Infosec Trends to Watch in 2016

Outsourced Security Services Continue to Grow

It is estimated that 1 MILLION information security jobs will go unfilled in the US this year. Hiring experienced and competent information security personnel is difficult in this job market, even as more organizations are feeling a need to have dedicated security personnel as part of their IT staffs. This job market reality will likely fuel accelerating growth in the adoption of security-as-a-service offerings, as organizations outsource security roles to providers such as managed security service providers (MSSPs).


 Increasing Use of Stolen Data for Extortion

The Ashley Madison breach last year demonstrated the potential of information obtained via data breaches as fodder for extortion. To date, such information has typically been leaked to the media or otherwise made public, with the intent of embarrassing the subjects (the Sony breach is another example, as are countless past “hacktivist” incidents). However, in the future we are likely to see criminal organizations attempt to leverage such information in blackmail and extortion schemes.


Cyber Insurance Matures

Adoption of cyber insurance to cover the risks of cyber attacks and breaches is estimated to have increased by 35% in 2015. The adoption rate can be expected to continue to increase at a similar or faster rate, but as the product and the market mature many changes are coming. Insurers are beginning to attach more requirements for audits and certifications of organizations’ security posture either as preconditions for writing a policy or as means to getting a better rate. Insurers are also creating and enforcing more exceptions and conditions in order to make their risk exposure less open-ended and to simplify the underwriting of cyber policies. Anchor recommends that organizations seriously consider acquiring cyber insurance, but also that they exercise care in selecting a reputable insurer which has been in the cyber coverage market for several years. Organizations should also look closely at the coverage terms and any exclusions to ensure they know what is and is not covered.


 Malicious Actors Continue to Expand Their Use of Encryption and Certificates

Modern operating systems place a greater emphasis on the use of code-signing certificates, and the percentage of web and other Internet communications that is encrypted continues to increase. To date, malware and hackers have not made extensive use of standards-based encryption, but that is beginning to change. Stolen or forged code-signing certificates are increasingly being used by attackers to enable their malicious software to run on operating systems that require signed code and to blend in with most modern software. Malicious parties will also increase their use of HTTPS websites, backed by certificates issued by trusted certificate authorities, for hosting their command-and-control sites and exploit kits. The use of encryption will make detection of web-based exploits increasingly difficult.


More Mac and iPhone Malware and Attacks

In 2015 we saw many vulnerabilities found in the OS X operating system that powers Mac computers, and more malware for these than in the past as well. The amount of Mac malware is still far less than what exists for PCs, but as Apple’s market share grows, so will attacks on and malware for the Mac platform. 2015 also was the first time significant quantities of malicious apps were known to have made their way into the Apple App Store for iOS (iPhone and iPad). For those who have been leaning on the perceived inherent “secureness” of Apple computers and devices, 2016 will likely hold further occurrences to erode this perception. Apple customers would be well-served to adopt the same types of operational and technical controls that PC users have long used to shore up their computers’ security.


 More Destructive Attacks will be Seen

To date, cyber attacks have focused primarily on gaining access to information that is intended to be confidential. Attacks on data availability have been primarily along the lines of network denial of service and encryption of files to be held for ransom. There have been some incidents of attack and malware intended to destroy data, including most prominently at Saudi Aramco in 2012 and the Sony breach in 2014; cyber attacks to interfere with control systems have caused serious industrial damage in the Iranian nuclear program (the Stuxnet attack) and to a German steel mill in 2014. There is every reason to expect that cyber attacks will continue to expand into the full spectrum of information warfare, including attacks on the confidentiality, integrity, and availability of information. Control system attacks will likely also lead to physical destruction in more cases.


Internet of Things Vulnerability Discoveries Continue

In 2015 we saw hacks that exploited cars, medical devices, and other non-traditional computing devices. As more industrial, commercial, and consumer devices are connected to the Internet for control and monitoring purposes, vulnerabilities in these devices will likely be found at an accelerating rate. To date, many device manufacturers have given little attention to proper security in their devices’ code and design, and have made little provision for updating the software on these devices. Organizations should take measures to further secure such devices the same way they would any computing device attached to the Internet. Organizations should also familiarize themselves with the software update functionality (if any) of their devices, and monitor manufacturers’ websites or other sources for any updates or vulnerability announcements.

Comments

Post a Comment

Popular posts from this blog

Weekly Infosec News Brief: 14-20 March

Image
Major Media Websites Caught up inNew Malicious Advertising Attacks Last week multiple major advertising networks, including Google's DoubleClick, AppNexus, Rubicon, and AOL were abused by attackers to serve up malicious advertisements on major media sites. These malicious advertisements were redirecting to the "Angler" exploit kit, which uses multiple means to attempt to compromise a browser and install malware. While such malicious ads are common on smaller websites, they are not unheard-of on major media sites. This outbreak, however, was unusually large and long-lived, lasting at least the better part of two days. Given how common malicious web ads are, some security experts are recommending the use of ad blocking technology in web browsers. http://www.computerworld.com/article/3044565/security/advertising-based-cyberattacks-hit-bbc-new-york-times-msn.html Malicious Macros in Word Documents Used to Install Malware with No Files Needed Everything old is new a
Read more

Weekly Infosec News Brief 20-26 July

Image
FBI Sees Massive Increase in Espionage, Including Industrial Espionage, Against the US The FBI on Thursday issued a press release discussing what they believe is an increasing threat of economic espionage against US companies. They estimate that such espionage may cost the US as much as "hundreds of billions" of dollars a year. This espionage is not just directed against large industrial companies, but any place where trade secrets and innovations might be found, including third-party organizations (e.g. business partners, vendors, consultants, lawyers, etc.) affiliated with targeted companies. A key take-away is that the threat is more widespread than most people think, and that few organizations are immune. https://www.fbi.gov/news/pressrel/press-releases/fbi-announces-economic-espionage-awareness-campaign http://www.cnn.com/2015/07/24/politics/fbi-economic-espionage/ Microsoft Releases Out-of-Cycle Patch for Critical Font Driver Bug A flaw uncovered in connecti
Read more

Critical Vulnerability Discovered in IIS 6.0 Web Services

Image
IIS 6, the version that runs on Windows 2003 Server, was revealed this week to have a serious vulnerability that could allow an attacker to run malicious code on the server. The vulnerability has apparently been known to some malicious groups for some time, as attacks exploiting this vulnerability have been observed as far back as summer of 2016. But last week a proof-of-concept exploit for the vulnerability was posted to GitHub, bringing public attention to the problems and providing potential attackers with a head start on developing their own exploit code.  That is likely to take this from a secretive exploit used by a few actors to one that will be widely used by many attackers, meaning anyone running a vulnerable server is a likely victim. Vulnerability announcements are common, but this one is especially problematic for several reasons: IIS 6.0 is a part of the Windows 2003 Server operating system, which aged out of support from Microsoft almost two years ago. There are an
Read more