10 Security Predictions For 20124:00 PM EST Mon. Dec. 26, 2011
The future is hidden in the past, and many trends that started or gained momentum in 2011 will evolve into serious threats in 2012. As always, cybercriminals will follow the money in finding ways to siphon valuable data from emerging computing platforms. Google's smartphone OS Android will be a potentially lucrative bull's eye for hackers, along with social networks and small businesses. While profit is a prime motivator for most hackers, a growing number are becoming vigilantes, claiming a nobler path by justifying their criminality as a necessary evil in standing up for what they believe is right. Such self-righteousness is expected to drive an increase in politically motivated attacks on industrial control systems and on specific industries.
Add growing privacy concerns over geo-location services and shifts in regulatory compliance and 2012 will be a year to remember. Here are the 10 crucial security trends that we see coming. Happy New Year!
A technology trend that will gather steam in 2012 is the management and analysis of logs from hardware and software on the corporate network. Such data can provide evidence of malware, giving IT departments a chance to quickly neutralize the threat. Undervalued in the past, log analysis is being included in security vendor products, as customers begin to understand how such information can be used to thwart an attack. Vendors specializing in the field include Tripwire, LogLogic and Logrhythm, which CRN named as a "Need To Know: Emerging Security Vendor" in 2011. Driving the need for security-related log management is the rise in advanced persistent threats (APT). Attackers using such methods target specific companies with sophisticated malware designed to operate unnoticed in infected systems.
Geo-location is in every smartphone, giving application developers the ability to track users where ever they go. As a result, privacy concerns will keep geo-location in the spotlight in 2012. While consumers enjoy the services mobile apps provide by leveraging the technology, a few bad apples conducting surreptitious tracking or sharing of data could spark a backlash. Two federal bills were introduced in Congress in 2011 to protect geo-locational data. While neither is expected to pass in 2012, the bills will keep the issue in the media. Look for privacy advocates to step up efforts to get businesses to adopt an opt-in or consumer consent model before gathering geo-location information.
Cyber-attacks against small businesses will increase in 2012, as hackers seek the easiest path to profits. Businesses in general are storing a rising amount of valuable data and small companies are no exception. However, smaller businesses lack the security budgets of bigger players, so are unable to build the same level of protection, experts say. Making small businesses particularly vulnerable is their tendency to postpone or overlook upgrades and replacements of legacy systems. Expect to see more common modes of attacks directed at small companies, from social engineering to SQL injections. The trend is not lost on vendors. Sophos partnered in 2011 with D&H Distributing, which has a channel and partner network of more than 25,000 SMB resellers. For many small businesses, the cloud will be a safer haven. Expect to see an increasing number of companies sign up for managed security, letting cloud service providers worry about upgrades and maintenance.
Some critical compliance issues will be prominent in 2012, most notably the Payment Card Industry Data Security Standard 2.0. The update kicks in in 2012 and most merchants are not quite prepared to deal with it, industry observers say. In addition, the European Union is expected to tighten its Privacy and Electronic Communications Directive, which will have a big impact on Web user privacy. Globally, lawmakers will shove companies toward compliance with regulations by increasing penalties for data breaches and holding businesses more accountable for consumer data. While such government action can improve some areas of security, companies tend to focus on meeting lawmakers' checklist of regulations, overlooking some basic information technology security controls. For example, most regulations miss a wide range of best-practice controls, such as up-to-date anti-virus software, according to risk consulting firm Kroll. "As more breaches occur as a result of security gaps, we should expect to see governing agencies offer specific guidance on risk assessment and standard IT security controls," Kroll says.
Profit won't be the only motive for hackers in 2012. Politics is increasingly behind attacks and the trend will continue. The spotlight turned on so-called hacktivism in 2010 with the discovery of the Stuxnet worm that damaged control systems in Iran's nuclear facility. The malware was a wakeup call for governments and corporations. Since then, there's been a rise in the number of loosely organized anarchists. Last year, LulzSec made headlines hacking into state and federal government Web sites. More of these hactivism groups will rise in 2012, with many claiming to do good. For example, Anonymous, known for defending whistle-blowing site WikiLeaks, threatened late last year to unmask Mexican drug cartel members.
Vulnerabilities in industrial control systems will take the limelight in 2012, with major exploitations possible. Also called supervisory control and data acquisition (SCADA), these systems run industrial, infrastructure and facility processes, including manufacturing, power grids, water treatment and distribution, oil and gas pipelines, heating and cooling systems in airports and office buildings and much more.
Vendors have been developing Web interfaces for logging into these systems, thereby giving hackers a potential door. In addition, SCADA services have been migrating to the cloud, complicating security further and heightening concerns among experts. Since 2010, when the Stuxnet malware damaged Iranian nuclear facilities, the threat of an attack on a country's infrastructure has drawn an increasing amount of attention from government security officials. The rise of politically motivated attacks, or hacktivism, will be a major contributor to the rising threat.
Also known as targeted attacks, advanced persistent threats will become more pervasive in 2012. Such attacks are less risky and more profitable then commandeering botnets that spread spam and e-mail carrying malware, experts say. As a result, large-scale attacks based on tricking an e-mail recipient into clicking on a link or opening an attachment are diminishing while APTs are increasing, networking company Cisco said in its annual security report in 2011. Since August 2010, the amount of spam recorded by Cisco has plummeted from 379 billion messages a day to 124 billion, the lowest since 2007. Conversely, APTs are rising.
For example, a man in China was responsible for a cyber-attack against at least 48 chemical and defense companies, security firm Symantec reported in October. Two other highly targeted attacks were reported last year: one against five multinational oil and gas companies and another against 72 organizations, including the United Nations, governments and corporations.
Cyber-attacks on social networks are expected to increase this year. With more than 800 million members, Facebook has already been targeted many times and that's expected to continue in 2012. Other social media won't be immune from attacks in which cyber-criminals hijack profiles and use them as a channel to trick friends and acquaintances on a social network to click on a malicious link. Facebook was home last year to some of the highest profile attacks on social media. A Danish security company in November reported malware that used a picture sent from a hijacked account to get people to click on a link that installed malware capable of stealing online banking passwords. Fortunately, the so-called Zeus Trojan was first discovered in 2007, so people with up-to-date anti-virus software were likely protected.
The rising number of businesses and consumers heading to the cloud has pushed software as a service into the mainstream. With so much personal and corporate data sitting in service providers' servers, cyber-criminals will make them a priority target in 2012, hoping to find vulnerabilities in a security model that has grown faster than the development of cloud standards.
"If we were meteorologists, we’d definitely be calling for overcast with a chance of storms," risk consulting firm Kroll says in a recent commentary. Current surveys and reports show that companies are underestimating the importance of vetting service providers for their ability to provide security. As a result, data breaches in the cloud in 2012 will highlight the problems service providers pose to forensic analysis and incident response. While this could be considered part of the maturing process of a new technology, companies should be extra vigilant to avoid becoming the victim of a service provider dropping the ball.
Cybercriminals are expected to make smarthphones running Google's Android operating system a top priority in 2012. During the last half of 2011, the amount of malware written for Android quadrupled, as hackers tried to take advantage of the rapidly growing user base and the open approach Google has taken in allowing third parties to distribute apps for the OS on any web site. The latter means criminals can launch their own sites to trick people into downloading illicit software.
Even on the official Android Market, malware disguised as games have been pulled off the site, with experts blaming a lack of strict oversight as the reason for the security breach. Security vendor Kaspersky Lab says this year may mark the appearance of the first mass worm for Android, capable of spreading via text messages and sending out links to an online store distributing malware. The vendor also says the first mobile botnet is likely on Android.