The next in our series of 2012 predictions posts comes from beautiful Gulf Breeze, Florida. Read on to see what AppRiver Senior Security Analyst Fred Touchette has to say about IT security trends in the New Year.
Courtesy of Fred Touchette, AppRiver senior security analyst:
Analyzing malware, cybercriminal activity and the Dark Market for a living can certainly make one a bit jaded, and perhaps a little suspicious of anything and everything digital. I am no exception to this rule.
The past decade has seen both the birth and the rapid growth of computer viruses, which ultimately formed an industry much like that of the legitimate business world. The Dark Market has its fair share of large organizations and self-starters, with the common goal to make money. Or, perhaps I should say take money.
Throughout the years, cybercriminals’ techniques have ranged from emails designed to phish personal information off of victims to highly technical programs that hide from their targets and siphon critical data without anyone being the wiser. I certainly don’t mean to scare people or hold up the “Abandon Hope All Ye Who Enter Here” sign, more so, I want everyone to be aware of the threats that are out there, what the bad guys are planning, and how to remain safe from digital threats. With a bit of vigilance and a dash of common sense, you can avoid becoming the next victim.
Here are a few things to watch out for in 2012.
• 2012 Prediction #1 - Mobile Malware
Flip phones and other minimal-use phones are going the way of the dinosaur slowly but surely, and Smartphones are taking their place. In addition to the Smartphone, we’re also seeing tablet devices dotting the mobile landscape. Everything that a person once needed a computer to do can now easily be done on a mobile device. Whether it’s surfing the Web, social networking, gaming, or email, mobile malware has a growing number of possible infection vectors that will most certainly make their way out of the “Proof of Concept” realm and more into the mainstream. Platform specific malicious texts have already started making the rounds, as have malicious Apps within various App markets.
Mobile malware will continue to rise with increased threats targeting functionalities, such as exploiting browser vulnerabilities of those who are surfing the Web, sending malicious links within emails, and continuing to exploit vulnerabilities vis-a-vis old tried and true methods. The more tablet devices that steer owners into making streamlined purchases through company-specific stores, such as iTunes or Amazon, the more likely it will become full of account numbers and private data. The type of information Black Hats are specifically after.
• 2012 Prediction #2 – More Social Engineering
No amount of equipment, gear, or money can stand in the way of what will likely remain the weakest component of any and all security systems – the human factor. Humans are notoriously trusting and maintain an underlying desire to help others in need. And, that’s why we remain easy targets.
Thankfully, the population at large is beginning to understand digital scams for what they are and have become wiser for it. Unfortunately, this level of general understanding has created stronger demand for more sophisticated threats. Custom crafted and multi-vectored social engineering attacks will continue to evolve and wreak havoc on victims, and certainly won’t be limited to botnet-borne, mass-mailed password phishers.
• 2012 Prediction #3 – Social Networking Scams
A few years ago, the social network was a niche offering for technophiles. Today, nearly everyone has a Facebook account, if not several social networking accounts hosted on different sites. Since people and their money are established targets, cybercriminals will continue to go where the people are. Facebook and Twitter will remain popular sites to host malware campaigns posing as messages from “friends”. The ability of shortened URL services to make the final destination of these links unclear will also aid in the effectiveness of malicious campaigns.
• 2012 Predictions #4– Targeted Malware
Everyone is likely familiar with the infamous Stuxnet Worm, which originated from a very complex piece of code designed specifically to get onto the air-gapped network of Iran’s nuclear enrichment facility, seek out certain pieces of equipment and alter its processes ever so slightly in order to botch Uranium enrichment processes. Less people may be aware of Stuxnet’s cousin, Duqu which shared code with Stuxnet and masqueraded as a Microsoft Word document targeting roughly eight different countries in the same area of the world. These incredibly complex pieces of malware made their way to specific targets with incredible swiftness and accuracy. There’s no doubt that this type of attack, whether it be government sponsored or otherwise, will remain at least as prevalent if not more so in 2012.
• 2012 Predictions #5 –Hacktivism
Groups such as Anonymous and LulzSec gained a lot of notoriety in 2011. Because of the highly publicized events from these two groups, we are sure to see copycat groups attempt similar acts. Whether they claim to be in the interest of the people, cause mischief, or a confused blend of both, major corporations or entities will likely be targeted. SQL injection has often been the technique of choice for data theft or Web defacements made in the name of hacktivism. It will be important for companies to fortify their databases and Web applications in order to better protect customers and clients.
In Closing
Cybercrime, unfortunately, is not going anywhere since we increasingly rely on technological advancements for convenience and entertainment. I dread the day when my toaster routinely checks for updates on the Internet and accidentally pulls down a virus that’s programmed to burn my toast every morning. Or the day when the morning news displayed on my bathroom mirror is replaced with some sort of quasi-political message due to cyber shenanigans. The best thing we can all do is to watch our steps, keep our software up to date, use layered security, and keep it safe out there!
Tags:
2012 IT security trends,
AppRiver,
Fred Touchette,
IT security
Posted by Tiffany Darmetko on December 9, 2011 at 10:26 AM
| TrackBack (0)
Everywhere you turn, someone is using his or her smartphone. Whether you’re addicted to your BlackBerry or you can’t live without your iPhone, smartphones are taking over the mobile world. Browsing through mobile applications has become part of the smartphone culture; we look for an app that will make doing XYZ a little easier in our lives. However, unsuspecting consumers need to realize that mobile applications are one of the greatest threat vectors for smartphones.
“Smartphones are appealing to cybercriminals because they contain vast amounts of data and are always connected to the Internet,” said RSA panelist Joseph Opacki during one of the conference's Wednesday discussions on mobile security. While the smartphone works to make our lives easier, it’s also coincidentally making the life of a hacker easier, too. Mobile devices are garnering momentous attention from the cybercriminal community and now security experts understand why.
A director of cyber security intelligence at an IT services and solutions consulting firm, Adam Meyers, agreed that mobile web browsers and operating systems contain vulnerabilities that could be exploited for malicious purposes. Users may begin to encounter malware that exploits these weaknesses via drive-by-download on mobile web sites.
Among other things, one of the main reasons consumers are so addicted to their smartphones is unlimited accessibility to email. This is certainly something to think about the next time you’re scrolling through your inbox and see an email from an unknown sender. During a cyber espionage session at RSA on Thursday, Mikko Hypponen told audience members that, “Almost all targeted attacks happen via email, though some occur during the use of online chat services or web-based exploits. These emails are actually created and sent by attacks; they contain code to trigger exploits that open backdoors on affected systems.”
McAfee CTO George Kurtz made a valid point during his keynote while discussing malicious codes and whether security checkpoints will always stop them before any real damage is made. “If you download something from an app store, are you assuming it is okay? When do Apple or Google have time to go over three million apps with a fine tooth comb?” Based on these ideas, can we start see the world of mobile app scanning take off? Is this really the next step in the fight against targeted attacks?
Tags:
cybercriminals,
cyberthreat,
malware,
mobile apps,
mobile device,
mobile security,
security,
smartphone,
vulnerabilities
Posted by Katerina Korfias on February 18, 2011 at 12:59 PM
| TrackBack (0)
Today is the first day of the 2010 Black Hat Conference speaking sessions. Among the line-up of anticipated talks surrounding wireless security (specifically that of WPA2), mobile device security and ATM vulnerabilities, there is a slew of additional sessions that are bound to make some noise.
One of the noise makers is likely to be the session exploring how to intercept cell phone calls. Some interesting rumors of lawsuits caused eyes and ears to turn toward AT&T, but the company cleared the air, saying it will not interfere with the demonstration.
Although often passed up for obtaining credit card information, counterfeit checks are not a thing of the past. Although you may find yourself having flashbacks to the movie “Catch Me If You Can,” a discussion on how Russian hackers obtained images of checks from a number of retailers and other businesses is a high-tech version of the old story. A quick summary: Russian hackers found a way to utilize technology to make this low-tech crime even more dangerous. They have not yet been caught.
There will also be exploration into weaknesses of SSL, used by websites to protect data. One session on this topic will explore how to attack storage mechanisms to tamper with a SSL session. Another SSL presentation will focus on results of a study that analyzed SSL use to document configuration errors, which weakened thousands of websites.
There will also be discussion surrounding web application security, particularly as it applies third-party code, which includes such items as widgets, applications and advertising modules, all of which are very popular on web applications. These applications are meant to provide additional functionality for the user, but security implications across a variety of industries—including healthcare and finance—could result in infected users.
SEO has been a topic of growing importance for many companies over the past few years. With this in mind, it only makes sense that hackers want to jump on the bandwagon and will utilize SEO to push out malware. Taking a look ahead to DefCon, researchers will show just how important SEO has become to the “malware pushers.”
Check back in tomorrow for a recap of the Day 1 sessions and what we can expect for Day 2.
Tags:
ATM vulnerabilities,
Black Hat,
counterfeit checks,
DefCon,
malware,
mobile security,
SEO,
weaknesses of SSL,
web application security,
WPA2
Posted by Kristin Forte Allaben on July 28, 2010 at 9:09 AM
| TrackBack (0)
This year's Black Hat conference is considered to be the most popular to date, and tomorrow marks the first of two days of speaking sessions.
For those of you who participated in the Black Hat Challenge, you are aware that there are many sessions to choose from, and little time to see them all.
One of the most anticipated sessions is the Barnaby Jack ATM scams, which was mentioned in yesterday’s post.
But beyond ATM scams, there is a trend we’re seeing in sessions: mobile security. As I mentioned yesterday, IDC forecasted that the number of mobile workers will exceed one billion by the end of 2010. From a corporate perspective, enterprise network can be open to a number of vulnerabilities stemming from the use of a mobile device. From a consumer perspective, people can fall victim to various malware triggered by bugs in the device. For example, one of the anticipated Black Hat sessions will illustrate to attendees that the A5/1 encryption algorithm used by carriers such as T-Mobile and AT&T is weak and can be easily broken, something spies and security geeks alike have known for some time.
Jeff Moss, founder of Black Hat, explained that for many people, seeing is believing; unless people can literally see what’s possible when it comes to security threats and attacks, they won’t believe it. This specifically applies to corporate decision makers as they need to [visually] understand what is technically possible before they can make informed decisions regarding security.
But what it comes down to is this: no one can predict what the big news will be from Black Hat since there is always a wildcard, as Bob McMillan notes. With so many sessions in the queue and such an array of personalities in the same space, you can never quite tell what the news will be.
Tags:
ATM scams,
Barnaby Jack,
Black Hat,
encryption algorithm,
mobile security,
mobile workforce,
security attack,
security threat
Posted by Kristin Forte Allaben on July 27, 2010 at 11:06 AM
| TrackBack (0)
As speakers and hackers gather in Vegas for the 2010 Black Hat conference, there are many topics on people’s minds.
In much of the pre-show articles, there has been talk about cloud security, a topic that seems to resonate throughout security conferences this year (see previous post on RSA 2010). There is also discussion on wireless security, particularly as it pertains to mobile devices. This is most definitely an area of increasing importance as IDC forecasted that the mobile workforce would exceed one billion by the end of 2010, potentially bringing to light new security implications for enterprise networks.
Most prominently over the last few days has been discussion of the vulnerability within WPA2, currently the strongest form of WiFi encryption and authentication. The vulnerability, identified as “Hole 196," lends itself to man-in-the-middle attacks.
We can also expect to hear about:
It appears, however, that the most highly anticipated session surrounds Barnaby Jack’s research into ATM vulnerabilities. As some may recall, this talk was canceled last year due to pressure from ATM vendors. Similarly, this year, a session entitled “The Chinese Cyber Army: An Archaeological Study from 2001 to 2010” was canceled due to outside pressures.
On a fun note, Black Hat attendees will also be participating in the Pwnie Awards, which recognize extreme excellence and incompetence in the field of information security. Some categories include Best-Server-Side Bug, Best Client-Side Bug, Most Overhyped Bug and Lamest Vendor Response.
For those of you preparing to head out to Vegas later this week for the array of speaking sessions, take the Black Hat Challenge. What one session would you attend?
Tags:
ATM vulnerabilities,
Barnaby Jack,
Black Hat USA 2010,
cloud security,
DNS rebinding,
hackers,
Hole 196,
Microsoft Security Response Center,
mobile workforce,
VPN security
Posted by Kristin Forte Allaben on July 26, 2010 at 9:49 AM
| TrackBack (0)
