I reviewed 34 information security threat reports published in 2014. These are the predictions worth echoing from those reports (though many are obvious to even elementary practicioners).
Strong Software Security Driving Increased Social Engineering
The next two or three years
may bear witness to a divergence in the threat landscape; as people move to
newer, more secure operating systems and modern web browsers, it will naturally
become more easy to avoid falling victim to a casual malware attack. The
success or failure of these attacks will be increasingly determined by the
level of social engineering involved, which in turn may drastically affect the
overall shape of the online security landscape.
(Symantec)
Spear Phishing and Watering Hole Attacks
Spear phishing is still the
most common delivery mechanism for targeted intrusion operations; however, the
frequency of Strategic Web Compromise (watering hole) operations is increasing.
CrowdStrike believes that this tactic will remain popular among targeted
intrusion adversaries, and its use will likely continue to increase in
frequency. (CrowdStrike)
In 2014, cybercriminals will
increasingly use targeted-attack-type methodologies. Doing open source research
and spear phishing will become a norm even for cybercriminals. (TrendMicro)
Third-Party Compromise Vector
Expect to see adversaries
targeting third-party vendors in an attempt to compromise the ultimate target.
Vendors often have less-robust security than their larger customers, and their
networks offer an avenue through which those customers can be compromised. (CrowdStrike)
New gTLDs Increase Effectiveness of Phishing
We predict that 2014 will see
a great deal of activity around ICANN’s new generic top-level domains (gTLDs).
These gTLDs will be used by adversaries to support more effective phishing
attacks. (CrowdStrike)
Increase in Malware use of Encryption
In 2014, we will see a rise
in malware that uses SSL and custom encryption methods in order to communicate
with remote servers for beaconing, receiving C2 commands, performing data
exfiltration, etc. (CrowdStrike)
Decrease in Public Vulnerability Disclosure, Increase in Black Market
Exploits
The past couple of years saw
a surge in bug bounty programs from companies such as Microsoft, Yahoo!, and
PayPal, and a corresponding decline in public disclosures of vulnerabilities.
This trend will continue in 2014 with an increase in black market activity of
newly discovered vulnerabilities and newly developed exploits. As the black
market activity increases, so will the demand for custom-made malware
(CrowdStrike)
Small Attack Groups – Hit and Run
Icefog is part of an emerging
trend that we’re seeing – attacks by small groups of cyber-mercenaries who
conduct small hit-and-run attacks
(Kaspersky)
The number of distinct [phishing]
campaigns identified by Symantec is up by 91 percent compared to 2012, and
almost six times higher compared to 2011. However, the average number of
attacks per campaign has dropped, down 76 percent when compared to 2012 and 62
percent from 2011. This indicates that while each attack campaign is smaller, there
have been many more of them in 2013. (Symantec)
In 2014, cybercriminals
will increasingly use targeted-attack-type methodologies. Doing open source
research and spear phishing will become a norm even for cybercriminals. (TrendMicro)
Rise of the Cyber Mercenary
It is highly likely that
cyber-mercenary services will be provided by IT specialists who have never
before been engaged in criminal activity.
(Kaspersky)
Fragmentation of the Internet
At the same time, the
Internet has begun to break up into national segments. Until recently this only
really applied to the Great Firewall of China. Several countries, including
Russia, have adopted or are planning to adopt legislation prohibiting the use
of foreign services. The World Wide Web has begun to break up into pieces.
Individual countries are no longer willing to let a single byte of information
out of their networks. These aspirations will grow ever stronger and
legislative restrictions will inevitably transform into technical prohibitions.
The next step will most likely be attempts to limit foreign access to data
inside a country. (Kaspersky)
Increasing Criminal Darknets
Cybercriminals will go
“deeper” underground next year. The Deep Web offers anonymity through
“darknets,” a class of networks that guarantee anonymous and untraceable
access. (TrendMicro)
Windows XP Targeting
With Windows XP reaching
end-of-life after 12 years, it will become a huge target for attackers.
(Sophos)
Big Data
Big data is big money and
unless the right security steps are taken it’s all available for an
enterprising cybercriminal. (Referring
to criminals getting in to the data collection and brokering business) (Symantec)
As the use of such big data
analytics spreads, attackers will have to find ways to hide from statistical analysis
and anomaly detection. (NTT)
“How do we know that the data
used for analytics has not been polluted?” Lee asked. “This threat represents a
battle that we will have to fight in the next five to ten years.” (NTT)
Internet of Things
“Over the next five
years, you will see a plethora of devices connected to your home or business
network,” said Andrew Howard, a research scientist with the Georgia Tech
Research Institute (GTRI). “And these can be used as avenues for attack.”
Sandbox Aware Malware
As more security
technologies increase their reliance on sandboxes for malware analysis,
CrowdStrike foresees an increase in sandbox-aware malware.