Security predictions for 2019 from NETSCOUT Arbor

Feb 18th, 2019

GrowingAttackSize

NETSCOUT Arbor, which specialises in advanced distributed denial of service (DDoS) protection solutions, has released its security predictions for this year, against a background which saw the largest ever DDoS attacks being unleashed in 2018.

Bryan Hamman, territory manager for sub-Saharan Africa at NETSCOUT Arbor, says, “We have released four main trends that we foresee happening this year, as follows: firstly, that this will be a year in which we see network and security operations being more united; secondly, that Western nations will become significantly more serious about cybercrime; thirdly, that attackers will franchise new DDoS threats; and finally that botnet attacks via the Internet of Things (IoT) devices are set to increase during 2019. As security professionals prepare for another potentially record-breaking year of data security risks, it is imperative to be aware both of potential trends that could unfold, as well as the latest solutions.”

Four of NETSCOUT Arbor’s security experts present their opinions below.

2019 will see network and security operations acting in a more united manner 

According to Adam Bixler, director of product management, “In 2018, DDoS mitigation and prevention techniques became a lot smarter, due to advancements in DDoS cyber security solutions and network and application assurance technologies. In 2019, we’re going to see a similar thing happen at an organisational level as network operations teams share their visibility and insights with security teams. As the teams learn more about the treasure trove of insights already existing within enterprise infrastructure, they will become smarter about integrating this existing visibility into their processes to neutralise threats.”

Bixler says the alarming regularity of DDoS attacks is forcing CISOs and security architects to consider new strategies and solutions to protect key digital infrastructure. This includes the ability to detect DDoS attacks early, before they cause significant damage to productivity, business performance, and reputation. The goal is to be able to mitigate attacks and ultimately prevent them from happening at all.

Prevention, notes Bixler, is a challenge for even the most experienced CISO, because cybercriminals will always look to circumnavigate any form of defence put in their way. “The rapid growth of business migration to hybrid cloud and multi-cloud architecture exacerbates the problem by increasing IT network and infrastructure complexity, thereby expanding the attack surface and exposing new vulnerabilities. Security teams have enough on their plate already without having to worry about cloud adoption and the integration of new services and applications. However, that’s all about to change as the boundaries that once separated security operations from network operations begin to blur, allowing teams to collaborate and share intelligence.”

Bixler notes that the implication of this trend is that shared visibility will lead to shared success, as the integration of the network operations centre and the security operations centre will produce tangible benefits for the enterprise. “The two departments will operate in tandem, successfully managing, monitoring, and defending enterprise networks. They will be able to communicate and coordinate seamlessly, which will increase efficiencies, optimise resources, and lower costs.”

2019 is the year Western nations get serious about cybercrime  

Mike McNerney, product manager, NETSCOUT threat intelligence, explains: “In 2018 we saw Western governments and authorities clamp down on cybercriminals and nation-state actors. This assertive action against malicious actors will increase in 2019 as Western nations build on this collaboration to fight cybercrime.

“Western governments are leading the charge to bring cyber criminals to justice with policy-driven initiatives that will lead to more indictments, and potentially even more arrests, over the next twelve months. This is a positive step from Western governments who aren’t prepared to sit back any more and watch as malicious actors try to take down critical national infrastructure, financial institutions, and large enterprises.”

McNerney says we are seeing Western nations, led primarily by the US and the UK, increasingly call out Russia and China specifically for their aggressive actions in cyberspace. He says the actions of both the UK and US governments signal an evolution in national policy towards the growing global threat that cybercrime represents, and he believes that solidarity amongst nations will limit threats moving forward.

He adds, “This shift will continue into 2019 as we see greater international cooperation between police and law enforcement agencies as they pool their resources and share information to neutralise threats. However, the authorities can’t be left to tackle cybercrime on their own. Subsequently, we will see more intervention and support from businesses as they join the fight and help to create a more robust and resilient defence against malicious actors.”

Attackers will franchise new DDoS threats in 2019  

Vigilance is key as threats continue to evolve, says Richard Hummel, threat research manager at NETSCOUT Arbor’s Security Engineering and Response Team (ASERT).

“In 2019, we anticipate more attackers crawling out of the woodwork to offer their services to the highest bidder,” he says. “These nefarious characters will take down targets on request and for a small fee. They will even hand over DDoS tools to their customers, to let them do their own dirty work. While these tools are no stranger to the scene, the ease of access, quick iteration at including new attack types, and a broader range of international customers result in lots of amateur cyber criminals getting hold of destructive malware.”

Hummel says many of the operators use business practices and a software as a service (SaaS) model to market and sell monthly subscriptions, charging customers less than $50 for the privilege. “Transactions can be conducted using cryptocurrency,” he explains, “but also through legitimate sites like PayPal, allowing them to make a profit and fund future activities.”

Botnet attacks leveraging IoT devices set to increase in 2019

Hardik Modi, senior director, threat intelligence offers the fourth security prediction for this year, saying that the pending rise of IoT adoption will create the perfect storm for cybercrime and result in serious implications for both businesses and consumers.

He says, “When you consider that many of these connected IoT devices will be deployed across industrial sectors to power smart factories, production lines, and transport networks, the risks associated with securing the IoT become clear. This is without considering the fact that the IoT will continue to pervade mission-critical sectors like healthcare to support medical procedures and to monitor the well-being of patients.

“The IoT space is still in its relative infancy and represents fertile ground for cybercriminals as they look to exploit new vulnerabilities. The proliferation of connected devices will therefore open the floodgates for new breeds of exploits and malware intent on disrupting IoT installations across industries, enterprises, the SME sector and the smart home. The cybersecurity situation is aggravated even more so by the fact that IoT device manufacturers often ignore security protocols when building connected devices, likely in a bid to drive down production costs. As a result, large volumes of devices are shipped without basic security features baked into their design, leaving them exposed and susceptible to threats.”

Modi predicts that the IoT rise will set new standards for security, adding, “We have already witnessed a dramatic growth in the number and size of botnets targeting the IoT and we expect to see more sophisticated attacks in 2019. The use of Mirai has been common amongst many IoT botnet authors, who use the source code as a framework to develop new malware. Authors have also expanded the original Mirai code base with new capabilities and functionality.”

According to Modi, as IoT becomes more commonplace in 2019, cybercriminals will become more selective and he anticipates the rise of botnet attacks targeting specific IoT installations, vendors, and manufacturers.

“There is no doubt that DDoS protection is needed now more than ever, as attacks continue to increase in size and number. It’s imperative for businesses to be constantly vigilant and enabled to fend off attacks using the best solutions available,” concludes Hamman.

For more information about NETSCOUT Arbor in Africa, please contact Bryan Hamman at [email protected].