In the digital age in which we live, cyber threats are not going away. I have said it time and time again cyberwarfare is here to stay, and the tactics continue to grow in sophistication. Which means the tactics for detecting and preventing attacks must stay ahead of the criminals.
As those businesses that have survived the threats and hacks, and those who have been spared any threats prepare to put another year behind them, they will have a whole new crop of threats to detect and t attempt to prevent in the coming year. I’ll review some of the tactics that are predicted to wreak havoc and keep those of us in the cyber security world very busy.
Both Sides Using AI
The fact is that both, the good guys and the bad guys use AI. But, typically speaking AI is invented and advanced by the good guys, which keeps them at least a step ahead of the bad guys. With that in mind, the following are a few trends identified by Fortinet.com that we in the cybersecurity sector will be looking for and anticipating.
AI Fuzzing tops the list. Fuzzing is a sophisticated technique generally used in lab environments by professional threat researchers to discover vulnerabilities in hardware and software interfaces and applications. They do this by injecting invalid, unexpected, or semirandom data into an interface or program and then monitoring for events such as crashes, undocumented jumps to debug routines, failing code assertions, and potential memory leaks. Though using fuzzing to discover zero-day vulnerabilities has, so far, been beyond the scope of most cybercriminals, as AI and machine learning models are applied to this process it will become more efficient and effective. As a result, the rarity of zero-day exploits will change, which in turn will have a significant impact on securing network devices and systems. https://www.fortinet.com/blog/industry-trends/predictions–ai-fuzzing-and-machine-learning-poisoning-.html
Continual Zero-Days: While a large library of known exploits exists in the wild, our cyber adversaries are actually only exploiting less than 6% of them. However, to be effective, security tools need to be watching for all of them as there is no way to know which 6% the criminals will use. Also as the volume of potential threats continues to grow, performance requirements will continue to escalate as the scope of the potential exploit landscape continues to expand. To keep up, security tools will need to be increasingly more intelligent about how and what they look for. https://www.fortinet.com/blog/industry-trends/predictions–ai-fuzzing-and-machine-learning-poisoning-.html
According to darkreading.com, “While there are some frameworks like zero-trust environments that may have a chance at defending against this reality, it is fair to say that most people are not prepared for the next generation of threats on the horizon — especially those that AI-based fuzzing techniques will soon begin to uncover.” They also state that, “Traditional security approaches, such as patching or monitoring for known attacks, will become nearly obsolete as there will be little way to anticipate which aspect of a device can be potentially exploited. In an environment with the possibility of endless and highly commoditized zero-day attacks, even tools such as sandboxing, which were designed to detect unknown threats, would be quickly overwhelmed.”
Be Prepared For The Next Wave Of Cybercrime
Is your business prepared for the next wave of cybercrime? We are passionate about your information security program. We work with businesses of all sizes from government and military to high-tech firms, retail and manufacturing. Please feel free to contact VORAS Consulting if you need confidential consultations to make the move towards the most secure business.