Saturday, May 31, 2014

Summary of Predictions from the 2014 Information Security Threat Reports

I reviewed 34 information security threat reports published in 2014. These are the predictions worth echoing from those reports (though many are obvious to even elementary practicioners).


Strong Software Security Driving Increased Social Engineering

The next two or three years may bear witness to a divergence in the threat landscape; as people move to newer, more secure operating systems and modern web browsers, it will naturally become more easy to avoid falling victim to a casual malware attack. The success or failure of these attacks will be increasingly determined by the level of social engineering involved, which in turn may drastically affect the overall shape of the online security landscape.  (Symantec)

Spear Phishing and Watering Hole Attacks

Spear phishing is still the most common delivery mechanism for targeted intrusion operations; however, the frequency of Strategic Web Compromise (watering hole) operations is increasing. CrowdStrike believes that this tactic will remain popular among targeted intrusion adversaries, and its use will likely continue to increase in frequency.  (CrowdStrike)

In 2014, cybercriminals will increasingly use targeted-attack-type methodologies. Doing open source research and spear phishing will become a norm even for cybercriminals.  (TrendMicro)


Third-Party Compromise Vector

Expect to see adversaries targeting third-party vendors in an attempt to compromise the ultimate target. Vendors often have less-robust security than their larger customers, and their networks offer an avenue through which those customers can be compromised.  (CrowdStrike)


New gTLDs Increase Effectiveness of Phishing

We predict that 2014 will see a great deal of activity around ICANN’s new generic top-level domains (gTLDs). These gTLDs will be used by adversaries to support more effective phishing attacks. (CrowdStrike)


Increase in Malware use of Encryption

In 2014, we will see a rise in malware that uses SSL and custom encryption methods in order to communicate with remote servers for beaconing, receiving C2 commands, performing data exfiltration, etc. (CrowdStrike)


Decrease in Public Vulnerability Disclosure, Increase in Black Market Exploits

The past couple of years saw a surge in bug bounty programs from companies such as Microsoft, Yahoo!, and PayPal, and a corresponding decline in public disclosures of vulnerabilities. This trend will continue in 2014 with an increase in black market activity of newly discovered vulnerabilities and newly developed exploits. As the black market activity increases, so will the demand for custom-made malware (CrowdStrike)


Small Attack Groups – Hit and Run

Icefog is part of an emerging trend that we’re seeing – attacks by small groups of cyber-mercenaries who conduct small hit-and-run attacks  (Kaspersky)

The number of distinct [phishing] campaigns identified by Symantec is up by 91 percent compared to 2012, and almost six times higher compared to 2011. However, the average number of attacks per campaign has dropped, down 76 percent when compared to 2012 and 62 percent from 2011. This indicates that while each attack campaign is smaller, there have been many more of them in 2013. (Symantec)

In 2014, cybercriminals will increasingly use targeted-attack-type methodologies. Doing open source research and spear phishing will become a norm even for cybercriminals. (TrendMicro)

Rise of the Cyber Mercenary

It is highly likely that cyber-mercenary services will be provided by IT specialists who have never before been engaged in criminal activity.  (Kaspersky)


Fragmentation of the Internet

At the same time, the Internet has begun to break up into national segments. Until recently this only really applied to the Great Firewall of China. Several countries, including Russia, have adopted or are planning to adopt legislation prohibiting the use of foreign services. The World Wide Web has begun to break up into pieces. Individual countries are no longer willing to let a single byte of information out of their networks. These aspirations will grow ever stronger and legislative restrictions will inevitably transform into technical prohibitions. The next step will most likely be attempts to limit foreign access to data inside a country. (Kaspersky)


Increasing Criminal Darknets

Cybercriminals will go “deeper” underground next year. The Deep Web offers anonymity through “darknets,” a class of networks that guarantee anonymous and untraceable access.  (TrendMicro)


Windows XP Targeting

With Windows XP reaching end-of-life after 12 years, it will become a huge target for attackers. (Sophos)


Big Data

Big data is big money and unless the right security steps are taken it’s all available for an enterprising cybercriminal.  (Referring to criminals getting in to the data collection and brokering business) (Symantec)

As the use of such big data analytics spreads, attackers will have to find ways to hide from statistical analysis and anomaly detection. (NTT)

“How do we know that the data used for analytics has not been polluted?” Lee asked. “This threat represents a battle that we will have to fight in the next five to ten years.”  (NTT)


Internet of Things

“Over the next five years, you will see a plethora of devices connected to your home or business network,” said Andrew Howard, a research scientist with the Georgia Tech Research Institute (GTRI). “And these can be used as avenues for attack.”


Sandbox Aware Malware

As more security technologies increase their reliance on sandboxes for malware analysis, CrowdStrike foresees an increase in sandbox-aware malware.

Saturday, May 24, 2014

The 2014 Information Security Threat Reports

I Googled 'threat report' and quickly found 42 threat reports.  I'm going to read everyone of these and rank them. So if my next post is nonsensical it is because I scrambled my brain reading this stuff.

Mcafee Q4 2013
Cisco 2014
Symantec 2014
Trustwave 2014
Mandiant 2014 - Registration Required
Microsoft 2013 Q3 and Q4
FireEye 2013
Kaspersky 2013
IBM 2014 Q1
Verizon 2014
FireEye 2014
Trend Micro Threat Forecast 2014
Trend Micro Targeted Attack Trends 2013 2H
CyberEdge Cyber Defense Report 2014
ProofPoint Monthly Threat Report
Check Point 2014
Sophos 2014
Websense 2014
F-Secure Mobile Threat Report 2014
Fortinet Threat Landscape Report 2014
Georgia Tech Emerging Cyber Threats Report 2014
Solutionary Threat Report 2014
WebRoot Mobile Threat Report 2014
Crowd Strike 2014
Arbor Networks
Quick Heal Threat Report
Dell SonicWall Threat Report
Lookout Mobile Threat Report
Vormetric (Registration Required)
SANS Health Care Threat Report
Cloud Security Alliance - Cloud Threat Report
ForeScout Threat Report
TrendMicro Threat Report
SilverSky Financial Institution Threat Report
Airforce Ballistic and Cruise Missile Threat Report
Intellectual Property Rights Threat Report
CDC Drug Resistance Threat Report
CDC Top 5 Health Threats
National Drug Threat Assessment
Worldwide Threat Assessment of the US Intelligence Community
National Security and the Threat of Climate Change
Trustwave Global Threat Report
PWC Global State of Information Security

Monday, May 19, 2014

Utah - The Greatest Dirt on Earth

The snow is great, but the dirt is better. 59,430 square miles of public land. Lots of dirt roads and trails. That means an endless supply of moto terrain!

Sunday morning I started into a quick search for OHV maps of Utah. I found 50! Here is, as far as I know, the only single site that contains links to all the google-findable Utah OHV maps. So, if you want to get lost, here are the maps to take you there. And when you do get lost, you just might find yourself in a place like this :-)


Fishlake National Forest

Canyonlands National Park
Island in the Sky Map
The Needles Map
The Maze Map

Snowmobile Complex Maps
Logan Canyon