Connect with us

Top Stories

PREDICTING THE CYBER SECURITY FUTURE IN 2016

Published

on

Predicting the cyber security future in 2016

Alt titles:

  • Predicting cyber security in 2016
  • 2016 cyber security predictions
  • What to expect in 2016
  • What does 2016 hold for us in cyber security?
TK Keanini

TK Keanini

When your everyday life is all about information security, you start to see patterns that may not be so obvious to others. Each year, I take my best shot at describing these trends and making predictions for the coming year. In this annual article, we also go back retrospectively and review the predictions we made the previous year to see how clear or cloudy our crystal ball was in helping us create our forecast.

2015 Retrospective

We predicted 4 major trends for 2015: Muleware, re-authentication exploitation, ransomware expansion and targeted extortionware. Conservatively, I’m going to say that we certainly got 3 of the 4 with muleware being the hardest to track, but we know that certain hotels where persons of interest frequently stayed were targeted in 2015 as staff physically delivered exploits to personal computers left unattended in hotel rooms.

Re-authentication exploitation continues to grow as more and more people find out the hard way that not all email accounts are equal. Attackers continue to target email accounts you use for password recovery and with that, trigger the forgot-password function of a website and then steal the password reset before you notice. The weakness here is that instead of looking at authentication as a step in time, we need to protect its entire lifecycle because if the authentication of a website is strong but the re-authentication process is weak, the advantage goes to the attacker every time.

Ransomware continues to evolve in its technique and also expand from Windows only to Macs, Android and Linux in 2015. While backup solutions are cheaper and more convenient than ever, people are still not backed up appropriately and it is too late once they are hit with various types of ransomware. 2015 was an even bigger year for ransomware than 2014 and there’s no reasons this cybercrime method should slow as we enter 2016.

Extortionware differs from ransomware because here the attacker has taken the data and is now threatening you to publish it publicly if you don’t pay. Everyone can think of something on their computer they would like to keep private and if published publicly would damage them personally or jeopardize their business. 2015 saw its share of this type of attack and like ransomware, all signs indicate that it will accelerate in 2016.

2016 Predictions

Aside from the continuing trends from 2015, adoption of new technologies and the spread of more personally identifiable information online will precipitate new targets and types of cyber-attacks.

Cracking as a Service

The counterpart to cryptography is cryptanalysis – the art of deciphering coded messages without being told the key. Large farms of compute clusters are setup to do Bitcoin mining, and without much effort, they could easily be setup for cryptanalysis as a service. How would this work? Like other SaaS services, you setup an account and let’s say that you have something to crack the 256-bit key ‘23295937673927337a43297b4d226b7d7e762e213b6e225d2d53573157’. Submit it with some metadata and within minutes (maybe seconds) you are handed back the clear-text WEP key. This can be extended to other hashes and cyphertext. This service can charge you by the compute cycles so it is truly an elastic business. A service like this would punctuate the evolution of cryptograph forcing everyone to a longer key length as massive brute force attacks are just a REST API call away.

DNA Breach

We have seen a lot of data repositories breached to date, but 2016 will be the year we see a DNA vault compromised and possibly used for extortion/ransom. Millions of people are using DNA services to find their genetic history and the bio-markers of known diseases. My guess is that some of these sites are already compromised and just don’t know it yet. Regardless, never before have we had so much personal DNA data stored on the Internet and 2016 might be the year we experience a compromise of this type of data effecting millions. Unlike a credit card or a password, this information is not easily reset. In fact, it is immutable and so any disclosure of this data lasts for an eternity.

Attack the Overlay Network

In 2016, many data centers will be utilising overlay technology, which enables software-defined networking (SDN). The main driver for this adoption is microarchitectures like Docker containers. In the case of Docker containers, VXLAN tagging technology is the overlay network that allows the application to define the network overlay topology required by the system of applications. The problem arises if there is no entity authenticating and checking the tags. Attackers could then impersonate or abuse the tags, giving them privileged access to the system and its data.

VXLAN is just one of these overlay networking technologies, and in my opinion, not enough threat modeling has been explored in this area, making it a ripe target for innovative attackers. We will see exploitation of these overlay networks in 2016, forcing more threat modeling in the design and causing these overlay networks to add security features and evolve in hostile environments.

Namespace is the new battleground

Software architectures are quickly adopting containers. In hypervisor-based virtualization, attackers took aim at the hypervisor to then gain access to any of the resident guest operating systems. With container technology like Docker, the battle is waged in the namespaces in userland. These include the processes, networking and filesystem namespaces. In 2016, we will likely see attacks coming from malicious containers trying to share process namespace (UID 0 in my container becomes UID 0 in your container). This could completely compromise the victim container, allowing attackers to do what they want and erase most evidence that they were there.

Companies like CoreOS are working on cryptographic assurances but until the market has experienced the worst of it, there will be little demand for this as a mandatory feature. 2016 will likely be the year everyone learns their lesson.

New approaches for a new theater

Whenever a new paradigm becomes widespread, there is a tendency to apply old tactics and principles to cyber security. For instance, when virtual machines gained adoption, many operators attempted to patch them as they would a physical machine even when it was more time consuming and complicated than just ending the old VMs and firing up new ones with up-to-date software.

As more sensitive data is connected to the internet, attackers gain better infrastructure and new forms of networking become prevalent, we need to avoid trying to apply old, ineffective principles to new theaters of technology. Otherwise, attackers will take advantage of this window of opportunity while we are stuck trying to evolve our security in the midst of a hostile situation.

Top Stories

Oil slips after U.S. crude stocks rise amid deep freeze hit to refiners

Published

on

Oil slips after U.S. crude stocks rise amid deep freeze hit to refiners 1

By Sonali Paul

MELBOURNE (Reuters) – Oil prices fell in early trade on Wednesday after industry data showed U.S. crude inventories unexpectedly rose last week as a deep freeze in the southern states curbed demand from refineries that were forced to shut.

Crude stockpiles rose by 1 million barrels in the week to Feb. 19, the American Petroleum Institute (API) reported on Tuesday, against estimates for a draw of 5.2 million barrels in a Reuters poll.

API data showed refinery crude runs fell by 2.2 million bpd.

U.S. West Texas Intermediate (WTI) crude futures were down 55 cents or 0.9% at $61.12 a barrel at 0136 GMT, after slipping 3 cents on Tuesday.

Brent crude futures fell 38 cents, or 0.6%, to $64.99 a barrel, erasing Tuesday’s 13 cents gain.

Investors will be awaiting confirmation from the U.S. Energy Information Administration later on Wednesday that crude inventories rose last week, despite the hit to shale oil production amid the unprecedented icy spell in the U.S. south.

“The key question is how quickly does U.S. oil supply recover. It looks like supply will recover faster than refineries, and supply is going to outpace demand in the next few weeks. That will give negative weight to the market,” Commonwealth Bank analyst Vivek Dhar said.

The price retreat is being seen as a pause following a rally of more than 26% to 13-month highs in both Brent and WTI since the start of the year.

Prices have jumped due to the U.S. supply disruption and supply discipline by the Organization of the Petroleum Exporting Countries and allies, together called OPEC+, led by an extra 1 million bpd cut by Saudi Arabia.

At the same time stimulus spending to boost growth, investors rotating into commodities, and hopes that the rollout of vaccinations could lead to an easing of pandemic restrictions are all buoying oil prices.

(Reporting by Sonali Paul; Editing by Edwina Gibbs)

Continue Reading

Top Stories

Oil settles mixed amid post-storm uncertainty

Published

on

Oil settles mixed amid post-storm uncertainty 2

By Laura Sanicola

NEW YORK (Reuters) – Oil prices settled near year-long highs on Tuesday on signs that global coronavirus restrictions were being eased, although concerns about the pace of a U.S. economic recovery and the return of Texas oil production kept gains in check.

U.S. crude settled down 3 cents to $61.67 a barrel, still close to its highest levels since January 2020. Brent crude <LCOc1> settled up 13 cents, or 0.2%, to $65.37 a barrel.

Both contracts rose more than $1 earlier before retreating.

Shale oil producers and refiners in the southern United States are slowly resuming production after 2 million barrels per day (bpd) of crude output and nearly 20% of U.S. refining capacity shut down because of last week’s winter storm.

Traffic at the Houston ship channel was slowly returning to normal. Production, however, was not expected to fully restart soon and some shale producers forecast lower oil output in the first quarter.

Some oil production may never come back, commodities merchant Trafigura said on Tuesday.

After the cold snap, U.S. crude oil stockpiles were also seen falling for a fifth straight week, while the inventories of refined products also declined last week, an extended Reuters poll showed.

“It appears that last week’s severe cold spell and related Texas power outage could be affecting the weekly EIA data into the middle of next month,” said Jim Ritterbusch, president of Ritterbusch and Associates in Galena, Illinois.

There were also concerns over the U.S. economic recovery, which the chair of the Federal Reserve, Jerome Powell, said remained “uneven and far from complete.”

He said it would be “some time” before the central bank considered changing policies it had adopted to help the country back to full employment.

Commerzbank analyst Eugen Weinberg said the recent oil price rise was buoyed by upbeat price forecasts from U.S. brokers.

Goldman Sachs expects Brent prices to reach $70 per barrel in the second quarter from the $60 it predicted previously, and $75 in the third quarter from $65 forecast earlier.

Morgan Stanley, which expects Brent to reach $70 in the third quarter, said new COVID-19 cases were falling while “mobility statistics are bottoming out and are starting to improve”.

Bank of America said Brent prices could temporarily spike to $70 in the second quarter.

(Reporting by Laura Sanicola in New York; Additional reporting by Bozorgmehr Sharafedin in London and Jessica Jaganathan in Singapore; Editing by Matthew Lewis and Mark Heinrich)

Continue Reading

Top Stories

Exclusive: AstraZeneca to miss second-quarter EU vaccine supply target by half – EU official

Published

on

Exclusive: AstraZeneca to miss second-quarter EU vaccine supply target by half - EU official 3

By Francesco Guarascio

BRUSSELS (Reuters) – AstraZeneca expects to deliver less than half the COVID-19 vaccines it was contracted to supply the European Union in the second quarter, an EU official told Reuters on Tuesday.

The expected shortfall, which has not previously been reported, comes after a big reduction in supplies in the first quarter and could hit the EU’s ability to meet its target of vaccinating 70% of adults by the summer.

The EU official, who is directly involved in talks with the Anglo-Swedish drugmaker, said the company had told the bloc during internal meetings that it “would deliver less than 90 million doses in the second quarter”.

AstraZeneca’s contract with the EU, which was leaked last week, showed the company had committed to delivering 180 million doses to the 27-nation bloc in the second quarter.

“Because we are working incredibly hard to increase the productivity of our EU supply chain, and doing everything possible to make use of our global supply chain, we are hopeful that we will be able to bring our deliveries closer in line with the advance purchase agreement,” a spokesman for AstraZeneca said, declining to comment on specific figures.

A spokesman for the European Commission, which coordinates talks with vaccine manufacturers, said it could not comment on the discussions as they were confidential.

He said the EU should have more than enough shots to hit its vaccination targets if the expected and agreed deliveries from other suppliers are met, regardless of the situation with AstraZeneca.

The EU official, who spoke to Reuters on condition of anonymity, confirmed that AstraZeneca planned to deliver about 40 million doses in the first quarter, again less than half the 90 million shots it was supposed to supply.

AstraZeneca warned the EU in January that it would fall short of its first-quarter commitments due to production issues. It was also due to deliver 30 million doses in the last quarter of 2020 but did not supply any shots last year as its vaccine had yet to be approved by the EU.

All told, AstraZeneca’s total supply to the EU could be about 130 million doses by the end of June, well below the 300 million it committed to deliver to the bloc by then.

The EU has also faced delays in deliveries of the vaccine developed by Pfizer and BioNTech as well as Moderna’s shot. So far they are the only vaccines approved for use by the EU’s drug regulator.

AstraZeneca’s vaccine was authorised in late January and some EU member states such as Hungary are also using COVID-19 shots developed in China and Russia.

OUTPUT BOOST DOWN THE LINE?

While drugmakers developed COVID-19 vaccines at breakneck speed, many have struggled with manufacturing delays due to complex production processes, limited facilities and bottlenecks in the supply of vaccine ingredients.

According to a German health ministry document dated Feb. 22, AstraZeneca is forecast to make up all of the shortfalls in deliveries by the end of September.

The document seen by Reuters shows Germany expects to receive 34 million doses in the third quarter, taking its total to 56 million shots, which is in line with its full share of the 300 million doses AstraZeneca is due to supply to the EU.

The German health ministry was not immediately available for a comment.

If AstraZeneca does ramp up its output in the third quarter, that could help the EU meet its vaccination target, though the EU official said the bloc’s negotiators were wary because the company had not clarified where the extra doses would come from.”Closing the gap in supplies in the third quarter might be unrealistic,” the official said, adding that figures on deliveries had been changed by the company many times.

The EU contracts stipulates that AstraZeneca will commit to its “best reasonable efforts” to deliver by a set timetable.

“We are continuously revising our delivery schedule and informing the European Commission on a weekly basis of our plans to bring more vaccines to Europe,” the AstraZeneca spokesman said.

Under the EU contract leaked last week, AstraZeneca committed to producing vaccines for the bloc at two plants in the United Kingdom, one in Belgium and one in the Netherlands.

However, the company is not currently exporting vaccines made in the United Kingdom, in line with its separate contract with the British government, EU officials said.

AstraZeneca also has vaccine plants in other sites around the world and it has told the EU it could provide more doses from its global supply chain, including from India and the United States, an EU official told Reuters last week.

Earlier this month, AstraZeneca said it expected to make more than 200 million doses per month globally by April, double February’s level, as it works to expand global capacity and productivity.

(Reporting by Francesco Guarascio @fraguarascio; Additional reporting by Andreas Rinke and Sabine Siebold; Editing by David Clarke)

 

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Huawei 2020 revenue ticks up despite U.S. sanctions, chairman says 4 Huawei 2020 revenue ticks up despite U.S. sanctions, chairman says 5
Business10 mins ago

Huawei 2020 revenue ticks up despite U.S. sanctions, chairman says

By Josh Horwitz SHANGHAI (Reuters) – Huawei Technologies saw slight revenue and profit growth in 2020, in line with its...

Five things investors and listed companies need to know about the common ownership debate and why it matters Five things investors and listed companies need to know about the common ownership debate and why it matters
Business12 mins ago

Employee ownership – resilience in a time of uncertainty

By Stephen Greenwood, Owner of Valloop White House economist Jared Bernstein is a major advocate for employee ownership, in which...

Hyundai Motor to recall Kona EV and other electric vehicles in South Korea 6 Hyundai Motor to recall Kona EV and other electric vehicles in South Korea 7
Business14 mins ago

Hyundai Motor to recall Kona EV and other electric vehicles in South Korea

SEOUL (Reuters) – Hyundai Motor Co will recall 26,699 electric vehicles including Kona EVs in South Korea due to potential...

FAA orders immediate inspections of some Boeing 777 engines after United failure 8 FAA orders immediate inspections of some Boeing 777 engines after United failure 9
Business17 mins ago

FAA orders immediate inspections of some Boeing 777 engines after United failure

By David Shepardson and Jamie Freed WASHINGTON (Reuters) – The Federal Aviation Administration (FAA) said on Tuesday it was ordering...

Promise of cheap money keeps stocks buoyant 10 Promise of cheap money keeps stocks buoyant 11
Trading21 mins ago

Promise of cheap money keeps stocks buoyant

By Tom Westbrook and Echo Wang SINGAPORE/MIAMI (Reuters) – Bond markets steadied, the U.S. dollar fell and stocks edged ahead...

Bonding with equities 12 Bonding with equities 13
Investing21 mins ago

Bonding with equities

By Rupert Thompson, Chief Investment Officer at Kingswood Global equities slipped back last week, retreating 1.5% in sterling terms, and...

Dollar falls as risk appetite increases, kiwi ruffled by RBNZ 14 Dollar falls as risk appetite increases, kiwi ruffled by RBNZ 15
Trading24 mins ago

Dollar falls as risk appetite increases, kiwi ruffled by RBNZ

By Stanley White TOKYO (Reuters) – The dollar slipped to a three-year low against the British pound and fell against...

Oil slips after U.S. crude stocks rise amid deep freeze hit to refiners 16 Oil slips after U.S. crude stocks rise amid deep freeze hit to refiners 17
Top Stories27 mins ago

Oil slips after U.S. crude stocks rise amid deep freeze hit to refiners

By Sonali Paul MELBOURNE (Reuters) – Oil prices fell in early trade on Wednesday after industry data showed U.S. crude...

British fund industry warns companies on ethnic diversity 18 British fund industry warns companies on ethnic diversity 19
Investing30 mins ago

British fund industry warns companies on ethnic diversity

By Simon Jessop LONDON (Reuters) – Britain’s investment industry trade body has warned companies they must show progress on boardroom...

GameStop CFO to step down after Reddit driven stock rally 20 GameStop CFO to step down after Reddit driven stock rally 21
Trading35 mins ago

GameStop CFO to step down after Reddit driven stock rally

By Jessica DiNapoli and Subrat Patnaik NEW YORK (Reuters) – GameStop Chief Financial Officer Jim Bell will step down next...

Newsletters with Secrets & Analysis. Subscribe Now