The threat landscape: the next trends in cyber security

Cyber security remains one of the most dynamic fields within the technology industry. Because of the financial and political impact of cybercrime, attackers are continuously looking to innovate and outsmart security vendors and consulting companies. As a result, the IT community is perpetually engaged in a contest of strategy to combat new cyber threats. These are some of the top security threats we can expect to see developing over the next year, including top tips to combat these dangers.

1. Advanced custom malware

A new generation of malware is being used to discover and take advantage of previously unknown weaknesses in computer software. Recent cyber assaults against major organisations and security companies have demonstrated the ability of malware attacks to evade even the most sophisticated anti-virus programs. In the coming year we can expect more, with cyber criminals using innovation in malware to attack commercial targets.

Top tip: Whitelisting approved programs rather than simply blocking known malicious ones can provide another layer of defense against targeted attacks.

2. Cyber warfare will increase

Cyber warfare is on the rise. Over the last few years, we have seen several denial-of-service attacks cripple government websites and news media targets. The most serious cases of cyber warfare have targeted specific resources critical to certain governments. Cyber operations including Stuxnet, Flame and Gauss have all surprised internet security experts with their levels of sophistication. Expect to see more attacks as governments scramble to combat the power of cyber warfare.

Top tip: Organisations not associated with government nor sensitive contracts may not be targets for the moment, but attacks on critical national infrastructure (including oil and gas firms) are likely to increase. Organisations should ensure they have a robust business continuity strategy in place.

3. Post-PC devices will leak data

Cyber criminals are increasingly turning their attention to mobile platforms. According to security firm Kaspersky, the number of new malware programs targeting Google's Android operating system almost tripled to 15,000 in the second quarter of 2012. But malware isn't the only way to extract data from a smartphone or tablet device. Some applications are programed to send data to third parties without the user's knowledge (often in unencrypted, and therefore unsecure, form). Recently, for example, LinkedIn was forced to respond to claims its Apple iOS application collects full meeting notes and details from users’ calendars and sends them back to the company in unencrypted from.

Top tip: Use a mixture of mobile data management tools, mobile device policy and encrypted areas of device memory for corporate applications to help minimise the risk of compromise. All organisations should also enforce a policy for remote wiping for lost or stolen devices.

4. Social media will become more of a threat

As the prevalence of social media continues to grow, criminals will look for new ways to exploit and gain access to confidential information, known as “phishing”.

Top tip: Individuals should review and increase their existing security settings on social media. Companies should also implement a social media policy to ensure employees are not compromising company data security via their personal accounts. Vendors will need to ensure firewalls and intrusion prevention systems are extended to protect against social phishing.

5. Hacktivism will increase

The last year saw unprecedented level of activity from hacktivists – groups hacking computer networks as a means of protest to promote political ends. Groups such as Anonymous and Lulzsec have demonstrated the risk companies face of losing sensitive data, including customer names, addresses, and even credit card numbers. We can expect this activity increase as hacktivists gain more traction and as other groups begin engaging in copycat attacks.

Top tip: A layered, multi-pronged approach to security is crucial. In addition to protecting the corporate perimeter with proper firewall configuration, use intrusion prevention and robust endpoint protection to protect critical resources inside your organisation.

This article was updated 55 December 2012.

Today's Approach to Security is Broken

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]

Comments

Jim

1

This is perhaps the most poorly informed cyber security article that I've ever read.

Some specific elements:
The author clearly doesn't understand the difference between malware and 0day attacks and how they are used together in sophisticated cyber attacks. To start with, this comment is completely incorrect: "new generation of malware, known as “zero-day attacks”. 0day or zero-day attacks refers to exploits that take advantage of software vulnerabilities that are not patched by the vendor yet. The 0day part refers to the amount of days since the vulnerability has been patched. The reality is that 0day vulnerabilities are not a threat to a majority of organisations as most organisations are compromised through exploitation of patched vulnerabilities. If you deal with national security secrets or technology etc of high value then 0day vulnerabilities may be a threat to you in which case your security posture should reflect this. Long story short, exploits are not malware. The fact is that malware doesn't need to be advanced to be successful although there have indeed been advanced malware used in likely state sponsored intrusions (Flame/Stuxnet etc).

"Cyber warfare will increase". The author doesn't seem to understand the difference between cyber war as in war fighting with a cyber component vs espionage. They say spying (committing espionage such as the Chinese stealing information/intellectual property) is one of the oldest professions alongside prostitution so it shouldn't be a surprise that as the world becomes more interconnected with the Internet etc that espionage starts occurring. Stuxnet and Flame were probably different elements of a cyber strategy conducted by western countries. Flame was likely designed as a precursor to Stuxnet and was an information collection (espionage) operation while Stuxnet was designed to physically damage Iran's nuclear program. Sure you could call both cyber war but I think it's pretty important to distinguish the two.

"Top tip: Organisations not associated with government nor sensitive contracts should be safe for the moment, but attacks on critical national infrastructure (including oil and gas firms) are likely to increase. Organisations should ensure they have a robust business continuity strategy in place."

The above comment clearly shows a poor understanding of the issue or the threat. Organisations not associated with government nor sensitive contracts are not safe. A company's security posture should depend on a multi-layed, defence in depth strategy that reflects where the heart/core assets of the company are. Building a robust business continuity strategy is a waste of time if your intellectual property, executive communications and contractual/tender documentation are going out the door.

Jim

2

"4. Social media will become more of a threat"

The biggest corporate threat that social media provides is time wastage. Also the author considers an employee dumping their company's secrets on Twitter/Facebook as being in the top 5 emerging threats to a business... come on. Also re: maliciousness coming through social media, only phishing is the only vector in which an attack can come? What about exploits being delivered through social media/networks like Facebook? What about an adversary combing through social media to build enough information on a target to launch an attack against then social engineering one of your employees to open an infected Word document etc? The only advice you have is to have firewalls and IPS's? Haven't we been using them since the 1990s? I have a firewall and an IPS, why am I still being hacked?

"Hacktivism will increase"

Sure hacktivism or issue motiviated groups conducting attacks online as certainly increased this year. Your top tips seems to be an assumption that Hacktivist groups use malware whilst Anonymous has primarily used DDoS attacks to bring attention to a particular issue (the attacked website goes down for a period of time) and Lulzsec or similar groups has used vulnerability websites that conduct intrusions. Your suggested tips re: firewall configutation, intrusion prevention and robust endpoint protection show poor understanding of how these threat actors have worked previously. What about doing things like penetration testing of external websites, centralised log collection and analysis?

Long story short, you shouldn't have written this article.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Protect against bugs in USB Storage devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.