Nation-state adversaries and cyber actors are preparing new cyber capabilities to steal critical data held in the cloud, according to FireEye’s [FEYE] latest security predictions for 2018.
FireEye released its cyber predictions report Dec, 7, and the cyber security company sees new tools used to expose vulnerabilities in cloud computing services and state-sponsored threat activities as the top defensive priorities for next year.
“We need better cloud visibility. It’s as simple as that. I’ve been waiting for the day – and it’s been a long time coming – where the intrusions we respond to have cloud components. Those days are now here,” FireEye CEO Kevin Mandia said in his company’s report.
Cloud services provide increased data capabilities, but many providers are unable to offer security risk transfer, according to Mandia.
FireEye has seen an increase in attackers utilizing the same cloud service providers used by many U.S. companies, including Amazon Web Services [AMZN] and Azure.
Cyber actors may host phishing URLs or distribute malware on these same cloud services. Leveraging cloud computing allows attackers to bypass initial domain reputation checks and implement more sophisticated tools to access critical data.
Industry officials are urged to restrict or limit downloads from cloud service provider IP addresses as cyber actors become more familiar with cloud environments.
The report details new nation-state threats to prepare for in 2018 as government-sponsored cyber actors develop new capabilities.
“There is no one nation, five nations, or collection of 20 nations that are holding all nations accountable to abide by any rules of engagement. We need to have some kind of barrier put up, and I’m convinced we will sort it out.” Mandia said.
As countries such as China and North Korea begin implementing cyber activities at scale, Mandia views Iran as a potential actor that may begin ramping up threat capabilities.
“We talk about Russia, we talk about China, we talk about North Korea – for me, I’ve got my eyes on Iran,” Mandia said. “It feels to me that the majority of the actors we’re responding to right now are hosted in Iran, and they are state sponsored.”
Iran continues to grow its broad offensive capabilities and state-sponsored cyber operators may look to initiate disruption campaigns outside of the Middle East, including the U.S., according to FireEye.
Cyber actors in China are expected to carry out cyber campaigns to gain info on artificial intelligence technology, despite previous agreements with the government to cease such activities, according to FireEye.
The 2015 “Xi Agreement” with China to cease the use of their use state-backed hackers from stealing U.S. intellectual property was renewed by the Trump administration, but FireEye officials believe business intelligence operations have increased.
“Already we have observed some groups preparing what could be operations targeting revolutionary technologies, such as artificial intelligence and advanced batteries, which would provide such an extreme economic and military advantage to whichever country takes the lead in those fields that Beijing would risk upsetting the current status quo in cyber operations,” FireEye wrote in its report.
FireEye utilizes machine-generated intelligence from its global MVX cloud service and adversary intelligence from its iSIGHT global analysts to inform its annual security predictions.
“From innovative attacks and malware, to incoming laws and regulations, to changes in nation-state activity, it’s evident that 2018 has the potential to be another event-filled year in cyber security. But while there are many new things to look forward to in the next 12 months, and many different ways to stay prepared, we also cannot sleep on the timeless fundamentals that continue to keep us secure,” FireEye wrote in its report.