A recent article by Paul Rubens writing for the Security Planet website, highlights some top emerging security threats IT professionals face as they strive to stay one step ahead of criminal hackers. The author cites a recent report from the Georgia Institute of Technology entitled Emerging Cyber Threat Report 2013. The researchers who created the report present six emerging threats for which security professionals should be prepared:
Threat #1: Hiding Viruses in DRM Technology
Digital rights management (DRM) systems technology could be used to hide viruses. DRM technology is used to protect some music and ebook files so they can’t be copied or shared. The same technology used to lock and protect these files, is used to protect the malware once a DRM system has been corrupted. This makes it very difficult for anti-virus vendors to obtain a sample code so they can analyze it and produce an AV signature that blocks it.
Solution: The author suggests deploying AV products that go beyond signature-based defenses, to employ behavioral and reputation-based technologies.
Threat #2: Apple OS X Targeted Attacks
The author reports that because the MS Windows OS typically has received the vast majority of targeted malware attacks, Mac users have been skating by with little or no anti-malware protection. However the recent Flashback Trojan shows that the Apple OS X is every bit as vulnerable, perhaps more so because users are unprepared. Flashback was able to infect over 600,000 Apple OS X systems and there are likely to be similar attacks in the future.
Solution: Protect your OS X devices as diligently as you do your Windows machines with up-to-date AV solutions and security patches for 3rd party software such as Java.
Threat #3: Hardware Insecurities
Recently, some off-shore networking hardware manufacturers, in China and other countries, are producing counterfeit hardware that comes complete with baked-in malware. That’s right – malicious code is deliberately included as part of the firmware, giving infected machines backdoor access into the corporate network.
Solution: To start, limit network hardware purchases to only those vendors you trust. Beyond that, the author suggests doing random tests, or if resources allow, assume all hardware is suspicious and test everything before deploying it on the network.
Threat #4: Malware going Mobile
With some reports showing Android malicious or suspicious apps increased to over 175,000 by last September, there’s no doubt BYOD, wherein employees bring their own mobile devices to work and connect them to the corporate network, can pose a serious risk. And Apple apps can’t be considered completely immune either, the article argues. Other risks to mobile devices include phishing exploits and improperly implemented SSL and TLS connections, which open users to man-in-the-middle attacks.
Solution: Make sure, if you are allowing BYOD or even corporate-owned mobile devices in your organization, that you employ some form of mobile device management (MDM). This can allow you to secure mobile devices so that only approved applications can be downloaded.
Threat #5: Cloud Storage
The report admits that cloud providers are likely a sensible choice for many organizations because they offer better than average security. However such huge repositories of data are hard-to-resist targets for hackers. The possibility that a large number of your customers’ credit card numbers may be stored in the cloud will prove irresistible to cyber criminals bent on financial gain. The author points out that enterprise cloud storage solutions seem to have the best encryption technology – as opposed to consumer-oriented cloud vendors. In fact the author cites Dropbox and Evernote as two such vendors that have been successfully hacked.
Solution: Make sure all your data is encrypted before it is sent to the cloud using a key word not held by the cloud service provider. You may also want to prevent employees from using a consumer cloud service at work by blocking access to it.
Threat #6: Search Engine Filter Bubble Poisoning
This is an exploit that’s a new wrinkle on attempts to get users to click on a malicious link on a corrupted trusted website. The theory being that you if you boost the page ranking when a victim searches, you will have a better chance of getting him or her to click on your bad link. This exploit works by manipulating the users search profile while they are logged into their Google or some other search engine account. The researchers were actually able to simulate this in their lab so the threat is real. This threat becomes more ominous when you consider that the users profile can follow him from machine to machine – increasing the opportunity to gain access to a network of users.
Solution: IT professionals should make sure employees are not logged into Google or other search engine accounts if they are on the Internet at work. Make sure they also clear their browser caches after each session or use their browser privacy mode.