Cybersecurity Trends for 2020

According to a TrendMicro’s report, ‘The New Norm’, the major cybersecurity risks for organizations in 2020 comes from DevOps, third-party libraries, container components and even remote workers.

A pleasant reading for the Christmas holidays!

The report [1] warns of a growing cloud attack surface: cybercriminals focus their efforts on code injection attacks to steal sensitive information, either directly or via third-party libraries.
Indeed, developers’ reliance on third-party code could expose countless organizations to this kind of attack:

More compromises in cloud platforms will happen in 2020 by way of code injection attacks, either directly to the code or through a third-party library. Malware injection can be done in an attempt to eavesdrop or take control of a user’s files and information on the cloud.
Common forms of such attacks in cloud services’ web applications are cross-site scripting attacks and SQL injection attacks.
Successful attacks allow hackers to remotely retrieve sensitive data and manipulate database content.
On the other hand, attackers can go in a different route with third-party libraries that, when downloaded by users, execute injected malicious code.

The report also highlighted that user misconfigurations will exacerbate cloud security challenges, and in the same ares, container infrastructures containing common vulnerabilities can expose organizations to attacks across the whole IT stack.

The container space is fast-paced.
Releases are quick, architectures are continually integrated, and software versions are regularly pushed.
Traditional security practices will not be able to keep up.
This highlights the importance of DevSecOps principles for DevOps teams as containers upend more conventions and shoulder more roles that are critical to organizations.
Rapid development cycles may leave only little room for security and vulnerability testing.
An application may now require an organization to secure hundreds of containers spread across multiple virtual machines in different cloud service platforms. Organizations will have their hands full with issues in different components of the container architecture, including vulnerabilities in runtimes (e.g., Docker, CRI-O, Containerd, and runC38), orchestrators (e.g., Kubernetes), and build environments (e.g., Jenkins). Attackers will find ways to take advantage of any weak link to compromise the DevOps pipeline

Another interesting point of Trend Micro is related to remote workers: the report defined home and remote working environments as potential hotspots for supply chain attacks.

Organizations will have to be wary of risks introduced by work-from-home arrangements and internet-connected home devices that blur the lines in enterprise security. After all, working in home environments is not as secure as being in the corporate network. Furthermore, weak Wi-Fi security compounds risks in remote work arrangements like shared or public workspaces. An open network leaves sensitive files and information exposed for snooping by other users in the same network.
Remote devices can be infected with malware that can get into the corporate network and make off with valuable information.
Today’s mobile workforce is no longer tethered to a computer in a traditional office setting.

This could cover everything from weak Wi-Fi security in public workspaces to smart home risks posed by unsecured smart TVs, speakers and digital assistants.

Unlike in a bring-your-own-device (BYOD) setup, employees working from home can move between multiple connected devices to access cloud-based apps and communication software. Connected home devices serving as a gateway for enterprise attacks is an unavoidable development considering how employees may find these devices (e.g., smart TVs, speakers, and assistants) convenient for work use as well. Enterprises will have to decide on what information security policies to implement to deal with such scenarios


References

  1. Trend Micro Security Predictions for 2019 (PDF)

Related posts

  1. CVE-2020-2100: Jenkins servers can be exploited to perform DDoS attacks
  2. DevSecOps: the value of “Security Champions”
  3. Some thoughts about “Shift Left” security in DevSecOps
  4. Privileged containers in Docker? A bad idea!
  5. Integrating Security into DevOps