News & Events

Click farms, 5G architecture, open banking are key trends

Attackers embracing click farms, deploying a horizontal 5G architecture with layers, and open banking to share customer data, are kye trends ahead.

How do you make sense of 2020? Suffice to say, it has been an incredible twelve months of transition, adaptation, and challenge. From mindsets and behaviours to the deployment of technology, Covid-19 has both flipped our perceptions and accelerated innovation. Organisations around the world are increasingly migrating from monolithic to microservices‑based apps. And there’s an associated increase in use of these technologies in production environments.

Clearly, there is growing confidence that microservices‑based apps can improve what people care about the most: customer experience. As a case in point, NGINX’s annual customer survey found that the proportion of businesses building apps with microservices jumped from 40% to 60% this year. More than half of respondents are also using microservices in some or all of their apps.

Looking ahead, we anticipate more investment in commercial and open-source container orchestrators, as well as API management. At the same time, public cloud usage will continue to increase, along with the ongoing migration to software load balancers. Use of related technologies like WAF and Service Discovery are also on the rise.

As mobile operators in the region prepare to either roll out or expand their 5G core networks, they are faced with a conundrum. Do they stick with the traditional approach and deploy a vertically integrated core network stack from a single vendor? Or should they implement a horizontal architecture composed of distinct layers?

To unlock the benefits of 5G and an open architecture, we believe many telcos will start exploring the latter with more purpose in 2021.

A horizontal telco stack involves a complete decoupling of the server and network infrastructure, as well as the functions that run on top of it. This kind of layered architecture is the norm among web-scale companies. But for telcos, it requires a change of mindset: they need to regard 5G as a use case that runs on top of a common telco cloud platform, rather than a vertical stack in its own right.

It is important to note that the 5G standard has been developed in a way that encourages operators to employ a horizontal architecture. This new generation of cellular technology has been designed to harness the service-based architecture that now permeates the IT sphere. 

Applications are composed of microservices that perform specific functions and exchange information using the HTTP protocol and open application programming interfaces. 

Over time, this architecture will enable operators to take advantage of open-source software. HTTP is the default protocol for open-source systems today, while the open API standard is commonly used by DevOps to develop API-based applications.

According to the 2020 F5 Labs Phishing and Fraud Report there are two major phishing trends on the horizon.

As a result of improved bot traffic botnet security controls and solutions, attackers are starting to embrace click farms. This entails dozens of remote workers systematically attempting to log onto a target website using recently harvested credentials. The connection comes from a human using a standard web browser, which makes fraudulent activity harder to detect. 

Even a relatively low volume of attacks has an impact. As an example, Shape Security analysed 14 million monthly logins at a financial services organisation and recorded a manual fraud rate of 0,4%. That is the equivalent of 56,000 fraudulent logon attempts, and the numbers associated with this type of activity are set to rise.

Shape Security researchers also recorded an increase in the volume of real-time phishing proxies, RTPP that can capture and use multi-factor authentication codes. The RTPP acts as a person-in-the-middle and intercepts a victim’s transactions with a real website. Since the attack occurs in real time, the malicious website can automate the process of capturing and replaying time-based authentication such as MFA codes. It can even steal and reuse session cookies. 

No educational institution can effectively cover everything, and the needs of a given organisation will also be determined by its strategy, security architecture, and the hiring manager’s perspective. This means that even experienced specialists need to be willing to humble themselves and constantly gain new skills.

The most important attribute of any candidate is a fundamental interest in the idea of security. That means that, rather than just looking for turnkey candidates, it is often better to put more focus on cultivating practical skill sets among people that self-select as being interested. For cybersecurity professionals, continual learning is always part of the job.

Open banking enables banks to securely share customer data with third-party providers in various verticals, as well as with other banks, via application programming interfaces. If done well, it can spark innovative data-driven financial products and services around a centralised platform. 

According to F5-comissioned research from Twimbit, nearly six in ten consumers would be willing to share significant personal information with their bank and insurer in exchange for lower pricing on products and services. 

However, an increased use of APIs in all industries has not gone unnoticed by cybercriminals. Gartner predicts that by 2022 API abuses will be the most frequent attack vector against enterprise web applications that lead to data breaches.

Is 2021 the year open banking really takes off on a global scale? If so, it will require vigilance.

Expect a clamour for API-first designed tech. Solutions that maximise performance by reducing the average response time to serve an API call and minimising the footprint and complexity of the API gateway, will certainly be in high demand. 

However, progress will be stymied if consumer fears about the risk of fraud or data breaches are not adequately addressed. To build trust, it is crucial to embrace strategies to modernise apps by implementing a 360° protection strategy that goes beyond just testing for software vulnerabilities.

In the age of microservices and distributed computing, it is not possible to stay on top of an expanding growing app portfolio without increasingly sophisticated automation. A key element of that shift is the ability to make our apps more adaptable. In other words, the ability to shrink, defend, and heal based on the environment they are in and how they are being used. 

We are already seeing examples of how a powerful combination of application services, telemetry and automation can be game-changing in terms of delivering extraordinary digital experiences. Definitely watch this space in 2021!

Leave a Reply