomware network-wide and achieve other deployment objectives, they inform their victims their files are encrypted. Crucially, however, they do not reveal the price they demand for their decryption. Instead, threat actors seek to open a dialogue with the victim to discuss a price. This change has seen organisations employ negotiators to work with threat actors on managing and, hopefully, reducing the demand and we expect this to continue in 2020.