IoT malware, machine learning attacks and a strong uptick on public-facing ransomware are all on the near threat horizon, warns Darktrace
"We need to change the way we approach security," says Peppa Wise
The IoT, machine learning and a doubling-down on public-facing ransomware are all on the IT threat horizon, enterprise immune system firm Darktrace has warned.
The overriding issue in the modern landscape, explained Darktrace's cyber security executive Peppa Wise, is how fast malicious actors are now able to work.
"Rules and signatures mean we're always one stage behind an attacker, because we're having to patch, create rules and signatures as soon as we've seen an attack, and they're not letting us put ourselves in front of the attacker and protect against attacks we've never seen before," said Wise, who was speaking at Computing's 2017 Big Data and IoT Summit.
"We've also seen a big change in the types of threats that are out there. It's no longer just data being stolen for financial gain that we need to be worrying about - trust attacks are a massive thing that we're seeing q lot more of at the moment."
Wise flagged compromised data to reputational damage "for sabotage", rather than the more traditional acts of stealing critical financial information for financial gain.
"Data compromise and loss of data integrity can be a lot more scary than that data just being stolen in the first place.
"If we considered an attacker from the inside changing records in a hospital, say altering blood types on a system, and then that hospital having no idea which blood types or which persom had been changed, yopu can imagine the absolute chaos that would cause for our NHS - it's much scarier than that data jjust being taken off the network in the first place," said Wise.
Wise said the industry should also expect an increase in attacks "flagged up on devices we're able to access," a given example being ATMs, or payment points in shops.
"These are attacks that could see the public pressuring an organisation to pay up in a ransomware attack, or take quick action."
Wise also flagged a rise in insider attacks ("Yes, that's your employees") who may be either stealing records for their own ends, or simply trying to work at home easier.
Finally, AI and machine-learning-driven attacks are a major upcoming threat, said Wise.
"We've seen examples of this with polymorphic malware and ransomware - created specifically to evade detection from security tools, to be able to hide in networks and strike when the time is right."
"This is worrying, and show we need to be changing the ways we approach security, and probably taking it a lot more seriously," said Wise.
Further reading
More on Security Technology
Alina POS malware now using DNS tunnelling to steal payment cards data
Alina POS malware is back in circulation, now using DNS tunnelling to steal card details from unsuspecting victims
US Cyber Command warns organisations of critical vulnerability in Palo Alto Networks products
Foreign APTs will likely attempt to exploit the bug soon, it says
Campaigners urge Johnson to reform Computer Misuse Act to make it fit for modern digital era
The law currently hinders cyber security research in Britain, campaigners argue in an open letter to the PM
Risk mitigation for remote working: making Office 365 safer for business
O365 provides a raft of effective communications and collaboration tools, but don't take security and compliance for granted
Most read
