by February 12, 2014 0 comments

2013 saw a huge rise in the information security threats and it’s anticipated to get worse this year, and some of the major contributors to this deterioration are the very trends that everyone is going ga-ga about–cloud, mobility, BYOD, etc. They’re feuling the intentions of cyber criminals to devise more sophisticated methods/techniques to trap victims.
Key security vendors have been on top of these activities and have been regularly preparing their threat reports to keep everyone on guard. But since there are so many vendors out there, and so many reports, it’s not an easy job to scan through all of them to identify the potential security threats and targets this year. That’s why, we’ve done all the hard work of analyzing security threat reports from leading security vendors like Symantec, Kaspersky, Trend Micro, WatchGuard, Fortinet, Websense, Mcafee, Cyberark, Cyberoam and ESet.
There are both surprises and no surprises that have emerged from the security threats. The not so surprising targets in 2014 are Mobility, Social Media, and Cloud Computing. And the not-so-surprising targets this year will be Internet of Things, the vulnerability created by Microsoft ending its support for Windows XP, and the migration of Botnets to P2P networks.
Let’s take a closer look at the security vendors’ predictions about potential targets and the threats affecting them.

1. Fraudsters to Target Mobile Devices, Access Bank Account Details
Driven by BYOD and tablet adoption in enterprises, mobile security is going to be the big buzz this year. McAfee believes that Mobile malware will be the driver of growth in both technical innovation and volume of attacks in the overall malware “market”. Cybercriminals will be attracted to platforms that go beyond common just SMS frauds. Trend Micro is predicting that mobile malwares will not only keep growing, but they will also indirectly affect other platforms and devices. Considering the way we use our smartphones not just for banking, but for authentication (using either apps or text messages), cybercriminals are likely to go after these as well.
Mobile banking will suffer from more MitM (man-in-the-middle) attacks, so basic two-step verification will no longer be sufficient. Kaspersky Labs expects cybercriminals to continue developing tools to steal cash – directly or indirectly. To plunder pockets directly, fraudsters will further refine their tools designed to access bank accounts of mobile device owners (mobile phishing, banking Trojans). Mobile botnets will be bought and sold and will also be used to distribute malicious attachments on behalf of third parties. Similar assessments are there from Cyberoam also.

2. Social Media Platforms’ Features Will be Mis-used to Steal Your Personal Info
According to Websense, social networking will continue to appeal to the business community in 2014, so attackers will increasingly use professional websites, like LinkedIn, to research and lure executives. This highly targeted method will be used to gather intelligence and compromise networks. It has been observed that individuals are increasingly choosing convenience over safety and constantly exhibiting a potentially risky behavior online. According to Norton’s latest Report from 2013, 18% of social media users connect with people they do not know and 61% access their social network account over unsecure WiFi. McAfee expects to see more attacks that leverage the social media platform features to capture passwords or data about user contacts, location, or business activities.

3. Internet of Things is the Next Prime Target
WatchGuard expects that hackers will spend more time on cracking non-traditional computer devices such as cars, watches, toys and medical devices. According to Norton, with millions of devices connected to the Internet-and in many cases running an embedded operating system-they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. These systems are not only vulnerable to an attack, but they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch their vulnerabilities. Given this, we are going to see new threats in ways in which we’ve never seen before.

4. Hackers to soft-target “Windows XP”
Microsoft will end its support for Windows XP on April 8, 2014. This means that newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks. According to NetMarketShare, as of September 2013, Windows XP is still used on 31.42% of the PCs in the world. According to Gartner, by the time April 8 comes, more than 15% of mid- to large enterprises will still have Windows XP running on at least 10% of their PCs. In fact, Fortinet predicts that hackers already have zero day exploits for XP and are waiting till April 8th for the highest bidder to buy them. Because of their expectedly high price tag, these zero day exploits are likely to be used to launch targeted attacks against high-value businesses and individuals rather than deployed by common cybercriminals in order to propagate mass infections. Trend Micro and Cyberoam’s predictions are also along the same lines. Some security vendors have said that because of this, they might continue providing support for Win XP.

5. Cloud Storage to Become a Goldmine for Hackers
Increasingly enterprises and individuals are using public clouds to store and access data. According to Norton’s latest 2013 threat report, 29% of individuals in India and 24% across the world are already practicing this trend. With a rise in their usage, it is likely to become an easy target for cybercriminals to penetrate for profitable motives. According to WebSense, Cybercriminals will focus their attacks more on data stored in the cloud vs. data stored on the network. This tactical shift follows the movement of critical business data to cloud-based solutions. Hackers will find that penetrating data-rich cloud can be easier and more profitable than getting through an on-premise enterprise network.

6. Browser Attacks Continue
Like 2013, this year also, attempts would be made to breach browser security. According to Cyberoam, use of browser-based attacks like Water hole will further rise in 2014. This will include a rise in exploitation of browser vulnerabilities and also use of malicious websites. Attackers will continue to target users by directing them to trusted and commonly visited URLs which would be infected with malicious codes. A Waterhole attack is a mechanism that includes cyber offenders infecting websites that are frequently visited by their targets. McAfee believes that in 2014, new PC attacks will exploit application vulnerabilities in HTML5, which allows websites to come alive with interaction, personalization, and rich capabilities for programmers. On the mobile platform, they expect to see attacks that will breach browser security and give attackers direct access to the device and its services. Cybercriminals will increasingly target vulnerabilities below the operating system in the storage stack and even the BIOS.

7. Threats to an Enterprise Ecosystem
Symantec and Websense predict that third party consultants, suppliers and partners outside the enterprise network as well as business associates in the ecosystem will be the easy targets for attackers as they are the weakest links in the information exchange chain. These people typically share sensitive information or even have access to networks of large organisations and Government entities. And, it has been repeatedly observed that only a few of these partners have sufficient defenses.

8. Java will Remain Highly Exploitable and Highly Exploited
Most end points will continue to run older versions of Java and therefore remain extremely exposed to exploitation. In 2014, cybercriminals will devote more time to finding new uses for tried-and-true attacks and crafting other aspects of advanced, multi-stage attacks. Attackers will reserve zero-day Java exploits for targeting high-value networks with good Java patching practices.




No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.