Threats in 2018: AI, ransomware, and privacy
By Dzof Azmi January 23, 2018
- McAfee stresses the need to cooperate to fight threats with the tagline "Together is Power”
- The threatscape continues to expand, and McAfee's CTO stresses "there is no silver bullet"
MCAFEE has released its McAfee Labs 2018 Threats Predictions Report and its conclusions built upon the ideas they presented at the MPOWER Cybersecurity Summits in Las Vegas and Sydney last year.
For all the new technology and product announcements commonplace at such events, this year the accent was on the more human side of security: the need for cooperation.
"This is something no organisation, no company, no individual can defeat alone," said McAfee CEO Chris Young at the keynote speech this year at the MPOWER Cybersecurity Summit in Sydney.
"This is something we have to take very seriously, not only in this room, but boardrooms and United Nation assemblies around the world."
A technological arms race
"Every year that threatscape continues to expand," said Steve Grobman, the CTO for McAfee, commenting on the vulnerabilities exposed by new technologies, and lessons learned by attackers as they probe for weaknesses.
Already there is conjecture that the Wannacry and NotPetya attacks earlier this year were test runs, and McAfee warns that the complexity and diversity of ransomware attacks in 2018 is likely to grow.
The latest tool to be deployed by McAfee against this onslaught is Artificial Intelligence (AI) and machine learning.
Grobman stresses that McAfee uses this with a multitude of technologies to counter threats, including reputation threat intelligence, and traditional signature-based capabilities.
But technology is usable by both sides, and McAfee predicts that by next year, attackers will be using AI as part of their arsenal.
"If we think like the adversary and we assume that the threat defence technology that we build today will have counter-measures built to evade them and we think about that early in the lifecycle, we can build more resilient capabilities."
To demonstrate this, Grobman presented their research where machine learning is used to "defeat" Optical Character Recognition (OCR) technology by adding noise in such a way that humans can still read the text, but the OCR algorithm fails.
Presumably the next step will be to teach machines to learn how to improve their OCR capabilities to circumvent this intelligent "attacker".
Nevertheless, Grobman admitted that "there is no silver bullet technology to defend your organisation".
The cloud hides vulnerabilities
Another point made during MPOWER was that an increasing number of organisations are becoming dependant on the cloud to deliver their solutions quickly and economically. However, this also represents a vulnerability outside the company's scope of control.
"The endpoint in the cloud will become the control point for defending against the most sophisticated attacks," elaborated Young when talking about threats in the next three to five years.
In the same vein, a threat identified in the Predictions Report is Serverless Apps. These are apps that depend on third-party services in the cloud, including applications whose service-side logic is run in stateless compute containers on the cloud.
There needs to be coordination between the app developer and the third-party provider to ensure that there are no vulnerabilities that exploit privilege escalation and application dependencies, for example.
Another risk is data in transit across the network can be intercepted or be exploited to brute-force denial of service attacks.
The enemy in your home
McAfee also identified issues related to devices in the home, with more and more corporations gathering personal data to provide what McAfee calls "a corporate virtual store front" in the home.
McAfee also specifically expressed concern about what happens to data generated as children use apps and services on the Internet.
Already, earlier this year the FBI warned parents to be wary of connected children's toys that collected identifiable information.
The concern is that personal data, like a child's words and actions, are also being inadvertently collected and stored on a server somewhere, and it is not clear how it will be used in the future.
"Together is Power"
In the meantime, Grobman sees much benefit in collaborating with others to put up better defences, giving credence to the new tagline announced earlier this year, "Together is Power".
"We want to make it so a McAfee plus a competitor product is more capable than a McAfee and competitor product being two independent and isolated products," explained Grobman.
As an example, he cited the integration between McAfee's OpenDXL and Cisco's pxGrid frameworks, allowing McAfee and Cisco products to message and pass calls to each other.
However, this sense of camaraderie has limits, given McAfee's announcement in October that they will no longer permit foreign governments to examine the company's source codes.
This is particularly pointed given the vulnerabilities alleged in security software from other companies earlier this year, most notably Kaspersky.
"Not having governments inspect source code where we don't know what they'll do with that knowledge is key," explained Grobman, while closing with the assurance that "we do not have back doors in any of our products for any reason".