With the changing threat vectors and more sophisticated application level advanced threats, heuristics based technology with coordinated threat intelligence will become inevitable in critical installations. Multi-channel threat analysis will mean adoption of big data technologies and the rise of many managed security monitoring and counter-security solutions in the coming year.
Customised Malware-as-a-ServiceThe availability of new malware creation services in underground markets will make it easy for attackers to create customized exploits with little skill or effort. These tools allow malware authors to upload malware, run the tests against all the popular AV engines and identify which ones will not detect the threat. The tools then give the malware author customized HTML code they can inject into various webpages to cause people visiting those pages to load the malware in a hidden iframe.
These “MAAS tools" are being commercialized on the black-market and only take a few dollars to distribute customized attacks. Some even let attackers build malware in a tool by dragging and dropping features into an interface without even needing to know how to write code. Ultimately, this will lead to a further reduction of efficacy signature-based defenses as the customized malware becomes more common.
Driven by the diligent blacklisting efforts of Google of illegitimate websites hosting malware, attackers will look to use techniques such as Cross-Site Scripting to place malware on legitimate sites. As attackers increasingly find their own channels blacklisted by Google and find it much harder to rely on sites dedicated to hosting malware for distribution, only those leveraging an extreme degree of specificity and evasion will have success in the long run. Everyone else will fail miserably.
Security Will Become The Killer APP for Software Defined Networking (SDN)
In 2014, SDN will foster the rise of virtual networking focusing on activation, configuration and service chaining – the ability to direct traffic flows along a designated path. Security capabilities will begin to be distributed intelligently at the service layer making it easier for companies to quickly deploy in data center environments.
Active DefenseCompanies will look to adopt more active measures in response to the daunting task of protecting against ubiquitous, evolving and more sophisticated threats. Active attackers, and the threats they pose, take advantage of a fundamental asymmetry created by the passive nature of traditional security defenses. In response, more companies will adopt active defense techniques, like Intrusion Deception, to dynamically identify attackers and take real-time action to disrupt and frustrate their efforts. While the ethical and legal debates about the proper rules of engagement for companies will continue, acceptance of many active defense techniques is likely to grow.
We are also likely to hear more about outright offensive cyber-attacks and cyber-espionage between nation-state actors. It’s quite possible for a rogue nation state actor could move beyond espionage to actively disrupt critical infrastructure with attacks.
DDoS attacks techniques will continue to diversify. Historically DDoS attacks have been volumetric (Layer 3 &4) in nature. These attacks will continue to grow to scales where they could potentially reach sizes that bring down the internet backbone, let alone one site.
However the noteworthy trend for 2014 will be accelerating use and sophistication of Application (Layer 7) DDoS attacks, because this style of attack is far more difficult to detect as it typically bypasses traditional uni-directional volumetric DDoS mitigation technology and services. In 2014, the attackers will develop a more powerful portfolio of Layer 7 tools to exploit DNS, Database & Content server vulnerabilities. In response to this alarming increase in the complexity of DDoS attacks, many organizations that deliver online services 24 x 7, will adopt a hybrid DDoS mitigation policy using a mixture of off-premises DDoS mitigation services to manage the volumetric attacks and on-premise DDoS technology to manage App DDoS.
Data PrivacyWith revelations of widespread surveillance by the NSA, there is much more concern over privacy than ever before. This will lead to more people and businesses taking precautions to protect information from surveillance. For the security community, this will likely mean an increasing demand by companies for new and stronger encryption. For consumers, we are likely to see an increase in the use of privacy enhancing technologies like the TOR network, HTTPS Everywhere, Ghostry, VPN, and private e-mail services.
While positive for privacy, it is an unfortunate development for security, because as more users adopt these technologies, security administrators will begin to lose visibility and control over the traffic in their networks. With less ability to differentiate between desirable traffic and undesirable traffic, administrators and security solutions will be less able to defend their networks. As an analogy, imagine the ease at which a police officer can spot a suspicious vehicle on the highway from a speed trap. Now imagine how difficult/impossible that task becomes when you enclose the highway in an opaque tunnel, preventing the officer from seeing any vehicles.
Android MalwareThe current trends in smartphone and tablet adoption will continue, if not intensify. The result will be an even more tilted mobile ecosystem, in which Google’s Android consolidates its position as the most popular mobile operating system, and the primary target of attack for malicious actors interested in compromising mobile devices. While direct attacks on Android are possible, we expect that the current focus on Trojan-izing mobile applications to continue, as attackers are still garnering plenty of success in penetrating official and third-party Android application marketplaces.
Uptake in RansomwareAs attackers look to more quickly monetize their efforts, there will likely be an uptake in new and sophisticated versions of ransomware. These attacks are popular with cybercriminals because they often lead to quick profits and don’t require many steps to turn stolen information to profit. These new cases of ransomware are likely to prevent users from accessing their software or files until a fee has been paid to the attacker. Some new examples of this type of malware may not be sophisticated and will be addressable with commercial AV solutions, while others will be sophisticated enough to require the effected user to pay the ransom if they wish to recover their access. CryptoLocker is a very strong example of a sophisticated implementation of ransomware with no known remediation beyond paying the ransom.
SQL Injection and Other Well-Known Web Attacks Will Continue to be Effective
Despite significant awareness of known web-based threats, such as SQL Injection and Cross-Site-Request-Forgery, many data breaches will be caused due to these attack methods. Websites provide a large attack surface and fixing all the potentially vulnerable code is difficult. Further, even newer web applications still pass large amounts of information from the application to a data base, creating the possibility for attacks.
Mobile SecurityCorporate BYOD initiatives will mature to focus both on protecting the device and its connection back to the network. The increased adoption of security containers on devices to separate corporate and consumer data will usher in a new focus on providing the same level of granular protection for connections back to corporate networks. Baked-in per-app VPN will become commonplace and authenticating with multiple apps will become a thing of the past.
(The writer is Director - Systems Engineering, India & SAARC, Juniper Networks)