IoT malware, machine learning attacks and a strong uptick on public-facing ransomware are all on the near threat horizon, warns Darktrace

Peter Gothard
clock
The data threat landscape is hotting up, says Darktrace
Image:

The data threat landscape is hotting up, says Darktrace

"We need to change the way we approach security," says Peppa Wise

The IoT, machine learning and a doubling-down on public-facing ransomware are all on the IT threat horizon, enterprise immune system firm Darktrace has warned.

The overriding issue in the modern landscape, explained Darktrace's cyber security executive Peppa Wise, is how fast malicious actors are now able to work.

"Rules and signatures mean we're always one stage behind an attacker, because we're having to patch, create rules and signatures as soon as we've seen an attack, and they're not letting us put ourselves in front of the attacker and protect against attacks we've never seen before," said Wise, who was speaking at Computing's 2017 Big Data and IoT Summit.

"We've also seen a big change in the types of threats that are out there. It's no longer just data being stolen for financial gain that we need to be worrying about - trust attacks are a massive thing that we're seeing q lot more of at the moment."

Wise flagged compromised data to reputational damage "for sabotage", rather than the more traditional acts of stealing critical financial information for financial gain.

"Data compromise and loss of data integrity can be a lot more scary than that data just being stolen in the first place.

"If we considered an attacker from the inside changing records in a hospital, say altering blood types on a system, and then that hospital having no idea which blood types or which persom had been changed, yopu can imagine the absolute chaos that would cause for our NHS - it's much scarier than that data jjust being taken off the network in the first place," said Wise.

Wise said the industry should also expect an increase in attacks "flagged up on devices we're able to access," a given example being ATMs, or payment points in shops.

"These are attacks that could see the public pressuring an organisation to pay up in a ransomware attack, or take quick action."

Wise also flagged a rise in insider attacks ("Yes, that's your employees") who may be either stealing records for their own ends, or simply trying to work at home easier.

Finally, AI and machine-learning-driven attacks are a major upcoming threat, said Wise.

"We've seen examples of this with polymorphic malware and ransomware - created specifically to evade detection from security tools, to be able to hide in networks and strike when the time is right."

"This is worrying, and show we need to be changing the ways we approach security, and probably taking it a lot more seriously," said Wise.

More on Threats and Risks

Russia, China, Iran and international terrorism are the 'big four' threats facing the Western world

MI6 chief seeks help from tech firms to counter hostile state threats

Unlike James Bond's Q, the spy agency cannot develop all the technologies it needs in-house

clock 01 December 2021 • 3 min read
POC exploit released for high-severity Exchange Server bug

Exchange Server admins advised to patch vulnerable machines after POC exploit released for high-severity bug

Microsoft has described the flaw as having a high impact on data integrity, confidentiality and availability

clock 24 November 2021 • 3 min read
NCSC alerts over 4,000 small online retailers about Magecart attacks

NCSC alerts 4,000 online retailers about Magecart attacks

Hackers will attempt to target online shoppers on Black Friday and Cyber Monday, it warns

clock 24 November 2021 • 3 min read