Targeted Cyber Attacks Increase in Scale
Hacktivist groups such as Anonymous and LulzSec have made security breaches a public event as we learned about the use and rise of Advanced Persistent Threats (APTs) against global organizations and government agencies.
Illicit Social Media Scams Escalate
Social media has emerged as magnets for cybercriminals as malicious spam campaigns have mimicked Facebook, LinkedIn, YouTube, Twitter and even Google+, capitalizing on the inherent trust in these brands to dupe users into clicking on links.
Social Media Identity Theft
Blended Cyber Attacks Increase
The primary blended attack method used in the most advanced attacks will be to go through your social media “friends,” mobile devices and through the cloud.
We’ve already seen one APT attack that used the chat functionality of a compromised social network account to get to the right user.
Expect this to be the primary vector, along with mobile and cloud exploits, in the most persistent and advanced attacks of the future of cyber security.
Rise of Geospatial Mobile Device Attacks
People have been predicting this for years, but in 2011 it actually started to happen. And watch out: the number of people who fall victim to believable social engineering scams will go through the roof if the bad guys find a way to use mobile location-based services to design hyperspecific geolocation social engineering attempts.
SSL/TLS Puts Net Traffic Into a Corporate Blind Spot
Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First is the disruptive growth of mobile and tablet devices. And second, many of the largest, most commonly used websites, like Google, Facebook, and Twitter are switching to https sessions by default, ostensibly a more secure transmission.
But as more traffic moves through encrypted tunnels, many traditional enterprise security defenses are going to be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic.
Containment is the New Prevention
For years, security defenses have focused on keeping cybercrime and malware out. Organizations on the leading edge will implement outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.
Increase in Event-Based Attacks
The Rio Olympics, U.S. presidential elections, and apocalyptic predictions will lead to broad attacks by criminals. Cybercriminals will continue to take advantage of today’s 24-hour, up-to-the minute news cycle, only now they will infect users where they are less suspicious: sites designed to look like legitimate news services, Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations.
Social Engineering and Rogue Anti-Virus
Scareware tactics and the use of rogue anti-virus, which has decreased a bit recently, will stage a comeback. Except, instead of seeing “You have been infected” pages, we anticipate three areas will emerge as growing scareware subcategories in the future of cyber security:
- a growth in fake registry clean-up
- fake speed improvement software
- fake back-up software mimicking popular personal cloud backup systems.
Mobile Malware Menaces Users and Organizations
In 2011, the most prolific cybercrime platforms, Zeus and Spyeye, developed malware for the Android platform in order to intercept the SMS-based security controls deployed by banks to protect their customers from banking Trojans.
According to Kaspersky, Android has become the most-targeted platform for malware, accounting for about 98% of mobile malware detected in 2013.
Third-Party Software Exploits Gain Traction
Some third-party browser software such as Java, Flash Player and Acrobat Reader have huge worldwide install bases. Because numerous vulnerabilities in these products are found and often exploited, and because it is difficult for IT administrators to promptly update these products throughout their organizations, these software products have become an increasingly viable vector for attacks.
Exploit Kits and Malware Reuse Proliferate
Malware reuse is a growing phenomenon in the underground economy and the Zeus family of malware is a great example. For the last few years, Zeus (a.k.a. Zbot) functions as one of the preferred types of malware used by cybercriminals. Until May 2011, Zeus source code was sold only to private groups, and older compiled versions of the tool were available to anyone, but then the source code of Zeus crimeware kit was leaked and is now publicly available on the Web.
Compromised Websites Serving Malicious Content Accelerates
Social networking sites such as Facebook and LinkedIn are now being used by businesses to promote their organizations, generate leads and inform customers of special offers or important messages. Additionally, almost every self-aware organization has either started a blog or is in the process of starting one. Regardless of the fact that these blogs run on corporate
Web servers, they often are not sufficiently protected against malicious attacks, because they allow remote attackers such as Botnet operators and traders to compromise the corporate Web server, turning it into a redirector to their malware.
Botnets Disruption Attempts Short-Lived
Botnets, vast armies of compromised machines around the globe, are the cybercriminals’ weapons of choice, and nothing suggests that this will change anytime soon. Whether it’s spam, data stealing, DDOS, or mass website hacks, botnets provide the horsepower and anonymity that cybercriminals need to perpetuate their crimes.
Unless the operators are actually apprehended, botnet takedowns tend to have a short-term effect only. The Cutwail and Lethic botnets are classic examples. Despite being ”disabled” multiple times, they are still spamming today.
Attacks on Cloud Services Inevitable
Many people and organizations are moving to various cloud services to take advantage of convenience and attractive pricing. There are valid security concerns about moving sensitive data and critical systems to the cloud, including control of data, downtime due to an outage and lack of visibility.
Despite excellent security practices employed by many cloud providers, the fact remains that these services are likely to be prime targets for cybercriminals.
Learn more about Patriot cyber security solutions here.