7 Top Information Security Trends For 2013

  /     /     /  
Publicated : 22/11/2024   Category : security


7 Top Information Security Trends For 2013


From sandboxing enterprise apps on mobile devices to hacking websites via high-bandwidth cloud attacks, experts detail the security trends they expect to see in 2013.



Whats in store for security in 2013?
On the information security front, 2012 was notable in numerous ways: for Muslim hacktivists launching
distributed denial-of-service (DDoS) attacks
against U.S. banks, the FBI
busting alleged LulzSec and Anonymous leaders
, eccentric antivirus founder
John McAfees flight from justice
, the apparent data security missteps of the
former director of the CIA
, as well as a nonstop stream of website hacks, defacements, and data breaches.
Expect more of the same for 2013, and then some. Here are some of the top information security trends -- and vulnerability warnings -- that experts are calling out for the upcoming year:
1. Mainstream Cloud and Mobile Adoption Seeks Security
In 2013 more businesses than ever will look to cloud and mobile computing while also seeking
security checks and balances
to protect corporate data. Cloud is finally getting over its hype curve, said
Steve Robinson
, vice president of security development, product management, and strategy at IBM, speaking by phone. In the beginning of 2012, we were hearing more discussions about if the cloud is safe.
[ Hacktivism is alive and well. Read more about their increasingly sophisticated tactics at
9 Ways Hacktivists Shocked The World In 2012
. ]
Going into 2013, however, more firms are now setting deployment timetables and talking security practicalities. Ive had a few CISOs tell me that the two platforms theyre planning the most for now, looking five years out, are cloud and mobile, Robinson said. On the cloud front, he continued, Were seeing cloud security being discussed in much more practical terms: what workloads do we put out there, and how do we protect it?
For mobile devices, on the
bring-your-own-device
(BYOD) tip, many businesses are asking how to best mix corporate and personal information on smartphones. Interestingly, such questions were hardly ever asked about corporate-owned laptops or desktops, according to Robinson. As a result, he said, by 2014 we think mobile is going to be as secure, or more secure, than many desktop environments.
2. Businesses Begin Sandboxing Smartphone Apps
One tool that could see widespread adoption in 2013 will be mobile app sandboxing. Indeed, as more employees examine how corporate data gets stored on myriad employee-owned devices, Jim Butterworth, CSO of security software and consulting firm
HBGary
, predicts that more businesses will
turn to sandboxing technology
on mobile devices to protect their data. Using a sandbox application to access corporate emails, for example, that application is only resident on the machine while youre receiving emails -- but you cant copy out or in any attachments, said Butterworth, speaking by phone.
3. Cloud Offers Unprecedented Attack Strength
Just as theres a productivity upside to new technology or trends such as BYOD, so often there can be a potential security downside. In the case of cloud computing, notably, some security researchers have been warning that the
sheer scale
of the recent DDoS attacks against U.S. banks presages a future of
Armageddon-style attacks
in which hackers can overwhelm not just targeted websites with high-bandwidth attacks, but every intervening service provider.
In 2013, expect to see even bigger attacks launched from the cloud. It used to be, to launch a massive denial of service attack, you had to build up your botnets so criminals would slowly and surely build up their army of hundreds of thousands of drones, said
Harry Sverdlove
, chief technology officer of security software vendor, speaking by phone. Now, they can rent the equivalent of 100,000 processors. ... So just as legitimate companies are using the cloud to do great things, of course cyber attackers are taking notice as well -- and they can cause significant damage.
4. Post-Flashback, Cross-Platform Attacks Increase
Write once, infect anywhere? Thats no doubt the attack goal of many a malware writer. But until recently the relatively scant install base of every operating system -- bar Windows -- led most malware writers to avoid bothering with Mac, Linux, Unix, Android, or other operating systems.
In 2012, however, malware authors altered their approach with the Flashback malware. With the Flashback Trojan earlier this year, we saw estimates of over 600,000 Mac computers were infected, said Sverdlove, and it apparently
earned attackers big bucks
via click fraud. Since Flashback, more than one attack has targeted multiple operating systems via cross-platform vulnerabilities present in Java and Flash, and no doubt that targeting those plug-ins for financial gain in 2013 will continue. With the prevalence of Macs in the workplace and the number of mobile devices, this is becoming a much more lucrative target, he said.
5. Destructive Malware Targets Critical Infrastructure
In 2012, the
Shamoon malware
was notable for what it apparently wasnt, which was a state-sponsored attack. Instead,
Middle Eastern hacktivists
have taken credit for disrupting Saudi Aramco -- the state-owned national oil company of Saudi Arabia and the worlds largest exporter of crude oil. To do this, they didnt build a
Stuxnet-style cyber-weapons factory
, but rather gleaned some tricks from previously launched attack code, such as the
U.S. government-created Flame malware
. The result was Shamoon, which infected and begin erasing the hard drives of 30,000 Saudi Aramco workstations.
Moving into 2013, said Sverdlove, the trend of hacktivists, combined with a rise in sophistication, will lead to much more destructive attacks on infrastructure. Already, Shamoon has shown that the barrier to entry for launching malware attacks against critical infrastructure systems continues to decrease and that attackers no longer have to be malware experts. Accordingly, people with a grudge may add them to their attack toolkit, next to website defacements,
Twitter account takeovers
, and DDoS attacks.
Hacktivists represent the unpredictable factor, said Sverdlove. All it takes is a few individuals with an agenda or an ax to grind, and they now have the tools to launch distributed denial-of-service attacks or attacks to wipe out data. It makes for a much more dangerous combination.
6. Hackers Target QR Codes, TecTiles
One of the more innovative -- as well as simple and inexpensive -- attacks to emerge over the past year involves
fake QR codes
, which attackers have printed out and used to cover up real QR codes on advertisements -- especially for financial services firms. Banks have been battling fake QR codes as a method of doing cross-site scripting attacks on mobile phones, said HBGarys Butterworth. Its scary: [attackers] use open-source QR generators, then they put these things on billboards or ATM machines, promising $100 if you open a new account -- and its all just to exploit [consumers]. Alternately, attackers could use fake QR codes on bank advertisements to send consumers to
fake versions of their banks website
, then steal their access credentials.
Banks are now also exploring
Samsung TecTiles
, which are Android apps that let you read and write near field communication (NFC) tags, as a way to let people make payments. But according to Butterworth, with near field communications comes a huge amount of risk. Enterprising attackers could create their own TecTiles that redirect to malicious websites, or even launch phishing attacks.
Attacks using QR and TecTiles target consumers. Its a problem more, I think, for personal banking and the threat of people getting their money stolen than for some state-sponsored entity trying to find their way in, said Butterworth.
7. Digital Wallets Become Cybercrime Targets
Expect any combination of smartphones, payment capabilities, or credit card data to draw attackers interest. On a related note, Google, Apple, Verizon, T-Mobile, AT&T and others are now moving into the electronic wallet and digital wallet space. But storing gifts cards and credit cards on a smartphone and allowing consumers to make payments via NFC -- simply waving a smartphone near a payment terminal to begin a transaction -- will make digital wallets a big target for criminals, said Bit9s Sverdlove.
Its virtually guaranteed, furthermore, that every last potential attack vector or exploitable vulnerability hasnt yet been worked out of such systems. Like any new technology, convenience always precedes security ... and well see some elevation in the number of attacks on e-wallets or digital wallets, Sverdlove said. It will serve in the long run to strengthen security.
But in the short term: come 2013, watch your digital wallet.
Cloud computing, virtualization and the mobile explosion create computing demands that todays servers may not meet. Join Dell executives to get an in-depth look at how next-generation servers meet the evolving demands of enterprise computing, while adapting to the next wave of IT challenges.
Register for this Dell-sponsored webcast now
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
7 Top Information Security Trends For 2013