13

As we move in to the new year, what do you see as the emerging threats for organisational security?

I see more chat around;

  • Advanced Persistent Threat (APT) from foreign states.

  • More fines from the Information Commissioner (IC) for data loss (This is a very UK focused issue, due to the revised remit of the IC and their ability to now fine organisations).

  • More focus on industrial control systems (SCADA).

AviD
  • 72,138
  • 22
  • 136
  • 218
David Stubley
  • 2,886
  • 1
  • 17
  • 28
  • It might be a good idea to define APT. I would say that APT ARE the foreign states. See Bejtlich's post on it - http://goo.gl/Lk7LT – Josh Brower Jan 14 '11 at 16:37
  • 1
    Making this community wiki: it's a "good subjective question" (http://blog.stackoverflow.com/2010/09/good-subjective-bad-subjective/) but is, nonetheless, a subjective question. –  Jan 14 '11 at 17:27

9 Answers9

7

According to McAfee Labs Threat Predictions for 2011:

Exploiting Social Media: URL-shortening services Social media sites such as Twitter and Facebook have created the movement toward an “instant” form of communication, a shift that will completely alter the threat landscape in 2011. Of the social media sites that will be most riddled with cybercriminal activity, McAfee Labs expects those with URL-shortening services will be at the forefront. The use of abbreviated URLs on sites like Twitter makes it easy for cybercriminals to mask and direct users to malicious websites. With more than 3,000 shortened URLs per minute being generated, McAfee Labs expects to see a growing number used for spam, scamming and other malicious purposes.

Exploiting Social Media: Geolocation services Locative services such as foursquare, Gowalla and Facebook Places can easily search, track and plot the whereabouts of friends and strangers. In just a few clicks, cybercriminals can see in real time who is tweeting, where they are located, what they are saying, what their interests are, and what operating systems and applications they are using. This wealth of personal information on individuals enables cybercriminals to craft a targeted attack. McAfee Labs predicts that cybercriminals will increasingly use these tactics across the most popular social networking sites in 2011.

Mobile: Usage is rising in the workplace, and so will attacks Threats on mobile devices have so far been few and far between, as “jailbreaking” on the iPhone and the arrival of Zeus were the primary mobile threats in 2010. With the widespread adoption of mobile devices in business environments, combined with historically fragile cellular infrastructure and slow strides toward encryption, McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

Apple: No longer flying under the radar Historically, the Mac OS platform has remained relatively unscathed by malicious attackers, but McAfee Labs warns that Mac-targeted malware will continue to increase in sophistication in 2011. The popularity of iPads and iPhones in business environments, combined with the lack of user understanding of proper security for these devices, will increase the risk for data and identity exposure, and will make Apple botnets and Trojans a common occurrence.

Applications: Privacy leaks—from your TV New Internet TV platforms were some of the most highly-anticipated devices in 2010. Due to the growing popularity among users and “rush to market” thinking by developers, McAfee Labs expects an increasing number of suspicious and malicious apps for the most widely deployed media platforms, such as Google TV. These apps will target or expose privacy and identity data, and will allow cybercriminals to manipulate a variety of physical devices through compromised or controlled apps, eventually raising the effectiveness of botnets.

Sophistication Mimics Legitimacy: Your next computer virus could be from a friend Malicious content disguised as personal or legitimate emails and files to trick unsuspecting victims will increase in sophistication in 2011. “Signed” malware that imitates legitimate files will become more prevalent, and “friendly fire,” in which threats appear to come from your friends but in fact are viruses such as Koobface or VBMania, will continue to grow as an attack of choice by cybercriminals. McAfee Labs expects these attacks will go hand in hand with the increased abuse of social networks, which will eventually overtake email as a leading attack vector.

Botnets: The new face of Mergers & Acquisitions Botnets continue to use a seemingly infinite supply of stolen computing power and bandwidth around the globe. Following a number of successful botnet takedowns, including Mariposa, Bredolab and specific Zeus botnets, botnet controllers must adjust to the increasing pressure cybersecurity professionals are placing on them. McAfee Labs predicts that the recent merger of Zeus with SpyEye will produce more sophisticated bots due to improvements in bypassing security mechanisms and law enforcement monitoring. Additionally, McAfee Labs expects to see a significant botnet activity in the adoption of data-gathering and data-removal functionality, rather than the common use of sending spam.

Hacktivism: Following the WikiLeaks path Next year marks a time in which politically motivated attacks will proliferate and new sophisticated attacks will appear. More groups will repeat the WikiLeaks example, as hacktivism is conducted by people claiming to be independent of any particular government or movement, and will become more organized and strategic by incorporating social networks in the process. McAfee Labs believes hacktivism will become the new way to demonstrate political positions in 2011 and beyond.

Advanced Persistent Threats: A whole new category Operation Aurora gave birth to the new category of advanced persistent threat (APT)— a targeted cyberespionage or cybersabotage attack that is carried out under the sponsorship or direction of a nation-state for something other than pure financial/criminal gain or political protest. McAfee Labs warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to come under pervasive and continuous APT attacks that go after email archives, document stores, intellectual property repositories and other databases.

please see the full article here

labmice
  • 1,338
  • 1
  • 9
  • 11
2

I see more chat too around:

  • Advanced Persistent Threat from Internal and ALSO foreign states.

  • More focus on industrial control systems (SCADA).

  • A general attention to prevent data leak in all environment (corporate/industry/etc)

  • Watermarking and encryption of sensitive data

  • More control on the CONTENT of data versus the control of the environment.

  • More control and hardening in Network Forensic and lawful interception infrastructure

On the other site:

  • More research on Advanced IPS/NIDS/DPI evasion

  • More research on after break-in Hiding and hiding in industrial system

  • More research on exploitation of SCADA system

  • Progressive increasing know how of SCADA networks protocols and subverting method

  • More research on p2p malware with command&control features and integration with SCADA

just my 2 cents.

boos
  • 1,066
  • 2
  • 10
  • 21
2

IMO People have been saying SCADA will be a major threat for the last decade...

With that being said, I figure it will be very much like 2010 except the media will focus on privacy/data breaches in the first quarter, thanks to Wikileaks.

I also think there will be a bigger push for government regulated compliance in North America, particularly around this whole Cloud thing.

Steve
  • 15,155
  • 3
  • 37
  • 66
2

My top list for emerging:

  • mobility
  • APT
  • hactivism
  • SCADA

'Emerging' depends on what you consider your baseline. I didn't include software security, botnets and social networking because I consider them in the base. Although mobility hacks have been talked about a lot, I see actual hacks increasing from rare to common, so it qualifies as 'emerging'. APT has been around in certain segments (e.g. gov) for awhile but I see it growing in commercial and consumer so I would consider it 'emerging' also. I see some of the techniques discussed above as just variants of APT (which I don't consider to only be a foreign gov issue, criminal networks and hactivists can also use APT techniques).

Scott Pack
  • 15,167
  • 5
  • 61
  • 91
Duncan
  • 503
  • 3
  • 11
1

Pretty certain SCADA will be bigger this year - it has been an issue every year, although only a few get into the papers, but with Stuxnet decompiled and effectively reusable at a lower skill level it is very likely to bite. I am astonished it has not been a major issue before, but there has always been the challenge around localisation - this has been getting easier every year as organisations move more of their SCADA infrastructure onto common platforms but has always kept the bar reasonably high.

This is no longer the case.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
1

Increased targeting of mobile devices. As smartphone adoption increases and people use them to access sensitive data the incentive for black hats to target them will increase. I think that this is especially true since they are exposed much like laptops to risky networks, lack sophisticated protection afforded to desktop os'es, and have much slower/inconvenient patching processes.

Of course I think this has been predicted for the last couple years, but 2011 is going to be the year...

sdanelson
  • 1,267
  • 10
  • 21
1

My belief is that cloud computing will change security. It itself is not insecure, but the availability of resources will change the world.

  • Encryption cracking - cloud computing provides relatively cheap & easy access to computing resources. Anyone in their basement can now "play NSA". Still, many algorithms are sufficiently difficult that this won't be a serious concern. Yet, algorithms are becoming obsolete at a faster than ever pace. Access to such resources will also allow faster research into the weaknesses of such algorithms, allowing the faster discovery of collisions.
  • Network abuse - cloud computing services will continue to struggle against network abuse. Such services provide a breeding ground for DDoS attacks, email-marketing, and darknets.
  • Better application of AI - This will make attacks more intelligent. Not only will malware be more intelligent, but cloud computing will provide the capacity to determine & exploit systematic weaknesses.
ewindisch
  • 151
  • 1
1

Virtualization related threats will maybe start to see practical applications. Most people didn't catch up yet on how easy it is to snoop on other VMs on the same computer, if people are doing sensitive stuff on virtual machines sharing the hardware with strangers there will be tears... Mostly in the way of snooping on SSL/TLS private keys...

Bruno Rohée
  • 5,221
  • 28
  • 39
  • Definitely - we've been testing VM separation issues for 6 years now for global banks etc, but it is only now filtering out into mainstream. – Rory Alsop Mar 30 '11 at 21:02
0

A huge security threat surfacing around businesses deals with the fact that people are not protecting their files -- and they need to! Simply, a Document Management System can protect business and client files from ex employees getting a hold of it OR random people coming into contact with it.

Turning your important files into electronic files (that will be protected under document management software) is the smart thing to do to ENSURE security.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • Think there would be a lot of people disagreeing with turning files into electronic files, however I agree wholeheartedly with the rest of your post. DMS - technical and procedural - done correctly is very powerful. Of course doing it correctly is extraordinarily difficult, especially for a large organisation, as none of the existing DMSs scale suitably for global enterprise... :-) – Rory Alsop Mar 29 '11 at 14:39
  • and - @SallyJo - your 3 posts so far are all a link to the same buyerzone URL. Looks like spam - you may want to rethink your posting style before being removed... – Rory Alsop Mar 29 '11 at 14:48