CAIRO, Egypt, 7th January, 2016:
2015 was a memorable – although not a devastating – year for cyber
security. We witnessed less widespread, panic inducing vulnerabilities
in 2015 than in years past; while 2014 will go down in the security
history books as the year of Heartbleed, ShellShock and point-of-sale
malware, 2015 was comparatively tame. However, trends like the Internet
of Things (IoT) and cloud networking did generate a host of new threats.
Researchers revealed attacks that could compromise connected devices
such as cameras, cars and rifles. Stagefright was at the top of the list
of mobile security risks, allowing malicious users to exploit Android
devices simply by sending a malicious MMS message. It is important for
IT professionals and security specialists in Egypt to understand
emerging threats in 2016 so that they can protect against them.
With the blurring of
network boundaries and the increasing number of connected devices, A10
Networks predicts even more attacks and vulnerability disclosures in
2016. Glen Ogden, Regional Sales Director, Middle East at A10 Networks
provides insights into the top 5 security predictions for 2016 along
with advice for organizations in the country to protect against these
threats.
Security Predictions: #1 – Attacks Hidden in SSL Traffic Will Exceed Attacks in Clear Text
Over the past few
years, SSL encryption has become all the rage for both application
owners and hackers and for good reason. Encryption improves security by
providing data confidentiality and integrity. Unfortunately, encryption
also allows hackers to conceal their exploits from security devices like
firewalls, intrusion prevention systems and data loss prevention
platforms. Some of these products cannot decrypt SSL without degrading
performance, while others simply cannot decrypt SSL traffic at all
because of their location in the network. Today, encryption accounts for
roughly one-third of all Internet traffic, and it’s expected to reach
two-thirds of all traffic next year when Internet powerhouses like
Netflix transition to SSL. As a result, encrypted traffic will become
the “go-to” way of distributing malware and executing cyber attacks
simply. Whether sharing a malicious file on a social networking site or
attaching malware to an email or instant message, many attacks will be
cloaked in SSL. On top of this threat, movements like “Let’s Encrypt”
make it even easier for hackers to generate SSL certificates to sign
malicious code or to host malicious HTTPS sites. To counter the threat
posed by SSL encryption, organizations can decrypt and inspect inbound
and outbound traffic for cyber attacks. A dedicated SSL inspection
platform enables third-party security devices to inspect encrypted
traffic and eliminate the blind spot in corporate defenses.
Security Predictions: #2 – IoT will gain notoriety as both an attack target and an attack source
With the continued
rapid growth in the Internet of Things (IoT), we expect to see an
increase in both the number and severity of active exploits of connected
devices. Analysts predict that there will be over 5 billion connected
“things” by the end of 2016, and as the number of devices leveraging
personal information grows, we’ll start hearing about exploits targeting
consumer-oriented IoT devices. This will lead to more vocal advocacy
for consumer protection through government regulation, or more likely,
industry-driven mandates similar to those defined by Payment Card
Industry Data Security Standard (PCI DSS).
IoT-specific threats are exacerbated by a number of factors:
- The number of connected “things” is outpacing the ability to secure them.
- Many devices have little to no security built in.
- There is no formalized process for securing IoT devices.
- An increasing number of devices provide access to personal information.
- Meeting demand for capabilities will continue to be a higher priority than security
For those looking for
more information about IoT threats and mitigation, resources are
available. The OWASP Internet of Things Project has identified the top
attack surface areas of vulnerability for IoT devices and has issued the
following recommendations, as well as specific guidance for testing and
security to manufacturers. They also recommend that consumers take the
following steps to protect themselves from IoT-related threats.
Security Predictions: #3 – Attackers will target mobile app vulnerabilities
2016 will see a
continued rise in the number of attacks targeting mobile devices –
something that probably won’t come as much of a surprise to anybody. But
the scope of the problem and the potential for damage will. The sheer
volume of mobile devices, the amount of malware (20 million apps by the
end of 2016, according to Trend Micro),
and the inherent vulnerabilities present in even legitimate mobile apps
means that a major breach is bound to happen, potentially on a massive
scale.
To put it into
perspective, Cisco recently released an advisory about a vulnerability
in its WebEx for Androids app. This particular flaw leaves the app
vulnerable to an exploit that could allow a secondary malicious app to
acquire the same permissions as the WebEx application. Typically, an app
will ask for permissions, effectively tipping the user to its intent.
But by exploiting this vulnerability, the app can gain access without
any notification. And with millions of potential targets (as many as 5
million may have downloaded the app), it’s only a matter of time before a
vulnerability like this results in a major incident. Fortunately, at
this time there are no reports of this particular exploit resulting in a
breach. Additional threats exist in spear phishing attacks that exploit
the fact that mobile users are more likely to click on a malicious link
simply because it’s harder to identify it as suspicious on a smaller
screen. And malware designed to look like valid apps can convince
unsuspecting users to enter login data that can then be used to gain
access to legitimate sites storing detailed personal and financial data.
Mobile device users, particularly Android owners, need to remain
diligent in validating what apps they choose to download and the
attachments they choose to open.
Security Predictions: #4 – Cloud services will increase attack surface and burden perimeter security
Back in the good old
days, networks were relatively well-defined. Servers were provisioned in
the data center or the DMZ. Organizations could lock down their
sensitive data and carefully monitor access to servers with data center
and intranet security tools.
Those “good old days”
are gone. Today, many organizations are migrating their application
servers to the cloud or they are ditching their existing applications
and moving to software-as-a-service (SaaS) solutions such as CRM, HR,
email and file sharing apps. Organizations are also embracing cloud
productivity apps such as Microsoft Office 365 and Google for Work.
The transition to
cloud services has slashed costs and allowed easy access to business
apps from any location. However, cloud applications have also introduced
new security challenges, including:
- An increased attack surface: Before, attackers needed to gain access to the corporate network before they could probe and attack applications. With applications hosted in the cloud, malicious users can now attack apps from any location and any device.
- Uneven data monitoring and auditing: Organizations should track access to sensitive data to detect and stop suspicious activity and for forensics. But it is much more difficult to monitor access to third-party SaaS applications than internal apps because apps are hosted in the cloud and application traffic is often encrypted.
- Limited control over security: Organizations must rely on SaaS vendors to implement strong defenses and fix vulnerabilities that arise quickly. While many SaaS vendors have undergone rigorous SAS 70 or ISO 27001 audits, they are also under pressure to rapidly innovate and to support Application Programming Interfaces (APIs) for third-party integration; business demands could lead to more vulnerabilities.
- Increased traffic at the network perimeter: The adoption of cloud-based services will inevitably increase the load on secure web gateways and perimeter firewalls. Since much of this traffic is encrypted (see security prediction #1), businesses must ensure that their security devices can keep up with demand.
Security Predictions: #5 – Drone-related threats will grow
Consumer drones are
big now and they will get even bigger in 2016, with expectations to
generate over $1 billion in revenues. But their increased popularity
will also introduce new cyber security and physical security risks.
Drones serve a myriad
of purposes, from military to agricultural to surveillance applications
to even delivering packages from the sky. However, drones also present a
wide range of risks, from privacy invasion to corporate espionage to
terrorism.
Star Wars movie
executives are already developing plans to prevent drone owners from
taking photos of their upcoming movie sets. Executives in other
industries should also take heed. For example, oil exploration companies
should be wary of competitors using drones to learn where they are
drilling for oil. And IT administrators should make sure that drones do
not gain access to corporate Wi-Fi networks by providing closer
proximity for the use of sniffers and other snooping tools.
While drones do not
pose as serious a threat as other cyber security attacks such as
malware, IT administrators should consider any potential cyber security
or physical security risks that drones pose for their organization in
2016.
What Enterprises Can Do to Prepare for 2016
While it is challenging to predict which threats will cause the most damage in the future, we believe that trends like encryption, IoT, mobility, cloud and Internet-connected drones will introduce dangerous security risks in 2016.
While it is challenging to predict which threats will cause the most damage in the future, we believe that trends like encryption, IoT, mobility, cloud and Internet-connected drones will introduce dangerous security risks in 2016.
To prepare for these
risks, organizations should implement a multi-layered defense that can
protect servers and endpoints, whether those servers are hosted in a
data center or in the cloud and whether endpoints are traditional
computers or mobile devices. While employees cannot always predict the
future, organizations will be ready to handle future risks with the
right security technologies and processes in place.