Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
NewsTrendMicro
Home›News›THE NEW NORM Trend Micro Security Predictions for 2020

THE NEW NORM Trend Micro Security Predictions for 2020

By admin
19/11/2019
1304
0
Share:

The year 2020 will see a transition to a new decade. So will cybersecurity. Gone are the days of networks isolated behind a company firewall and a limited stack of enterprise applications. The current paradigm demands a wide variety of apps, services, and platforms that will all require protection. Defenders will have to view security through many lenses to keep up with and anticipate cybercrime mainstays, game changers, and new players.

Tried-and-tested methods — extortion, obfuscation, phishing — will remain, but new risks will inevitably emerge. The increased migration to the cloud, for instance, will exacerbate human error. The sheer number of connected assets and infrastructures, too, will open doors to threats. Enterprise threats will be no less complex, mixing traditional risks with new technologies, like artificial intelligence (AI) in business frauds.

Our security predictions for 2020 reflect our experts’ opinions and insights on current and emerging threats and technologies. Our report paints a picture of a possible future landscape driven by technological advances and evolved threats to enable enterprises to make informed decisions on their cybersecurity posture in 2020 and beyond. The future looks complex, exposed, and misconfigured — but it is also defensible.

THE FUTURE IS COMPLEX

The way the threat landscape has evolved over the years proves that threat actors remain undeterred from compromising systems for their own gain. They shift and adapt in their choice of attack vectors and tactics — prompting the need for users and enterprises to stay ahead.

Attackers will outpace incomplete and hurried patches.

System administrators will find themselves in a dual predicament: ensuring the timeliness as well as the quality of patches being deployed. Incomplete or defective patches can break and disrupt critical systems, but delaying their application can expose systems to threats. Previous cases have shown how incomplete patches can be bypassed to exploit the vulnerability the patch is trying to fix. Attackers will also capitalize on “patch gaps” — windows of exposure between a flaw in an open-source component being fixed and its patch being applied to the software that uses it.

Banking systems will be in the crosshairs with open banking and ATM malware.

Mobile malware targeting online banking and payment systems will be more active as mobile online payments in Europe thrive with the European Union’s (EU) Revised Payment Service Directive (PSD2). The Directive’s implementation will have cybersecurity implications for the banking industry — from flaws in application programming interfaces (APIs) to new phishing schemes.

In the underground scene, the sale of ATM malware will further gain ground. We foresee ATM malware families competing for dominance, where they will try to outdo each other in terms of malware features and price. Cutlet Maker, Hello World, and WinPot variants, for example, are already being sold in the underground.

Deepfakes will be the next frontier for enterprise fraud.

The use of deepfakes — AI-based forgeries of images, videos, or audio — will increasingly move from creating fake celebrity pornographic videos to manipulating enterprises and their procedures, such as deceiving employees into transferring funds or making critical decisions. This was exemplified when a fake, AI-generated voice of an energy firm’s CEO was used to defraud the company of US$243,000. The technology will be an addition to cybercriminals’ arsenal — and a shift from traditional business email compromise (BEC). The C-suite will find themselves as main targets for this kind of fraud since they are often in calls, conferences, media appearances, and online videos.

Attackers will capitalize on ‘wormable’ flaws and deserialization bugs.

More exploitation attempts on critical and high-severity vulnerabilities like the “wormable” BlueKeep will be disclosed. Widely used protocols like Server Message Block (SMB) and Remote Desktop Protocol (RDP) will be abused to compromise vulnerable systems, with the latter already a common vector for ransomware.

Flaws and weaknesses involving the deserialization of untrusted data will be a major concern, particularly in enterprise application security. Threats exploiting this class of vulnerabilities can alter data assumed safe from modification and allow the possible execution of attacker-controlled code. Rather than finding and chaining several vulnerabilities together to execute malicious code, attackers will instead increasingly exploit deserialization bugs to more easily gain control of systems, even in complex environments.

THE FUTURE IS EXPOSED

The converged future ushers in old and new attacks and techniques that expose information technology (IT) and operational technology (OT) assets.

Cybercriminals will home in on IoT devices for espionage and extortion.

Machine learning (ML) and artificial intelligence (AI) will be abused to listen in on connected devices like smart TVs and speakers to snoop on personal and business conversations, which can then provide material for extortion or corporate espionage.

As for other ways of monetizing IoT attacks, cybercriminals have yet to find a scalable business model to cash in on the wide attack surface of the internet of things (IoT). They will continue to explore ways to profit more from IoT attacks, primarily through digital extortion. These schemes will be tried on consumer devices first, with connected industrial machinery as the next logical target — a development we’ve seen in our recent forays in the underground.

Botnets of compromised IoT devices, such as routers, will be further peddled in the underground, along with access to webcam streams and smart meters with modified firmware.

5G adopters will grapple with the security implications of moving to software-defined networks.

Full 5G implementation in 2020 will introduce new challenges: vulnerabilities simply on account of the newness of the technology and vendors’ unpreparedness for threats that may take advantage of it. Since 5G networks are software-defined, threats will stem from vulnerable software operations and the distributed topology. A threat actor that gains control of the software managing 5G networks can consequently hijack the network itself. Upgrades involving 5G will be much like updates to smartphones and will entail vulnerabilities. In fact, the exploitation of 5G vulnerabilities using low-cost hardware and software platforms have already been proven possible.

Critical infrastructures will be plagued by more attacks and production downtimes.

Critical infrastructures will be viable targets for extortionists. Ransomware will still be the threat actors’ weapon of choice given its destructive impact, but we’ll also see other cyberattacks: botnets mounting distributed denial-of-service (DDoS) attacks against operational technology (OT) networks; attacks on manufacturing systems that use cloud services; supply chain attacks where third-party vendors are compromised as springboards for threat actors to target critical sectors.

Various threat actors have targeted and reconnoitered several energy facilities across the world in their attempt to steal credentials of industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems. Apart from the utilities sector, we anticipate attacks on the food production, transportation, and manufacturing sectors, which increasingly use IoT applications and human-machine interfaces (HMIs).

THE FUTURE IS MISCONFIGURED

Cloud and DevOps migrations present risks as well as rewards to adopters, underscoring the need for security throughout the deployment pipeline.

Vulnerabilities in container components will be top security concerns for DevOps teams.

The container space is fast-paced: Releases are quick, architectures are continually integrated, and software versions are regularly updated. Traditional security practices will not be able to keep up. An application may now require an organization to secure hundreds of containers spread across multiple virtual machines in different cloud service platforms. Enterprises need to take into account their security at different components of the container architecture — from container runtimes (e.g., Docker, CRI-O, Containerd, and runC) and orchestrators (e.g., Kubernetes) to build environments (e.g., Jenkins).

Serverless platforms will introduce an attack surface for misconfiguration and vulnerable codes.

Serverless platforms offer “function as a service,” allowing developers to execute codes without the organization having to pay for entire servers or containers. Outdated libraries, misconfigurations, as well as known and unknown vulnerabilities will be the attackers’ entry points to serverless applications. Increasing network visibility, improving processes, and better documenting workflows will be essential to running serverless applications. Serverless environments can also benefit from adopting DevSecOps, where security is integrated into the DevOps process.

Cloud platforms will fall prey to code injection attacks via third-party libraries.

Code injection attacks, either directly to the code or through a third-party library, will be prominently used against cloud platforms. These attacks — from cross-site scripting and SQL injection — will be carried out to eavesdrop, take control of, and even modify sensitive files and data stored in the cloud. Attackers will alternatively inject malicious code to third-party libraries that users will unwittingly download and execute.  Cloud-related data breaches will increase as software-, infrastructure-, and platform-as-a-service (SaaS, IaaS, PaaS) cloud computing models are widely adopted. Preventing cloud compromises will require due diligence from developers, careful consideration of providers and the platforms offered, and improvements in cloud security posture management.

THE FUTURE IS DEFENSIBLE

The cybersecurity skills gap and poor security hygiene foment failure in protection; risk management and comprehensive threat intelligence are vital in creating a secure environment.

Attacks in 2020 and beyond will be more carefully planned and coordinated. The cybersecurity skills shortage and poor security hygiene, too, will still be significant factors in the upcoming threat landscape. Risks of compromise through advanced threats, persistent malware, phishing, and zero-day attacks can be mitigated if threat insights and protection are readily available. Actionable threat intelligence infused into security and risk management processes will enable organizations to defend their environments proactively by identifying security gaps, eliminating weak links, and understanding attacker strategies. For decision-makers and IT managers, the need to see a bigger picture of their online infrastructures can be addressed by experts, such as security operations center (SOC) analysts, who can correlate their findings with global threat intelligence. This means having better context beyond the endpoint, encompassing email, server, cloud workloads, and networks.

The ever-shifting landscape will require a cross-generational blend of multilayered and connected defense powered by security mechanisms such as the following:

  • Complete visibility. Provides prioritized and optimized examination of threats with tools and expertise that remediate impact and mitigate risks.
  • Threat prevention with effective mitigation. Automatically mitigates threats once visualized and identified, alongside employing antimalware, machine learning and AI, application control, web reputation, and antispam techniques.
  • Managed detection and response. Provides security expertise that can correlate alerts and detections for threat hunting, comprehensive analysis, and immediate remediation using optimized threat intelligence tools.
  • Behavior monitoring. Proactively blocks advanced malware and techniques and detects anomalous behaviors and routines associated with malware.
  • Endpoint security. Protects users through sandboxing, breach detection, and endpoint sensor capabilities.
  • Intrusion detection and prevention. Deters suspicious network traffic like command-and-control (C&C) communication and data exfiltration.

See what will shape the threat landscape in 2020 and how users and organizations can navigate it in our report, “The New Norm: Trend Micro Security Predictions for 2020.”

Previous Article

UK Public Sector Information Vulnerable to Cyberattack ...

Next Article

SonicWall – WiFi Cloud Manager 2.0 beta

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos Intercept X engineer view
    News

    Sophos – Intercept X: the engineer’s view

    28/03/2018
    By admin
  • NewsWatchGuard

    Eight WatchGuard Leaders Honored in the 2021 CRN Channel Chiefs List

    09/02/2021
    By admin
  • Sophos Logo
    NewsSophos

    Sophos Launches Managed Threat Response Service

    01/10/2019
    By admin
  • SonicWall Malware Capture
    News

    SonicWall First to Identify 73 Percent of New Malware with Capture ATP Sandbox

    08/11/2017
    By admin
  • NewsSonicWALL

    SonicWall Secures 3 Spots on Annual CRN Channel Chief List

    12/02/2020
    By admin
  • NewsSophos

    Remote learning: Top five cybersecurity risks for education

    06/07/2020
    By admin

  • WatchGuard logo
    Software UpdatesWatchGuard

    WatchGuard – Fireware 12.5 Update 1

  • Sophos Logo
    Alerts & BugsSophos

    [Temporarily Unavailable] Sophos: XG Firewall v18 MR1

  • WatchGuard logo
    Alerts & BugsWatchGuard

    WatchGuard – Wi-Fi Cloud 8.8 Production Release

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home