Recent news of government website hackings in Australia, Philippines and Singapore by global activist group, Anonymous, as well as the Black Friday cyber theft of 40 million Target customers’ debit and credit card details are testimony to the mounting cyber risk from external hackers. According to audit group, Ernst & Young’s Global Information Security Survey 2013, cybercrime is the greatest threat to organizations’ survival.
Target made waves over the holiday season when it revealed that 40 million of its customers had their debit and credit card information stolen since Black Friday. But the newest cyber attack scandal is blowing Target out of the water.
For every attack that makes headlines, millions of data-stealing malware are hitting business networks at an intense speed and velocity that are rarely reported. In its annual Dell SonicWALL Global Threat Report, Dell’s threats research team shared unprecedented growth and threat patterns as cybercriminal tools continue to be enhanced in terms of speed and effectiveness. Appended are the top IT security predictions for 2014 and into the future that information security professionals should pay attention to:
1. Advanced Persistent Threats on the rise The hacking incidences in Australia, Philippines, Singapore, and with Sony are a result of targeted attacks made by external third parties. Dell envisions a rise of such incidents, with more and more organizations subjected to these Advanced Persistent Threats that are becoming more purposeful, resourceful and sophisticated. Though the incidence of these types of attacks is small when compared to automated or commoditized threats that target a broader group, Advanced Persistent Threats and the actors behind them can pose a much more serious threat.
Against Advanced Persistent Threats, half the battle is won by understanding the true threat organization faces and knowing what makes an organization attractive as a target. Organizations will then need to respond to such threats with an equally persistent, active and layered defense model that spans the entire attack surface of their organization. Information security professionals will need to know their attack surface and assets, and ensure their layered defenses are appropriately designed and up-to-date to best detect, resist and respond to such threats.
2. New targets on Windows According to The Financial Times , Windows XP remains a staple of IT departments with many choosing not to upgrade to 2005’s Windows Vista, which requires hardware upgrades, or to Windows 7, which was released in 2009 during the global financial crisis when IT budgets were tight. Windows 8, which was released in August 2013 and brings in a new touchscreen interface, has also had its fair set of detractors.
Now that the support life cycle for Windows XP has officially ended, Dell expects a surge of cyber-attacks since the discontinued support for Windows XP will lead to exposed weaknesses in the networks of a large number of users all over the world. Organizations that do not migrate to a newer version of Windows and continue to use Windows XP are especially vulnerable without Microsoft support and patching. Moving forward, researchers from Dell expect to see Windows 7/8 as the next target.
3. Botnets expand their reach from financial details to digital currency Financial institutions have dealt with banking botnets for more than a decade, with the number of botnets targeting online banking transactions increasing dramatically during this span. Although banks have evolved their security measures to protect online transactions from fraud, attackers quickly adapt to these countermeasures and respond with sophisticated banking botnets. In fact, according to a research report by Dell, five of the leading eight banking Trojans can track and mimic behavioral patterns. The malware captures bank details, login credentials and even helps attackers develop a picture of user behavior and their interactions with banking sites. By developing a profile, digital crooks are able to emulate user behavior to sidestep security frameworks designed to detect unusual activity. Cybercriminals then leverage this information to cover their own digital tracks when they steal the money from the victims’ bank accounts. Cybercriminals are also targeting digital currency with more and more botnets focusing on digital cryptocurrency mining. In January 2014, European newspaper, The Guardian reported that as many as two million European users of Yahoo may have received PC malware from virus-laden ads served by its homepage over a four-day period last week. Some of the malware eventually turned PCs into Bitcoin miners – a huge drain on computing resources – without users’ knowledge.
Late 2013, Dell researchers observed an increase in Bitcoin mining botnets, which were designed to gather enough computing power to generate Bitcoins with zero hardware and energy expenses to the criminal operation. We expect this trend of digital cryptocurrency mining to continue beyond 2014.
In reviewing 2013, Dell’s threat report states a higher level of cybercriminal activities and data breaches than the previous year. This is not new. Year after year, malware attacks have consistently increased. Looking ahead into 2014, we predict that cybercriminals will continue to leverage similar attack techniques, but with renewed sophistication. From a broader industry perspective, we believe that all security vendors have a responsibility to not only work independently, but also holistically in better protecting customers and their data. As cyber criminals become even quicker at developing advanced cyber attack tools, the fight to protect organizations’ digital lives is more urgent than ever before.
Han Chon is the Director, KACE & SonicWALL, Dell APJ