As you round out your 2013 business and IT plans, cybercriminals are resolving to implement increasingly sophisticated threats
As you round out your 2013 business and IT plans, cybercriminals are resolving to implement increasingly sophisticated threats targeting specific computer systems and organizations big and small.
In the past year, businesses have seen several serious hacks and breaches. As the arms race between attackers and businesses continues to evolve in 2013, IT departments and security professionals will need to stay on top of the changing tactics and approaches used by hackers to protect their organizations.
Here’s what security threats and trends we expect to see:
Threat #1: DDoS attacks become (even) more prevalent
Have a cause? Have a credit card? In the new age of protesting, this is all that’s required to launch a distributed denial-of-service (DDoS) attack. Previously, attackers needed to be intelligent, savvy about hacking and able to locate and draw upon resources to flood a target with internet traffic, therefore running amok with the target’s leverage of the internet to operate their business or Government department, etc. DDoS services can now be acquired and launched effortlessly via a credit card transaction. Using the old “security through obscurity” strategy, thinking that no one is interested in their organization, therefore they’re safe, continues to be extremely dangerous. If this is you, think again! By virtue of being in the same geography, industry or another unintended affiliation as an intended target any organization may be collateral damage. But then again, what’s the harm in a prolonged outage when casting a wide net protesting to raise awareness for a cause? That depends on one’s perspective!
Threat #2: Can you handle the truth? Is your existing security policy outdated?
Organizations that have a security policy limited to networks only, which has not yet been adapted to include people and their devices, are vulnerable. Administrators need agile security to counter all of yesterday’s, today’s and tomorrow’s threats. If the current security policy is not agile enough to accommodate four key elements, the infrastructure is under significant threat of rapidly developing hacker tactics. An agile security policy must account for (1) Who the user is specifically (2) What device is being used (3) The applications the specific user is allowed to access and (4) The data the application is allowed to handle. Including any sum less than these four considerations in a security policy exponentially increases vulnerability. An agile security policy combined with Check Point’s Threat Cloud adaptive threat management service and Check Point’s Security Service Orientated Architecture allows organizations to significantly mitigate the risks posed with leveraging the Internet.
Currently most GRC solutions and/or evaluations are reactive. They are usually driven by audit and are conducted on historical information. In 2013 GRC that is integrated in to real time evaluation of traffic, data and usage should be leveraged to greatly diminish the probability and severity of security incidents. Excluding GRC entirely or handling it the same old way and expecting a different result is the definition of insanity!
Threat #4: Precision Targeted Malware, the death knell of the signature based approach to security.
Emulation will supersede the signature based approach to security. Traditional solutions that utilize signature based technologies will not be suitable in detecting the types of attacks being crafted specifically for an organization or industry vertical. Check Point’s consolidated approach allows for the utilization of multiple detection analysis capabilities, in parallel, provides significantly enhanced defense from complex and multi-layered attacks. Reliance on platform oriented security solutions often has the unexpected consequence of trading performance for security. In these situations, platform oriented solutions result in organizations unable to defend themselves from these complex attacks without crippling performance degradation.
Threat #5: The Usual Suspects
Social Engineering – A convincing-looking profile of a company or person followed by a friend or connection request continues to be enough to get a social engineering scam rolling. Security technology that can engage and educate users can drastically reduce incidents related to user gullibility.
APTs – Highly-sophisticated and carefully constructed attacks is to gain access and steal information quietly. Taking a low-and-slow approach continues to make them difficult to detect, giving them a high likelihood of success. These will continue to be effective until organizations are able to consolidate their security technologies and reporting in order to get an effective overview of their security posture.
Internal Threats – Due to the amount of damage a privileged user can do and the data they can access, these attacks can be the most devastating. In a study funded by the U.S. Department of Homeland Security, the CERT Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute and the U.S. Secret Service, researchers found malicious insiders within the financial industry typically get away with their fraud for nearly 32 months before being detected.
Cloud Services – There is this trend called cloud computing. Any security policy that was inherently developed with the assumption the physical network is secure simply falls apart and is not effective in the cloud. The merging of software and infrastructure create unique challenges that must be addressed by virtualization aware security products.
HTML5 – Some of the largest organizations in the world are leveraging HTML5 to enhance their customer’s online experience on several different platforms. Wanting to benefit from this success, many others are looking to leverage this code within their enterprises. Doing so, they open several new attack vectors of which they may not be aware.
Great care must be taken when working with HTML5 components, because if they are not securely coded, they introduce a number of new attack vectors. Large websites coded in HTML5 can often have many of the same traits and capabilities of a small operating system! HTML5’s local storage API capabilities, webSQL, and DOM based XSS features require great care in their implementation, because within this complexity lies the ability for a hacker to craft potential stealth attacks using exploits like cache poisoning, local SQL injection or XSS vulnerabilities.
As the use of HTML5 spreads, and the development of these libraries and APIs matures, security should become more prevalent within the technology, however security solutions in place today need to pick up the slack in the interim.
Botnets – Even though the arms race between researchers and attackers favours innovation, expect cybercriminals to spend a lot of time perfecting what they know best, such as making sure their botnets have high availability and are distributed. Bot developers are also taking advantage of signature based detection technologies by making simple modifications to existing Bots, rendering the signatures ineffective as well as redeploying new Bots with little effort and maximum effectiveness.
2013 is sure to bring an army of exploits and malware through vectors ranging from social networks to mobile devices to employees themselves. As computer and operating system security continues to improve, so will cybercriminals’ new techniques to bypass these defenses.
All the more reason to make security one resolution we keep.
Paul Comessotti is Canadian regional director for security vendor Check Point Software Technologies.