Check Point 2012 Security Projections
As security breaches continue to make headlines and the sophistication of today’s Internet attacks grows more complex, organizations of all sizes are forced to reevaluate their risk management strategies in light of emerging technology trends and prescriptive compliance requirements.
Based on research and customer feedback, Check Point projects businesses will see a few interesting shifts in 2012:
1. Hackers and Businesses Hone in on Mobile Security
Mobile computing has become a common method of business communication and administrators are steadily beginning to accept the trend. However, IT administrators struggle with securing the abundance of devices and different operating systems connecting to the corporate network, and are challenged with establishing the appropriate mobile and network access policies. According to Check Point research, 78 percent of businesses reported there were more than twice as many personal devices connecting to their corporate network compared to two years ago and 63 percent believe this trend is related to the increase in security incidents.
Mobile devices are yet another threat vector for hackers to steal information and gain access to sensitive information. Without the right precautions in place, a hacker can upload a Trojan horse to a mobile device and within seconds, take pictures every 20 seconds and capture sensitive data on the device’s screen – including snapshots of SMS messages, emails, mobile web-browsing history or your location, for example. The amount of variance for mobile-based malware is expected to double, creating more attention and security awareness for mobile threats in the coming year.
2. Popularity of QR Codes
Recently, more retailers and advertisers have begun to leverage QR (Quick Response) Codes to encourage users to scan the barcode with their mobile phone and obtain more information about the product. Check Point expects this trend to rise in popularity, but users should be wary about QR codes that may be dangerous. With a simple scan from your smartphone, a hacker can exploit a QR code, redirecting the user to a malicious URL, file or application.
3. Rise in Human Intelligence and Social Engineering Attacks
It is important to emphasize the evolution of security for operating systems has become more mature – and with the right security strategy and protection in place, can help businesses withstand a wide number of threats. In 2012, we expect to see more hackers looking for other ways to breach an organization…by targeting the people.
Socially-engineered attacks traditionally target people with an implied knowledge or access to sensitive information. In just a few minutes, hackers can populate a host of information about an individual based on information users publically share through these communication tools (i.e. Facebook to search and obtain your name, birth date and social network of friends; Twitter to learn more about your interests and community of followers; LinkedIn for employment information, start date or education background; as well as FourSquare or Yelp for “check-ins” and location based services – to name a few). Because social engineering attacks have information that is customized to target an individual, it can appear more legitimate.
Check Point research has shown the primary motivation of social engineering attacks is financial gain (51%), followed by access to proprietary information (46%), competitive advantage (40%) and revenge (14%) and can cost businesses anywhere from $25,000 to $100,000 per security incident. Preventing social engineering attacks requires a combination of technology and security awareness throughout the organization.
4. Malware Becomes Big Business
How much is it worth being a hacker today? Cybercriminals are no longer isolated amateurs. They belong to well-structured organizations that resemble terrorist cells – with money, motivation and goals. They can deploy considerable intelligence, time and resources in order to execute botnets that can cost businesses millions. Often, attackers will not attack a target unless it’s worth the time – and often times won’t go to the trouble if the incident can’t be monetized.
It is important to note that financial information is not the only valuable data worth stealing. Cybercriminals tend to look for general customer information and less for specific billing or credit card data. Such information can be very lucrative for hackers, enabling them to customize future attacks or spam campaigns that increase the likelihood of their success. And in some cases, social identities can be more valuable to hackers than your actual credit cards. With over 800 million Facebook users, most of whom are active and log on daily, social networking tools are opening new doors for cybercriminals.
5. Botnets Serve as the Backdoor to the Enterprise
Next year, botnets will become one of the most significant network security threats facing organizations. Compromising anywhere from a few thousand to well over a million systems, botnets are used by cybercriminals to take over computers and execute illegal and damaging activities – such as stealing data, gaining access to unauthorized network resources, initiating Denial of Service (DoS) attacks or distributing spam.
In the past, it was assumed that most of the popular botnets were running on Windows machines, this is no longer true today – Linux and Mac systems are not immune. In 2012, botnets will evolve using a combination of social engineering, zero-day exploits, and will take advantage of the proliferation of mobile devices and social networking. In addition, new botnet variants will be cross-platform and companies can expect to see more Apple, Android and other mobile based botnets pop up where they communicate to Command and Control servers (C&C) using via 3G or Wi-Fi networks.
6. Spike in Businesses Making the Migration to IPv6
The pool of unallocated IPv4 addresses is shrinking rapidly with the last block of IPv4 addresses from the ICANN Assigned Numbers Authority (IANA) being assigned on January, 31, 2011. Due to the impending shortage of IPv4 addresses, IPv6 is starting to be deployed widely. Architecturally, IPv6 presents its own security challenges, including parts of the protocol that are different from IPv4 as well as the transition mechanisms used to deploy it. However, for some companies, IPv6 could already be running on enterprise networks without the knowledge of the network administrators and may be used as a covert channel by hackers and botnets. As more organizations migrate to IPv6 next year, companies should carefully consider what is needed in order to make the transition to IPv6 securely.
7. Leveraging Virtualization as a Security Defense
In the early stages, virtualization was mainly used to consolidate servers and IT resources for cost, space and energy savings purposes, yet has found many more uses and applications since. Businesses are beginning to leverage virtualization technologies as an additional layer of security defense. With Check Point Go or WebCheck, for example, organizations can protect their network and endpoints with unique browser virtualization technology that segregates and secures corporate data from the Internet – allowing users the freedom to surf with full protection against drive-by-downloads, phishing attempts and malware.
8. The Emergence of Socialbots
A socialbot is a computer software program that controls an account on a particular social network and has the ability to perform basic activities, such as posting a message or sending a friend request. A socialbot’s success lies in its ability to mimic a human, making it unique to a type of malware. If a user accepts a socialbot’s friend request, the bot gains access to the individual’s social circle and personal information that can be used for identity fraud. Although many savvy users have multiple social networking accounts integrated into one, synching several accounts can give socialbots an opportunity to execute one attack while reaching multiple audiences.
9. Major events in 2012 Will Foster More SEO-based Security Risks
In the coming year, consumers and businesses should be prepared to see a wide range of Black Hat SEO Attacks – hacking attempts that manipulate search engine results to make their (malicious) links appear higher than legitimate results in search engines – generating a greater number of clicks on malicious websites. Hackers tend to exploit specific annual events, such as Cyber Monday or Tax Season, that lure users into clicking on malicious links on websites and phishing scams. In 2012, the world should expect to see a flurry of news headlines and ads focused around major events in 2012, such as the London Olympics, US Presidential Elections or Super Bowl XLVI, for example. The year of 2012 will be no exception and we should expect to see hackers attempt to exploit common search terms centered on headline news that will propagate within search engines and social networking outlets. Businesses should enforce the necessary precautions and ensure they have the appropriate URL Filtering and Application protections in place to mitigate the risk.
As companies combat traditional Internet threats, security issues with Web 2.0, mobile devices and cloud computing contribute to the growing list of priorities for the CSO. This rise in IT complexity is causing organizations to change the way they think about security and encourage companies to better align IT security with business needs.
by Check Point Software Technologies