Top 5 Enterprise Threat Predictions for 2014
- Ransomware for the enterprise
- Compromised clouds
- Advanced mobile phishing tactics
- APT’s focus on mobile
- Mobile device linked to major compromise
When thinking about cyber-security and looking back over the years, there is a clear and unfortunate trend which doesn’t show any signs of slowing. The trend is that year over year, more and more cyber-attacks occur while at the same time, the sophistication of attacks continues to evolve. Additionally, a matured cyber-crime as a service (CCaaS) ecosystem has enabled practically anyone to get involved. Combine this with the growing cost of defenses and the reality that many solutions are only somewhat effective and you can see that the feasibility of cyber-security is, well, getting farther and farther way.
Now, I could go into the various factors which are causing this losing battle, such as societies overwhelming desire to pick convenience over security, or the mentality that, ‘it will never happen to me;’ but I’ll save that for another blog. Instead, I’m going to consider the cyber-security events from the past few years and predict the top 5 threats enterprises are likely to face in 2014.
First, I should note that these predictions are not ordered or ranked in any way, they are simply 5 enterprise focused security events you will likely read about next year along with my supporting reasons for the prediction. So let’s get started!
Prediction # 1 – Ransomware for the enterprise
Early in 2013, a new type of ransomware, self-named Cryptolocker, was discovered which included a few very significant and very frightening changes. Unlike older ransomware, which would store the decryption key within the executing binary, Cryptolocker stores the encryption key in their C&C server network and with each new infection, a new key is used. This makes it next to impossible to decrypt files modified by the infection. The other big change is that Cryptolocker doesn’t give you a lot of time to pay the ransom, often around $300, with only 72 hours to comply before the decryption key is destroyed. These tactics have made Cryptolocker the most advanced and most aggressive ransomware discovered to date, however Cryptolocker’s focus remains primarily on individual users which is evident by the distribution tactic of spam email.
Based on Cryptolocker’s tactical advancements and success, it is only a matter of time before an enterprise becomes the target of a similar form of attack. Many people are gladly handing over $300 to regain access to their personal files, imagine what an enterprise would pay to restore its data. My guess is at least, in my best Dr. Evil voice, 1 million dollars!
Prediction # 2 – Compromised clouds
While cloud infrastructure has been around for a while, 2013 saw very widespread adoption as companies looked to save money and to run more efficiently. While the cloud has a number of benefits, additional security isn’t always one of them and not are all clouds are equal. In cases where companies are opting for public cloud infrastructure, they trust the security measures put in place by the cloud hosting service. This basically extends the attackable surface, increases vectors for attack and reduces the overall control a business has to prevent an attack. Of course, there is the option for a private cloud, but for most this option is too expensive and/or overkill for their needs.
As utilizing cloud services becomes the new norm, it will also become a more ideal target for cyber-crime and attack. Consider, if you successfully compromise a cloud hosting provider, you likely gain access to all data within which would include that of dozens if not hundreds or even thousands of companies.
Prediction # 3 – Advanced mobile phishing tactics
Phishing isn’t new by any means, however the utilization of this attack vector continues to grow at record pace while the tactics used continue to evolve. In 2013 we saw new innovative attacks involving the human experience, either over the phone or in person. Waterhole attacks which identify and compromise websites likely to be visited by the primary target. And mobile attacks ranging from phishing SMS messages to rogue and misleading advertisements. Then, of course, there is the mass of phishing spam email contrasted by the ultra-precise spear-phishing attack. The trouble is, phishing attacks are so effective because they pay especially close attention to the human experience and our desire to trust someone we know. When aimed at an enterprise, all an attacker has to accomplish is tricking one individual and research has shown it only takes about 15 targets for this to be guaranteed.
But what about mobile? As today’s workforce continues to shift to mobile devices and platforms, so will the tactics used by attackers. Mobile is a ripe target for attack as the user experience is focused on convenience over security. Combine this with the one touch access and lack of authentication and it is easy to see why I predict new advanced phishing tactics aimed at compromising mobile devices.
Prediction # 4 – APT’s focus on mobile
2013 saw a massive migration to smartphones and mobile OS’s as well as widespread adoption of BYOD; and the cyber-crime community definitely took notice. This past year, Webroot’s mobile research team discovered over 1 million malicious Android apps which is over 1000% growth from the previous year. But compromising a mobile device doesn’t have to start with an app. We’ve seen recent website hacks only modify pages for mobile devices, a tactic avoid detection, but also evidence that mobile is becoming a primary focus. Additionally, there have been numerous new mobile related services popping up in underground markets. Services range from SMS flooding, malicious app creation, mobile botnet building tools and even, and most disturbing, trusted developer credentials which can be used to post apps to major app markets like Google Play.
Because mobile devices contain so much information and very little security or authentication, they will increasingly be the focus for attacks. When considering the planning that goes into today’s APT backed attack, it only makes sense that highly organized cyber-crime gangs and/or state launched attacks will target mobile devices as part of their future attacks.
Prediction # 5 –Mobile device linked to major compromise
My final prediction again relates to mobile, and the reasons are largely expressed in the previous two predictions. There is a clear trend for the adoption of personal mobile devices in the workplace but it isn’t being matched with employee education, policy or security. The reality is that BYOD can be done correctly when four key areas are secured. These are app protection, web protection, data protection and device protection. By securing these areas, personal devices can be used for personal use and also safe to connect to the corporate network.
The trouble however, is that most enterprises are allowing BYOD without proper planning, education or policy in place. This lack of regulation combined with lacking security features for mobile devices will eventually lead to a major compromise.
So, what can your company do to stop these threats? Well, employee education to drive awareness of the types of attacks and their consequences is a good first step. Security solutions have also advanced with better threat awareness, and in Webroot’s case, are harvesting the power of crowds in the cloud to rapidly identify the newest threats. For more information, feel free to shoot me an email at gmilbourne@webroot.com or visit our website at http://www.webroot.com/.