Not logged in » Login
Feb 18 2017

“Blind spots and security basics”: Fujitsu Issues Annual Threat Report

As the digital transformation of our economy and society is gaining ever more momentum, more and more IT-savvy criminals are trying to exploit the weaknesses and shortcomings of yet-to-be-established technologies. Oftentimes with success: 'highlights' from last year include the successful October 21 DDoS attack on DynDNS, a service that maps domain names to IP addresses, which was launched over a gigantic IoT botnet and caused long-lasting outages of popular services and web sites like Airbnb, GitHub, PayPal, and Twitter. Other felons extorted tens of thousands of dollars from hospitals whose computer systems they had previously contaminated with ransomware.

Issues like these had been accurately described and correctly predicted in Fujitsu's threat forecast for 2016. This week, researchers from our Security Operations Center released the 2017 edition, which again seeks to identify both the top risks organizations will be facing over the course of the year and the suitable techniques and practices to address them. What, then, are the upcoming major threats, and what can companies do to brace themselves against a barrage of possible attacks?

Top 3 Attack Scenarios
With regard to threats, Fujitsu's researchers point out that all kinds of companies will suffer from numerous "blind spots" – i.e. weaknesses that aren't perceived as weaknesses because the affected technologies are generally used to simplify or harden critical workflows or enhance protection of devices and confidential data. Take SSL, for example: lately numerous attacks were launched via encrypted communication channels, which turned out to be relatively easy since many users fail to check and eventually block commands that visitors of their websites may send over an SSL connection. Another example is PowerShell, the automation/configuration framework and scripting language that has been an integral part of every Windows release since mid-2009 and may easily be used for 'invisible' infiltration. According to our researchers, there's already a wealth of PowerShell attack tools available online, so it's highly likely the number of assaults of the framework will increase.

The second trend to observe will be a continued growth in attacks against mobile and "smart" devices, with victimized platforms ranging from CCTV cameras through road signs and routers to streetlights and tablets. In a worst-case scenario, criminals could even tear into the emerging infrastructures of so-called smart cities to try and shut down traffic, public transportation or power and water supplies.

Finally, cyber-crooks will keep up all activities that target banking applications and payment services. Possible threats include Trojans that exploit legacy back office applications as well as further raids against the SWIFT interbanking network and its software products.

Fortunately, quite a few of the risks described above can be ruled out or mitigated as soon as organizations adapt to the various threat scenarios. For example, they might start by carrying out essential, but often overlooked "housekeeping tasks," such as limiting access to vital data to tightly-controlled closed user groups and implementing strict identification, authentication and access control policies. Likewise, it never hurts to perform penetration tests at regular intervals or deploy designated data loss prevention software where necessary. Technically speaking, our researchers expect that the use of artificial intelligence and machine learning will vastly improve and expand the analytical capabilities of security software, thus allowing CISOs and security experts to swiftly respond to 'unusual behavior' inside a network instead of relying on signature-based mechanisms alone.

The full 2017 threat report, entitled "Blind spots and security basics – letting your guard down could cost you in 2017", is available for download below.



Comments on this article

No comments yet.

Please Login to leave a comment.


Please login

Please log in with your Fujitsu Partner Account.


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now