Ok, here
we go, as we fast approach now into
2025, here are the predictions as what the major Threat Variants and Attack Vectors
will be:
1)
The
Zero Day Exploit:
This
is a term that non-Cyber people may not know about, so here is a technical
definition of it:
“A
zero-day exploit is a cyberattack vector that takes advantage of an unknown or
unaddressed security flaw in computer software, hardware or firmware.
"Zero day" refers to the fact that the software or device vendor has
zero days to fix the flaw because malicious actors can already use it to access
vulnerable systems.”
(SOURCE: What is a Zero-Day Exploit? |
IBM)
Put
another way, when a vendor knows that their software offering has
vulnerabilities in it, they create software patches for customers to download to
fix the weaknesses. But with a Zero Day
Exploit, the vendor has no knowledge of a vulnerability. But the Cyberattacker knows this already, because
of all the scouting work that they do on their targets and victims. So, once they are ready, they move in for the
kill, which totally blindsides the vendor, and has a cascading effect on all
its customers. It is possible to recover
from this kind of attack, but it could take an exceedingly long time, because there
are no fixes for it, and thus they must be created after the fact.
2)
Supply
Chain Attacks:
This
is the kind of Threat Vector in which the Cyberattacker needs just one point of
entry to deploy the malicious payload.
The best example of this was the Solar Winds breach. Through just one weakness, the Cyberattacker
was able to insert a nefarious piece of Malware into their software update
platform called Orion. Once this was activated,
thousands of victims were impacted, including agencies in the Federal
Government and even Fortune 50 companies.
Another recent one was the CrowdStrike fiasco. Although they still claim that it was not a
Cyberattack, just one thing went wrong in their software deployment package, which
had a global effect, especially with the airlines, like Delta.
3)
Attacks
On Remote Workers:
As
we all know, this exploded during the COVID-19 pandemic. But now it is the past, many companies have
now mandated a hybrid work environment.
But the common denominator here is that employees will, for a part of the
week, be working remotely, wherever it may be at. Very often, the home network will be used, which
leaves a huge invite for the Cyberattacker to get into. Although companies may issue standard wireless
devices for work use, there is no stopping the employees from connecting into the
corporate network with their home one.
Although VPNs are a great tool to use to secure the network lines of
communications, they have been proven to show their limits during the
pandemic. As a result, businesses are
now opting for the Next Generation Firewall, which alleviates some of the
weaknesses of the VPN.
4)
Targeting
AI And ML:
I
have written a lot about both in my previous blogs, but even using the models that
have been derived from them have their vulnerabilities as well. Probably the biggest issues that will be seen
in 2025 are that of Data Poisoning and Data Exfiltration Attacks. The former can be technically defi. as follows:
“An Artificial
Intelligence poisoning attack occurs when an AI model's training data is
intentionally tampered with, affecting the outcomes of the model's
decision-making processes. Despite the black-box nature of AI models, these
attacks seek to deceive the AI system into making incorrect or harmful
decisions.”
(SOURCE: Data
Poisoning Attacks: A New Attack Vector within AI | Cobalt)
Remember
that an AI or ML model requires tons of data for it to initially learn and to
keep optimizing their algorithms. But the
outputs are only as good as the data that is fed into it (thus, “Garbage In – Garbage
Out”). The Cyberattacker is fully aware
of this and will intentionally try to hijack a model to insert malicious datasets
to it. The net effect could be benign,
such as creating a false output for the end user, or it could even be worse,
such as infecting devices, like in a Supply Chain Attack.
5)
5G:
While
most of us are comfortable with having used 4G on our smartphones, many of the wireless
carriers are now making the move to the next level up, which is the 5G. I personally have 5G on my iPhone, and
whenever the connection is solid, I can access the Web very quickly on
Safari. But since 5G is still in
untested waters, there are still some major vulnerabilities that are associated
with it. Some of them are:
Ø
The
huge growth in the interconnectivity of devices – especially where IoT
(Internet of Things) is involved. All of
this only increases the attack surface for easy penetration.
Ø
Distributed
Denial of Service (DDoS) Attacks:
Through any opening in the 5G, a Cyberattacker can easily insert a huge
swath of malicious data packets which can bring wireless to an almost screeching
halt on a global basis.
Ø
Critical
Infrastructure: Many of them that exist
here in the United States are completely outdated with technologies, going as
far back as the 1960s and 1970s. If
these facilities try to adopt the 5G, the Cyberattacker does not have hut
directly into a nuclear facility, as an example. Rather, they can intercept the 5G network
lines of communications and attack that way, in a much more covert manner.
My
Thoughts on This:
There are
other Threat Variants/Attack Vectors that I can include here, but I wanted to
give you the ones that could really cause some damage if they do at all
happen. You very well could be asking yourself
how you can mitigate all of this from happening to your business. I could create a laundry list of what you can
do, but a quick Google search will reveal all this also.
So, I am going
to keep it simple for 2025: Nip
it in the bud. Find the vulnerabilities,
gaps, and weaknesses before the Cyberattacker does. This can all be very easily achieved using
Penetration Testing, Vulneability Scanning, and Threat Hunting.
No comments:
Post a Comment