Happy New Year everyone! To welcome in the new year, Telspace asked two of its Security Analysts what they think the top security predictions for this year are. Here are their responses:
Dimitri Fousekis, Security Analyst / Team Lead
1. Increase in financial security breaches
Dimitri Fousekis, Security Analyst / Team Lead
1. Increase in financial security breaches
For a while, things seemed relatively quiet on the credit card and financial data breach front. However, 2013 ended with a bang when Target was hacked and over 150 million of its clients’ credit card details were stolen.
I believe this trend will continue into 2014, but will take on a new approach as focus is shifted to electronic currencies such as Bitcoin. With the opening of new and more secure Bitcoin repositories (as well as insurance policies for Bitcoin), there will be increased attention from attackers. However, credit cards will definitely not escape attackers’ attention and payment gateways (such as Paypal) will come under fire as well.
2. Backdoors and spying – let the games begin!
With so much recent focus on the NSA and its rather questionable tactics for obtaining data, ascertaining just how far and how deep their reach goes will be highlighted in the coming year. The increased probing will no doubt reveal other spying entities and more backdoors we did not know existed, which will further pressure governments and corporates to take measures in protecting users and their data.
Additionally, it will be the year where corporates will either begin aligning themselves with government agencies by defending them – or drawing very clear lines to distinguish themselves from them. Both strategies will yield interesting and varied results.
3. Malware anyone?
Malware saw its fair share of growth in 2013, but 2014 will be the year we see an increase of malware into embedded systems and consumer hardware.
There are already reports of malware on USB devices, SD cards, etc. and this will continue to grow this year – expanding the realm of where and how malware operates. This will be influenced by both government agency backdoors as well as by increased consumer data and credit card theft as malware moves into the retail/point-of-sale arena.
4. The year of encryption
Again, being driven by the global focus on government spying and countries prying into user data, 2014 will see definite changes in encryption technology, as well as where (and how) encryption is used. It will now become necessary to encrypt data that did not previously require encryption. The introduction of new methods and algorithms into the encryption realm will bode well for the security industry, but this phase will not be free of initial hiccups, resulting in the odd breach, as less mature solutions are implemented initially. Either way, 2014 will see a significant increase in how people protect their data, what data they choose to protect, and who they trust to handle it.
5. Cloud computing – bitter, sweet, and maybe salty
Cloud computing uptake will no doubt increase exponentially this year. The buzzword still has much life in it with regards to what it can offer and companies will drive hard to deliver cloud computing methods in 2014. However, adopting cloud systems comes with its share of obstacles - the new technology will be plagued by new privacy rules, general users will experience a lack of faith due to data being hosted in other countries and territories, and there will be a plethora of new targeted attacks as cybercriminals fight to gain access to these large repositories of profitable, centrally-stored data.
Rhys Mossom, Security Analyst
1. Malware/Ransomware
According to the McAfee Q3 Malware report 2013 there was a staggering 50 million newly identified virus signatures added to their databases. Specifically, there has been an increase in so-called Ransomware, a further rise in botnets, and a higher number of malware targeting Bitcoin wallets. 2014 will see a continued rise in malware development and detection.
Some notable examples are:
I believe this trend will continue into 2014, but will take on a new approach as focus is shifted to electronic currencies such as Bitcoin. With the opening of new and more secure Bitcoin repositories (as well as insurance policies for Bitcoin), there will be increased attention from attackers. However, credit cards will definitely not escape attackers’ attention and payment gateways (such as Paypal) will come under fire as well.
2. Backdoors and spying – let the games begin!
With so much recent focus on the NSA and its rather questionable tactics for obtaining data, ascertaining just how far and how deep their reach goes will be highlighted in the coming year. The increased probing will no doubt reveal other spying entities and more backdoors we did not know existed, which will further pressure governments and corporates to take measures in protecting users and their data.
Additionally, it will be the year where corporates will either begin aligning themselves with government agencies by defending them – or drawing very clear lines to distinguish themselves from them. Both strategies will yield interesting and varied results.
3. Malware anyone?
Malware saw its fair share of growth in 2013, but 2014 will be the year we see an increase of malware into embedded systems and consumer hardware.
There are already reports of malware on USB devices, SD cards, etc. and this will continue to grow this year – expanding the realm of where and how malware operates. This will be influenced by both government agency backdoors as well as by increased consumer data and credit card theft as malware moves into the retail/point-of-sale arena.
4. The year of encryption
Again, being driven by the global focus on government spying and countries prying into user data, 2014 will see definite changes in encryption technology, as well as where (and how) encryption is used. It will now become necessary to encrypt data that did not previously require encryption. The introduction of new methods and algorithms into the encryption realm will bode well for the security industry, but this phase will not be free of initial hiccups, resulting in the odd breach, as less mature solutions are implemented initially. Either way, 2014 will see a significant increase in how people protect their data, what data they choose to protect, and who they trust to handle it.
5. Cloud computing – bitter, sweet, and maybe salty
Cloud computing uptake will no doubt increase exponentially this year. The buzzword still has much life in it with regards to what it can offer and companies will drive hard to deliver cloud computing methods in 2014. However, adopting cloud systems comes with its share of obstacles - the new technology will be plagued by new privacy rules, general users will experience a lack of faith due to data being hosted in other countries and territories, and there will be a plethora of new targeted attacks as cybercriminals fight to gain access to these large repositories of profitable, centrally-stored data.
Rhys Mossom, Security Analyst
1. Malware/Ransomware
According to the McAfee Q3 Malware report 2013 there was a staggering 50 million newly identified virus signatures added to their databases. Specifically, there has been an increase in so-called Ransomware, a further rise in botnets, and a higher number of malware targeting Bitcoin wallets. 2014 will see a continued rise in malware development and detection.
Some notable examples are:
• Pony Botnet - Botnet and bitcoin thief
• Prison Locker - Ransomware
2. Mobile devices
With the new culture of Bring Your Own Device (BYOD) comes a myriad of security concerns that are currently being faced and addressed. The RSA Europe conference last year postulated that there would be a dramatic rise in Ransomware infecting mobile phones, and a more recent announcement by McAfee reiterated this claim.
Additionally, companies are now faced with the problem of company personnel bringing in personal cellular access points, often bypassing company security policies and transmitting sensitive data over an unsecured, out-of-band channel. This adds to the list of vectors an attacker could pursue.
3. Cloud storage
There has been a great rise in companies opting for the use of cloud storage solutions, as they require less maintenance and generally give the impression of being more secure. However, one of the consequences of businesses moving away from centralised data storage is often that less energy is spent ensuring the client side is secure. For this reason I believe we will be seeing more attacks on both cloud storage centres, and an escalation of man-in-the-middle attacks on the client side.
4. Irresponsible disclosure
Within the last four years we have had some pretty notable irresponsible disclosures of vulnerabilities. Within the industry of ethical hacking and cyber security in general there is a lack of public understanding as to what ‘responsible’ disclosure should entail. To name some of the recent debacles that have resulted due to the act of irresponsible disclosure in chronological order:
• Julian Assange – WikiLeaks
2. Mobile devices
With the new culture of Bring Your Own Device (BYOD) comes a myriad of security concerns that are currently being faced and addressed. The RSA Europe conference last year postulated that there would be a dramatic rise in Ransomware infecting mobile phones, and a more recent announcement by McAfee reiterated this claim.
Additionally, companies are now faced with the problem of company personnel bringing in personal cellular access points, often bypassing company security policies and transmitting sensitive data over an unsecured, out-of-band channel. This adds to the list of vectors an attacker could pursue.
3. Cloud storage
There has been a great rise in companies opting for the use of cloud storage solutions, as they require less maintenance and generally give the impression of being more secure. However, one of the consequences of businesses moving away from centralised data storage is often that less energy is spent ensuring the client side is secure. For this reason I believe we will be seeing more attacks on both cloud storage centres, and an escalation of man-in-the-middle attacks on the client side.
4. Irresponsible disclosure
Within the last four years we have had some pretty notable irresponsible disclosures of vulnerabilities. Within the industry of ethical hacking and cyber security in general there is a lack of public understanding as to what ‘responsible’ disclosure should entail. To name some of the recent debacles that have resulted due to the act of irresponsible disclosure in chronological order:
• Julian Assange – WikiLeaks
• Edward Snowden – NSA
• Moe1 - E-Toll System
• A recent disclosure by a reputable firm of ethically suspect hacking ‘how-tos’ that relate directly to financial and government institutions.
5.Greater migration of users to decentralised web content
Even with the recent bust of Ross William Ulbricht from the infamous Silk Road (an online store where a customer would be able to trade illicit drugs globally or even hire the use of professional hitmen), the idea of a decentralised anonymous internet certainly appeals to many people and shall continue to attract illicit and depraved activity.
Well thats it from our 2 analysts, on behalf of everyone at Telspace Systems we hope you have a great 2014 year!
Even with the recent bust of Ross William Ulbricht from the infamous Silk Road (an online store where a customer would be able to trade illicit drugs globally or even hire the use of professional hitmen), the idea of a decentralised anonymous internet certainly appeals to many people and shall continue to attract illicit and depraved activity.
Well thats it from our 2 analysts, on behalf of everyone at Telspace Systems we hope you have a great 2014 year!
No comments:
Post a Comment