igor - Fotolia

Digital identity needs to be priority in 2018, says FireEye

Protecting digital identity, gaining data visibility and protecting employees are key challenges for the year ahead, according to the 2018 security predictions report by security firm FireEye

Changing the game on identity needs to be a priority, according to FireEye chief executive Kevin Mandia. 

“The idea that you can get someone’s date of birth, and their Social Security number or state ID number, and steal their identity and do fraudulent tax refunds, or try to get a loan or credit card – that has to change,” he said.

A lot of modern nations and sovereign nations are starting to use digital identification, observes Mandia. “This has to happen. Otherwise, every five months, we’re going to have a huge breach,” he warned.

In addition to the imperative of finding a better way to manage identity, Mandia said it was also important to find a way of dealing with international privacy.

“Companies can connect to each other and work globally more than ever before, based on the advances in communications we have made. As a result, we’re going to have to fix some privacy issues that stem from there,” he said.

On the topic of nation-state actors in the cyber realm, Mandia considers Iran the most interesting country to watch, rather than Russia, China or North Korea.

Mandia said while Iran started “acting at scale” in 2017, the extent of that activity was not really known. “We don’t know if we are seeing 5% of Iran’s activities, or 90% – although I’m guessing it’s closer to 5% – but they’re operating at a scale where, for the first time in my career, I’m not convinced we’re responding more to Russia or China. It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state sponsored,” he said.

Seeing clearly in the cloud

On the topic of cloud security, Mandia claimed better visibility was of paramount importance. “I’ve been waiting for the day – and it’s been a long time coming – where the intrusions we respond to have cloud components. Those days are now here. I read our forensics reports. I know that a lot of people are depending on the cloud, and we need visibility.

“It [seems] the majority of the actors we’re responding to right now are hosted in Iran, and they are state sponsored”
Kevin Mandia, FireEye

“Many of these cloud providers are providing it, but we don’t always have security operations that can take advantage of that visibility and see what’s happening,” he said.  

An area many companies are still overlooking, Mandia said, is protecting employees from cyber attack. He said companies needed to consider whether hackers could access corporate accounts through hacking employees’ private accounts, or if they could make it appear as though they have hacked the enterprise.

“There are hackers out there who will hack an employee at a company, and they will post any document they can get, and they will say they hacked the company even if they haven’t. It’s a reputational thing – while it’s hard to gauge the public response to these types of incidents, right now many companies are being deemed irresponsible or negligent or compromised when they are none of those things,” he said.

Mandia said all security professionals should be thinking about what employees are doing when they go home, how they can be secured, how they can be helped, what policies are needed and how those policies could be enforced.

Unsurprisingly, a top prediction by FireEye’s CTO of cloud, Martin Holste, is that attackers are going to follow the data into the cloud. “Attackers won’t say, ‘Well, I'm not really interested in doing cloud stuff, I’m going to stick with on-prem.’ They'll certainly move to trying to get to the IP that’s in the cloud,” he said.

Holste advised that all organisations moving into the cloud should know everything that is going on. “They must have situational awareness, and visibility’s the name of the game. Incident responders should be able to identify all key assets,” he said.

Holste also said organisations needed to natively protect their cloud environments. “That includes making sure the organisation has hooks into things such as artefacts that are being transmitted,” he said.

While there are bound to be new, interesting attacks in 2018, organisations should be preparing for modified versions of current attacks

“For instance, do you have places where documents are getting uploaded and then going into your back office? That’s a good place to ensure there is some high-grade detection, beyond an antivirus scanner. Because you essentially have unauthenticated input going directly into the key parts of your organisation,” he said.

According to FireEye’s chief security officer, Steve Booth, while there are bound to be new, interesting attacks in 2018, organisations should be preparing for modified versions of current attacks.

“In 2018, we’ll see more attacks targeting social media accounts and more attacks targeting personal email accounts. This is where organisations could get into trouble because, as a company, they may not even know they have to defend against attacks targeting those personal accounts,” he said.

Malware plays on trust relationship

The FireEye report also flagged up the fact that malware authors are increasingly taking advantage of inherent trust between users and software providers.

In 2017, FireEye iSight Intelligence observed at least five cases of advanced threat actors compromising software providers for follow-on intrusions into targets of interest.

With the number of internet-connected devices constantly growing, the report said it was highly likely that attackers would move quickly to exploit newly identified vulnerabilities.

“This coming year will likely bring a new level of sophistication in IoT [internet of thingsbased botnets,” the report said, with the possibility of attackers targeting certain IoT devices with ransomware. Additionally, the report predicts attacks targeting IoT devices at the enterprise level.

FireEye reported an uptick in the number of investigations of incidents carried out by financially motivated groups, with the trend expected to continue upward throughout 2018.

This means any institution handling money or transactions has a good chance of being compromised if they have weak security controls, the report said.

Additionally, the report said targeted focus on large hauls of personally identifiable information would continue to occur in 2018.

As cryptocurrency continues to skyrocket in value and popularity, FireEye predicted a rise in malware targeting anonymous currencies such as bitcoin.

The report concluded by advising enterprises to prepare for when attacks happen, and to be ready to respond to and contain incidents.

“Finally, it’s important to simply keep a positive attitude in this industry. Some people think it’s all fear, uncertainty and doubt, and that there are no answers, but this is exactly the type of thinking that hampers innovation and ultimately lets the bad guys gain an edge,” the report said.

Read more about cyber threats

Read more on Hackers and cybercrime prevention