Barnes is coming from enterprise network perspective – this is not about home PC security. A10 networks, his employer, provides application networking, load balancing and DDoS protection solutions to secure data centre applications and networks of thousands of the world's largest enterprises, service providers, and hyper scale web providers.
2015 was a ‘less’ memorable, but no less important, year for cyber-security.
2014 was a benchmark year – it went down in security history books as the year of Heartbleed, ShellShock and point-of-sale malware – vicious stuff.
While 2015 had some significant attacks - the BBC attack on New Year’s Eve; TalkTalk and Stagefright; fishy root certificates; malware and ransomware; and very public data breaches, there was, in fact, less widespread, panic-inducing vulnerabilities than in years past.
However, in 2016 things like the growing Internet of Things (IoT) and cloud networking have generated a host of new threats. Researchers revealed attacks that could compromise connected devices such as home routers, cameras, cars, and rifles.
Stagefright was still at the top of the list of mobile security risks; it allowed malicious users to exploit Android devices simply by sending a malicious MMS message. As the Android market share has been steadily increasing, the vulnerabilities will only continue to be exploited.
Read on for Barnes top five issues to watch for in the remainder of 2016.
#1: Attacks hidden in SSL traffic will exceed attacks in clear text
Over the past few years, SSL encryption has become the norm. For good reason - encryption improves security by providing data confidentiality and integrity.
Encryption now accounts for about one-third of all Internet traffic and it’s expected to reach two-thirds of all traffic later this year due to widespread transition to SSL by internet powerhouses like Facebook and YouTube.
Unfortunately, encryption also allows hackers to conceal their exploits from security devices like firewalls, intrusion prevention systems, and data loss prevention platforms.
Encrypted traffic has become the ‘go-to’ way of distributing malware and executing cyber-attacks. Whether sharing a malicious file on a social networking site or attaching malware to an email or an instant message, many attacks will be cloaked in SSL.
To counter the threat posed by SSL encryption, organisations must decrypt and inspect inbound and outbound traffic for cyber-attacks. A dedicated SSL inspection platform enables third-party security devices to inspect encrypted traffic and eliminate the blind spot in corporate defences.
#2 – IoT will gain notoriety as both an attack target and an attack vector
With the continued rapid growth of the Internet of Things (IoT), expect to see an increase in both the number and severity of active exploits of connected devices. Analysts predict that there will be over 5 billion connected “things” by the end of 2016, and as the number of devices leveraging personal information grows, we’ll start hearing about exploits targeting consumer-oriented IoT devices.
This will lead to more vocal advocacy for consumer protection through government regulation, or more likely, industry-driven mandates similar to those defined by Payment Card Industry Data Security Standard (PCI DSS). Privacy and security concerns will potentially deter Aussies from adopting devices and solutions based on the Internet of Things (IoT).
IoT-specific threats are exacerbated by some factors:
- The number of connected “things” is outpacing the ability to secure them.
- Many devices have little to no security built in.
- There is no formalised process for securing IoT devices.
- An increasing number of devices provide access to personal information.
- Meeting demand for capabilities will continue to be a higher priority than security.
#3 – Attackers will target mobile app vulnerabilities
There will be a continued rise in the number of attacks targeting mobile devices – no surprises there. But the scope of the problem and the potential for damage will surprise.
The sheer volume of mobile devices, the amount of malware (20 million apps by the end of 2016, according to Trend Micro), and the inherent vulnerabilities present in even legitimate mobile apps means that a major breach is bound to happen, potentially on a massive scale. Just recently the malware infecting a large number of Android devices in Australia has been leveraged to target the big four Australian banks' apps, stealing the two-factor SMS codes.
Additional threats exist in spear phishing attacks that exploit the fact that mobile users are more likely to click on a malicious link simply because it’s harder to identify it as suspicious on a smaller screen. And malware designed to look like valid apps can convince unsuspecting users to enter login data that can then be used to gain access to legitimate sites storing detailed personal and financial data. Mobile device users, particularly Android owners, need to remain diligent in validating what apps they choose to download and the attachments they choose to open.
#4 – Cloud services will increase attack surface and burden perimeter security
Back in the ‘good old days’, networks were relatively well-defined. Servers were provisioned in the data centre or the DMZ. Organisations could lock down their sensitive data and carefully monitor access to servers with data centre and intranet security tools.
Those days are gone. Today, many organisations are migrating their application servers to the cloud or they are ditching their existing programs and moving to software-as-a-service (SaaS) solutions like CRM, HR, email and file sharing apps.
The transition to cloud services has slashed costs and allowed easy access to business apps from any location. However, cloud applications have also introduced new security challenges, including:
- An increased attack surface: With applications hosted in the cloud, malicious users can now attack apps from any location and any device.
- Uneven data monitoring and auditing: Organisations should track access to sensitive data to detect and stop suspicious activity and for forensics. But it is much more difficult to monitor access to third-party SaaS applications than internal apps because apps are hosted in the cloud and application traffic is often encrypted.
- Limited control over security: Organisations must rely on SaaS vendors to implement strong defences and fix vulnerabilities that arise quickly. While many SaaS vendors have undergone rigorous SAS 70 or ISO 27001 audits, they are also under pressure to rapidly innovate and to support Application Programming Interfaces (APIs) for third-party integration; business demands could lead to more vulnerabilities.
- Increased traffic at the network perimeter: The adoption of cloud-based services will inevitably increase the load on secure web gateways and perimeter firewalls. Since much of this traffic is encrypted, businesses must ensure that their security devices can keep up with demand.
#5 – Drone-related threats will grow
Attack of the Drones – seriously these are IoT devices and eminently hackable.
Drones serve a myriad of purposes – military, agricultural, surveillance, delivering packages, and fun. In fact, an application has been developed at the University of Sydney for the NERI surf lifesaver - a drone that can deliver lifesaving buoys to swimmers in times of need. We are not so much concerned with commercial drones where security is a major priority.
But drones also present a wide range of risks, from privacy invasion, to corporate espionage, to terrorism. And it is the use of low-cost consumer drones that are the worry. That market will explode in 2016 and generate over $1 billion in revenues. Their increased popularity will also introduce new cybersecurity and physical security risks.
While drones do not pose as serious a threat as other cyber security attacks such as malware, IT administrators should consider any potential cyber security or physical security risks that drones pose for their organisation. Think remote video and audio surveillance, employee tracking and movements, war driving and network access, transmitter access from rooftops and more.
What you can do
While it is challenging to predict which threats will cause the most damage in the future, we believe that trends like encryption, IoT, mobility, cloud and Internet-connected drones will be delivery vectors for dangerous security risks in 2016.
To prepare for these risks, organisations should implement a multi-layered defence that can protect servers and endpoints, whether those servers are hosted in a data centre or the cloud and whether endpoints are traditional computers or mobile devices. While employees cannot always predict the future, organisations will be ready to handle future risks with the right security technologies and processes in place.