TechSource: News & Insights About Government IT Solutions

Blue Coat's Predictions for Targeted Attacks in 2013 - TechSource

Written by Daisie Register | January 28 2013

Recently, we’ve posted several expert opinions on trends for 2013 in the areas of big data, cloud, information security and mobility. In addition to our own experts, we wanted to highlight the expertise of our partners. In this post, the Chief Security Strategist at Blue Coat discusses predictions for 2013. Hugh Thompson provides insight into mass attacks and how they will act as a cover for targeted attacks. Here is what he had to say:

If your organization has valuable data, assume someone is going to come after it in 2013 through mass market attacks that provide cover for targeted attacks.

Businesses today manage so many end points that at any given time tens to hundreds of them may be infected, typically with mass market malware. While not the ideal security situation, businesses nonetheless tend to tolerate this level of mass market malware infections. In 2013, this tolerance level will create a backdoor for covert targeted attacks.

The thriving underground economy connects cybercriminals that are running bots with motivated attackers that are willing to pay top dollar to use the system of infected computers. This allows cybercriminals that are targeting a specific organization to rent out or buy outright infected machines within a target IP range. As the size of an organization increases, the certainty that a cybercriminal can find an infected system to co-opt rises exponentially. In this way, what was an infection from a mass market attack can covertly become a targeted attack.

Facilitating this shift will be the addition of intelligence gathering tools to standard Trojans that actively explore a hard drive rather than wait for a user to go to a financial site.

Mobile ‘mischiefware’ gives way to mobile malware

With more organizations allowing employees to access the network from mobile devices, expect these devices to become high value targets in 2013. Today, the smartphone penetration game is characterized by “mischiefware,” such as sending texts or in-app purchases within rogue applications that operates within the parameters of an app and does not break the phone’s security model. In 2013, expect to see malware that doesn’t show up as an app on the smartphone, but instead exploits the security of the device itself to identify valuable information and send it to a server. Hand-in-hand with this new mobile malware threat, expect to see the first mobile botnet that can forward SMS messages to command and control servers.

Malnets: If it isn’t broken, don’t fix it

In 2013, expect that most malware will come from large malnets that operate “malware as a business model.” These infrastructures are highly efficient at launching attacks and highly effective at infecting users. As a result, malnet operators have built a thriving business. Their continued success at infecting computers indicates that they don’t need a revolutionary breakthrough to continue making money, just on-going evolutionary adjustments.

In 2013, expect malnet operations to refine their models and invest in the business to develop more sophisticated, believable attacks. By hiring translators and copy editors, malnet operators will be able to better create phishing e-mails that mimic the real page of a financial institution, for instance. They can also invest in more believable websites facades and more comprehensive exploit kits that will make their attacks more believable, increasing the likelihood of their success.

Securing the organization in 2013

The threat landscape will continue to evolve as cybercriminals adjust and refocus their attacks. In particular, as mass market and targeted threats converge, it will be important for organizations to take a holistic view of their security. No longer should mass market and targeted attacks be viewed as separate threats. They have now become one and the same.

To protect their data and users, organizations should focus their defenses on visibility for all traffic, including web, non-web and even SSL. Each defensive solution logs traffic. Reviewing those logs on a regular basis to identify anomalies is crucial to stopping attacks. Organizations also need to understand who is supposed to be using data and how it is supposed to be accessed.

In response to the shifting threat landscape, businesses will need to adjust their security approach to ensure they are not the victims in 2013.

To view the entire piece, visit RCR Wireless or Federal Blue Print.