IT security trends in 2013

Dell SonicWALL thought leaders identify top IT security drivers for the year ahead

Abstract:
The commoditization of the cloud, widespread adoption of mobile devices as replacements for computers, and the growth of Bring Your Own Device (BYOD) in the enterprise give rise to a security landscape that is significantly different than what IT departments have traditionally encountered. Threats are more dynamic, more diverse, and more costly in their repercussions. Thought leaders at Dell SonicWALL have taken a high-level assessment of this evolving landscape and identified the top trends to factor into IT strategy development in 2013. The key trends identified are examined below.

Greater efficiency on the part of malware authors combined with the difficulty of timely system patching will lead to a rise in zero-day exploits this year. Many of these zero-day exploits will be found in cross-platform technologies like Java and Flash, which saw the largest number of successful exploits in 2012.

Botnets gain more sophistication

High-profile takedowns of botnets in recent years have encouraged the development of more sophisticated command-and-control (CnC) systems. In 2012, we saw botnets implement peer-to-peer (P2P) CnC to avoid the possibility of a coordinated takedown or takeover of the botnet. The rise of widely accepted and anonymous virtual currencies like BitCoin gave incentive to botnet controllers to use the vast processing power under their control in an effort to mine BitCoin for financial gain. Botnet operators also used Googles document service as a proxy for CnC operations. Googles document viewer enables users to view documents in the browser rather than saving and opening them in dedicated programs. Botnet operators use this service as a proxy to communicate with the CnC servers, effectively cloaking the communication between itself and the CnC servers. The use of encrypted communication makes it difficult for network security solutions and analysts to identify the type of information being exchanged. Because botnets continue to provide high value to their operators, we expect to see more sophisticated CnC operations emerge this year.

Exploits become more agile

The profitability of malware continues to drive cybercriminals to become more agile, not only in their exploitation of security holes, but in their business models. Sophisticated malware developers have created and packaged exploit kits that allow easy access to malware deployments. Accessible, well-managed underground marketplaces mean malware is easier to deploy than ever before, and exploit kits such as Blackhole are available as a hosted service, effectively bringing the SaaS model to malware. Further, the success of Blackhole as both a standalone and hosted service has given rise to similar exploit kits like Cool and ProPack. The past year also saw malware authors make great strides in evading detection. Again, the Blackhole exploit kit leads the pack in implementing several sophisticated methods to avoid detection. Blackhole 2.0, released in mid-2012, included several new features to this end (e.g., dynamic URLs for exploits and payloads; loading an exploit only if targeted vulnerabilities are found; automatic domain switching; traffic blocking; and antivirus detection information). Support for Windows 8 and mobile platforms as targets was added to the kit as well, making exploit kits a potent force for distributing malware using zero-day exploits.

Ransomware on the rise

Cybercriminals have adapted to growing user awareness of scareware scams, such as fake anti-virus software, and have seen recent success in spreading ransomware, which locks computers and encrypts data until a ransom is paid.

2012 saw profitable ransomware attacks in Russia and parts of Europe, and this year will see ransomware spread globally. We also expect that ransomware authors will target specific organizations where downtime is especially costly, raising the stakes for the target and the payoff for the criminals

Non-traditional platforms targeted

For many years, malware has been largely directed at computers running Microsoft Windows operating systems. With the spread of mobile devices, tablets, and computers that run other operating systems such as Apple iOS and OS X and Google Android, attacks targeted toward these platforms will continue to increase. These non-traditional platforms will become prime targets for malware because of the spread of Near Field Communication (NFC) and other mobile payment systems that will allow hackers to exploit these platforms for financial gain. Malware developers will continue to target the approved app stores for mobile platforms, and this year will see the emergence of malware on non-rooted and non-jailbroken devices. In the case of two major mobile platforms, Android and iOS, malware programs have made it into their respective app stores, and even some popular applications have been criticized for siphoning user data without the users consent. The high level of trust that people place in applications downloaded from official app stores, combined with the fact that much system activity is deliberately hidden from users of mobile applications, mean that there is significant motivation to deliver malware to stock mobile devices without them being rooted or jailbroken first.

As mentioned earlier, because so much system activity on mobile devices is hidden from users, and because people now trust their device to hold a wide array of personal data, we expect to see exploits targeting NFC capabilities on mobile devices rise in 2013. These exploits will be designed to perform everything from petty theft to the compromise of financial data and corporate espionage, owing to the demonstrated weaknesses in many current NFC implementations.

Industry convergence and consolidation

As the financial impact to companies of breaches in information security continues to grow, so has spending on security technology, from traditional firewalls and anti-virus products to specialized products aimed at mobile security and policy compliance. This security landscape has led to the creation of a number of niche players in network security that are seeing success offering specialized security products and services. At the same time, security software and appliances continue to offer expanded functionality in a single package to meet the needs of organizations who want comprehensive network security across a range of devices and environments. As a result, large security vendors will continue to acquire successful niche companies to integrate their specialized offerings into existing product lines. And as existing firewalls and specialized security appliances are scheduled for replacement, they will be replaced with devices that integrate a range of security functionality into a single device.

NFC becomes a prime target

NFC capabilities are built into more smartphones and other mobile devices to allow users to share photos, contacts, and links with one another by holding their devices in close proximity to one another and performing an action, often tapping, to share content. NFC is also being touted as a convenient method of payment, allowing people to pay for purchases directly from their device, and without exposing their credit cards to skimming. However, in 2012 we saw demonstrations of how NFC can be used to hijack devices to steal information or to install malware. NFC attacks can be used to redirect the devices browser to a website hosting malware, or can be used to monitor web browsing activity or keystrokes, siphon user data, and even record audio and screenshots.

BYOD drives network access control

As the BYOD trend continues to grow unabated, with employees using their own mobile phones, tablets and computers to access enterprise network resources, the need for network access control (NAC) will continue to rise. BYOD makes a compelling business case for NAC products, and analysts predict the market for these products will continue to grow in 2013. Because mobile devices will become an increasingly important target for malware, IT departments must find a way to balance the benefits of BYOD with the protection of company data, and they will turn to NAC products to accomplish their goals. Specialty NAC products will see increased sales, and, as a result of the industry consolidation we expect to see, NAC features will be introduced into other security products by the major vendors.

Social media remains a prominent malware vector

With over a billion users globally, social media will continue to be an important vector for malware delivery. The variety of social media platforms like Facebook, Twitter, LinkedIn, and Google+ provide fertile ground for malicious parties to deliver malware and steal personal data. Because social media users often trust links and applications shared by friends, the compromise of a single user account on a social media platform can yield many additional accounts from which to launch attacks. Integration between social media platforms, as well as the common practice of using a single password to access many different sites, means that an attacker who gains access to a persons Twitter account can often gain access to their entire online life, including other social sites, email accounts, and financial data. Some high profile cross-media identity theft cases occurred in 2012, and even with ongoing education about how to identify and avoid malware spread via social media, the sheer number of people using social networks ensures that malware authors will continue to target them.

Cyber attacks target infrastructure

Highly sophisticated, targeted malware, such as Stuxnet, Flame, and Gauss, demonstrated the power of malware in damaging infrastructure and conducting electronic espionage in 2012. Saudi Aramco spent significant time and energy restoring its network after a targeted malware package called Shamoon stole data and wiped computers, even where those computers were not connected to the Internet. In addition, spear phishing rose in 2012. The past success of targeted malware and spear phishing attacks in disrupting operations and stealing data will drive future attacks. We expect to see much more sophisticated attacks from nation-states, terrorist organizations, and criminal organizations with the resources to develop and deploy targeted malware that evades detection. Soft targets, such as power and water plants, are likely targets for this brand of cyber terrorism.

Emergence of the hardened mobile OS

As we described earlier, mobile operating systems will become increasingly important targets for malware authors seeking to exploit these devices for anything from information and identity theft to financial gain. With mobile malware becoming a serious security risk even for non-rooted and non-jail broken devices, enterprises will begin to demand hardened versions of mobile operating systems to help protect sensitive data. Expect to see specialty vendors emerge to offer secure versions of mobile operating systems like Android that use a combination of industry standard and new, innovative methods of hardening mobile operating systems to reduce the attack surface of these devices.

Copyright 2013 Dell Inc. All rights reserved. Dell SonicWALL is a trademark of Dell Inc. and all other Dell SonicWALL product and service names and slogans are trademarks of Dell Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective owners. 01/13 DellSW 0392