Attackers are not just getting smarter, they are also using the most advanced technologies available, the same ones being used by security professionals – namely, artificial intelligence (AI) and machine learning (ML). Meanwhile, the widespread adoption of cloud, mobile and IoT technologies has created a sprawling IT attack surface that is getting harder to protect from cyber threats, since fixing every existing vulnerability in these infrastructures is unfeasible and impossible. Here are four ways attackers will exploit technology in new and creative ways over the next 12 months. AI Bias will Pose New Security Risks The bias issue is in its infancy now, but will grow rapidly this year and beyond. We can expect attackers to exploit the vulnerabilities associated with it. Since algorithms are being applied everywhere, bias will follow them. For example, for AI to function properly in cybersecurity, a continuous feed of quality data is required. Garbage in will produce garbage out, such as too many false positives and/or too many false negatives. Furthermore, AI gives probable, rather than definitive answers. We expect AI bias to increase this year, since many users are not updating their base data and results are not being verified by security analysts. Under these circumstances, AI can have the reverse effect for cybersecurity. Instead of making organizations more secure, AI will generate unreliable insights, that if followed will increase, not decrease, risk. Automation/Orchestration Tools will be Hijacked Automation and orchestration tools allow developers and security professionals to achieve new levels of speed and efficiency using unattended processes performed in software. These frameworks, if compromised by attackers, can be co-opted for malicious purposes. For example, Kubernetes, the world's most popular cloud container orchestration system, experienced its first major security vulnerability recently. The bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, allows specially crafted requests to establish a connection through the Kubernetes API server to backend systems, then send arbitrary requests over the same connection directly to these machines. Exploiting just one Kubernetes vulnerability would enable an attacker to take down containers across the globe. While the Kubernetes bug has been fixed, the writing on the wall is clear: more automation and orchestration tools will be targeted in the next 12 months. Robotic Process Automation Will be Targeted Robotic process automation (RPA) is being used to control a wide range of operational technologies in manufacturing and many other critical infrastructure sectors. From a security standpoint, RPA creates a dangerous new attack surface that has multiple layers, including a robust web layer, an API layer, a data exchange layer, and so on. Plus, RPA systems lack robust defence mechanisms. While we did not seen many RPA vulnerabilities disclosed in 2018 – this is likely to change this year as RPA solutions go increasingly mainstream. If exploited, these vulnerabilities could compromise an entire industrial plant or even several facilities at once. API Attacks Will Increase Many companies fail to protect their APIs with the same level of security they devote to networks and business-critical applications. As a result, APIs have far reaching security implications for security teams. Case in point: Google, which announced it would be shutting down Google+ because of an API compromise. The Google experience is just the tip of the iceberg, as companies rarely disclose API attacks. More high-profile API attacks are inevitable as they provide hackers with the keys to the kingdom, giving them numerous avenues for access into corporate data, processes, and operations. Furthermore, APIs generally contain clear, well-documented details on the inner workings of applications – information that provides hackers with valuable clues on attack vectors they can exploit. While advances in technology provide many benefits when it comes to digital transformation, they also open new threat vectors and the potential for attacks that can spread quickly over connected ecosystems. Maintaining visibility into traditional and emerging (Orchestration, RPA, API, etc.) IT infrastructures and vulnerabilities associated with them will play a central role in reducing security incidents this year. Identifying and fixing those that pose the highest risk will be even more important. About the author: Dr. Srinivas Mukkamala, co-founder and CEO of RiskSense, is a recognized expert on artificial intelligence (AI) and neural networks. He holds a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing. Copyright 2010 Respective Author at Infosec Island via Infosec Island Latest Articles http://bit.ly/2FE2Y9S |
Comments
Post a Comment