Microsoft: How the Threat Landscape Will Shift This Year

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft: How the Threat Landscape Will Shift This Year


Exclusive interview with Windows Security lead on how 2017 was a return to retro security threats and 2018 will bring increasingly targeted, advanced, and dangerous cyberattacks.



Unlike security professionals, who have stressed over digital threats for years, most average consumers didnt recognize the importance of security until 2017.
Grandmothers and grandfathers and moms and dads are now aware of cyber intrusions, says David Weston, principal security group manager for the Windows Enterprise and Security team at Microsoft. Its amazing, but it also means we have a lot of work to do.
In an exclusive interview with Dark Reading this week, Weston shared insight on the threats and trends were top of mind for Microsoft last year, and what hes worried about in the new year.
2017: Ransomware, targeted attacks stand out  
Massive cyberattacks WannaCry and NotPetya, which hit major global brands, drove security to the forefront of consumers minds. Weston says the two outbreaks topped Microsofts list last year. Both used a ransomware worm, which he calls a hallmark of 2017 and describes as a sort of return to retro that caught the security community off guard.
From a technical perspective, use of a worm on both occasions was particularly interesting. During WannaCry, the Microsoft team learned a ton about where we need to keep investing, Weston adds. Bug classes some of us thought were extinct will be key going forward.
WannaCry symbolizes a level of destruction that Weston predicts will grow as cybercriminals goals shift. This doesnt necessarily mean more targeted attacks, but it does mean threats will become broader and more advanced as threat actors aim to destroy networks.
Originally attackers focused on stealth, he says. They wanted to exfiltrate information while staying quiet … what youre seeing with WannaCry, theyre potentially using that to send a statement and do more destructive things. Its a maturity and evolution of targeted attacks.
Both attacks used an interesting strategy that Weston says has, so far, been overshadowed.
Theyre automating techniques, which youd see from a red team or adversary, into their malware or implants, he explains. Youre in a situation where, after it gets a foothold, the piece of malware is operating like a full-on red team. Thats actually a big challenge.
In NotPetya, for example, once the threat landed on a machine it would spread, looking for places to move laterally and credentials to steal. Its part of evolving threat sophistication, says Weston. Hacking platforms like Metasploit and PowerSploit have research to support red teams, but much of that research is accessible to threat actors who are using it to great effect, he adds.
A smart adversary will take advantage of intelligence and use it, says Weston. Theyre trying to impact as much of the network as possible, and per-incident impact and cost will go way up. You cant just defend a single machine, you have to look at it holistically, at a network level.
2018: Rise of supply chain, cryptocurrency attacks
Weston says supply chain attacks are of grave concern this year as criminal groups shift their strategy.
Were seeing some of the attack groups that used to use zero-days, moving away from watering-hole types of attacks to compromising large websites that might distribute common utility software and putting their implant in there, he explains.
Its a growing technique among attack groups: Infect as many people as possible then sift through the victims to find specific targets. Attackers are hitting supply chain software because its easy to hide within a process that vendors will associate with something good. In some cases, supply chain software can bypass app control settings and cause problems for defenders.
Take Operation WilySupply, where an attacker was using a compromised update mechanism for a third-party editing tool to deliver malware. While it didnt use a zero-day, the attack abused the trust relationship involved with software supply chains. Microsoft 
discovered the attack
 attempt early last year.
Defending against supply chain attacks will be tough because each software vendor has a different distribution mechanism and signing infrastructure, says Weston. In the past, companies could put software on a trusted list if it had a history of being secure. However, he says, businesses have to realize anything can change from good to bad at any time.
Getting your software sources from centralized locations where possible is one of the practical means for protecting against supply chain attacks, Weston adds.
Cryptocurrency will be a growing security issue as more people adopt it. Attackers will target machines to cannibalize their resources and focus on cryptocurrencies, which are getting harder to mine in legitimate ways. Wallets will also become popular among hackers.
Targeting wallets will become more popular as more people dabble in investing in bitcoins and accessing them, he explains. If we get to the point where everyone has a wallet on their machine, theres an opportunity for cybercriminals on every machine.
Weston says Microsoft is exploring ways to use analytics in Windows and Azure to determine when a machine is using resources in ways it previously hasnt. Did you take up a lot of storage space overnight? Does this connection come from a trusted IP? Is it being used for spam? Machine learning, he says, can help establish a baseline of what the PC uses and train on it.
He points out sophisticated threat actors are using similar technologies to identify anomalous behaviors. They can use the same thing to find gaps in our defenses. They can hire capable engineers, they can hire clouds that scale to their needs. As attackers build their strategies, defenders must do the same.
Related Content:
Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches
CISOs Cyber War: How Did We Get Here?
New Cryptocurrency Mining Malware Has Links to North Korea
Vulnerability Management: The Most Important Security Issue the CISO Doesnt Own

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft: How the Threat Landscape Will Shift This Year