ME cyber crime landscape set for refocus
Blue Coat warns of the 2013 ME cyber crime evolution
The Middle East has witnessed a number of high-profile cyber attacks this year, largely on account of the political unrest in the region. Large enterprises including Saudi Arabia's national oil company, Saudi Aramco and Qatar's natural gas firm RasGas have fallen victim to these malicious attacks and have prompted some countries like the UAE to begin setting up government bodies that will be responsible for handling cyber threats.
Shirley O’Sullivan, vice president of marketing for EMEA at Blue Coat Systems says that with trends like Bring-Your-Own-Device (BYOD) gaining popularity in the region, the cyber threat landscape will evolve and get more sophisticated. She shares her predictions below about the shape of things to come and what organisations can do to protect themselves against potential attacks:
Mass market attacks become a beachhead for targeted attacks
If your organisation has valuable data, assume someone is going to come after it in 2013 through mass market attacks that provide cover for targeted attacks.
Businesses today manage so many end points that at any given time tens to hundreds of them may be infected, typically with mass market malware. While not the ideal security situation, businesses nonetheless tend to tolerate this level of mass market malware infections. In 2013, this tolerance level will create a backdoor for covert targeted attacks.
The thriving underground economy connects cybercriminals that are running bots with motivated attackers that are willing to pay top dollar to use the system of infected computers. This allows cybercriminals that are targeting a specific company to rent out or buy outright infected machines within a target IP range. As the size of a company increases, the certainty that a cybercriminal can find an infected system to co-opt rises exponentially. In this way, what was an infection from a mass market attack can covertly become a targeted attack.
Facilitating this shift will be the addition of intelligence gathering tools to standard Trojans that actively explore a hard drive rather than wait for a user to go to a financial site.
Mobile mischiefware gives way to mobile malware
With more businesses allowing employees to access the corporate network from mobile devices, expect these devices to become high value targets in 2013. Today, the smartphone penetration game is characterised by “mischiefware,” such as sending SMS texts or in-app purchases within rogue applications, that operates within the parameters of an app and does not break the phone’s security model. In 2013, expect to see malware that doesn’t show up as an app on the smartphone, but instead exploits the security of the device itself to identify valuable information and send it to a server. Hand-in-hand with this new mobile malware threat, expect to see the first mobile botnet that can forward SMS messages to command and control servers.
Malnets: if it isn’t broken, don’t fix it
In 2013, expect that most malware will come from large malnets that operate “malware as a business model”. These infrastructures are highly efficient at launching attacks and highly effective at infecting users. As a result, malnet operators have built a thriving business. Their continued success at infecting computers indicates that they don't need a revolutionary breakthrough to continue making money, just on-going evolutionary adjustments.
In 2013, expect them to refine their models and invest in the business to develop more sophisticated, believable attacks. By hiring translators and copy editors, malnet operators will be able to better create phishing emails that mimic the real page of a financial institution, for instance. They can also invest in more believable website facades and more comprehensive exploit kits that will make their attacks more believable, increasing the likelihood of their success.
The big data model comes to threat intelligence
Expect the security industry to adapt the big data model to understand more about potential vulnerabilities at a network and user level. Security and networking solutions all generate logs – significant amounts of information that tell you about user behaviors, traffic on the network and more. Mining this data to find discernible patterns in risky behavior, threats and anomalies on the network as well as correlations between behavior and risk will allow the industry to build new defences that can help users make safer default choices.
Sharing generation becomes more private
The wide availability of information exposed users to very personal targeted attacks that reference family members, pets and other personal information in an attempt to gain access to confidential information. This ready availability of user information also allows cybercriminals to waterhole users by more easily identifying the online places they visit and laying booby traps. As a result of this greater risk, in 2013, users that have operated from a share everything model will begin to limit how much and what information they share and who they share it with.
Securing the Business in 2013
The threat landscape will continue to evolve as cybercriminals adjust and refocus their attacks. In particular, as mass market and targeted threats converge, it will be important for businesses to take a holistic view of their security. No longer should mass market and targeted attacks be viewed as separate threats. They have now become one and the same.
To protect their data and users, businesses should focus their defences on visibility for all traffic, including Web, non-Web and even SSL. Each defensive solution logs traffic. Reviewing those logs on a regular basis to identify anomalies is crucial to stopping attacks. Businesses also need to understand who is supposed to be using data and how it is supposed to be accessed.
In response to the shifting threat landscape, businesses will need to adjust their security approach to ensure they are not the victims in 2013.