Director of Websense Security Labs Jeff Debrosse spoke with Securebuzz about the Websense 2014 Security Predictions Report.
1. Advanced malware volume is decreasing.Data and overall behavior indicates a Bell Curve of usage. Once an attacker determines the most effective way of achieving targeted results, s/he becomes more streamlined in the approach.
There’s also repurposing of code, making more variants than unique forms of malware.
2. A major data-destruction attack will happen.
Expect to see a nation-state or cybercriminal group destroy critical data during a breach next year. Ransomware will play a part this trend.
Another tactic is to sell the data back to the owner. It’s easier to encrypt the data than to sell it elsewhere. Cryptolocker is within reach, so now it’s a volume game of $100.
What about backups? Doesn’t everybody back up their data into another cloud?
“Yes, however among those who backup, recovery is seldom tested,” Debrosse said. “Validate your backup is unencrypted. Some snapshots may have backup-encrypted data. What is the time frame when the encryptions attack occurred?
3. An attack on cloud backups will occur.
Once someone knows the clear path to the data, it’s easily captured.
The other challenge is not all cloud storage vendors are equal. It’s up to the customer to demand who’s doing the encryption. Never assume it’s being done correctly. It’s like backups – test restoration.
4. The exploit kit market is becoming more competitive.
“Nature abhors a vacuum, and with the arrest of some cyber criminal gangs, other exploit kit vendors are vying for market share,” said Debrosse. “We’re picking up the numbers of exploit kits. Black Hole is no longer number one, so this makes sense. The same thing happens in any market.”
5. Unpatched java still poses a major risk.
“The sheer number of under patched systems is unfortunately rather large. And we don’t see rapid adoption of new versions. It’s a concern, because those systems are exposed to very well know exploits. Not patching leaves your systems open to vulnerabilities.”
6. Attackers are focusing on executives.
Social networking and targeted email are the social engineering methods.
For example, a link takes the user to a dating for older gentlemen site. Once the executive connects with that individual the new connection can see everyone in his or her circle, as well as his or her interests.
7. Data exchange chain weakest link remains the favorite target.
There’s no reason to expect this decrease. Sub-contractors will be targeted in efforts to penetrate larger, better defended organizations. It’s a very low-tech way of getting into the larger networks.
8. Mistakes will be made in offensive security, due to mis-attribution of an attackers’ source.
“Unfortunately I don’t get to this topic in private meetings,” Debrosse said. “There is this ripple of a sense of security. If private organizations think they can – without a doubt – get 100% confidence in their security posture, they have no real measure of how effective the attack is.”
What is the collateral damage? Is it BGP updates? Router table? Is it performing a DDOS of an address that supports other circles? It’s difficult to ascertain where the attack originated.
Failure to accurately identify a cyber-perpetrator could result in an innocent organization being caught in the crossfire.
Even when data is stolen, the best defense is the thieves possess a useless amount of hashes or encrypted information.
Editor’s Note: This article initially appeared on our security-focused partnerSecureBuzz.ca, and is republished with permission. Check out SecureBuzz.ca for full coverage of Canadian IT security issues.