Connect with us

Hi, what are you looking for?

HEADLINES

10 security predictions for 2014

The theft, misuse and exploitation of privileged accounts has become an increasingly key tactic in each phase of an advance persistent threat (APT) attack cycle, and this will largely continue into 2014.

Artwork by Janis Dei Abad

CyberArk has outlined its security predictions for 2014. 2013 has seen many high-profile security breaches, including the NSA-Edward Snowden case, involving the exploitation of privileged or administrator accounts. The theft, misuse and exploitation of privileged accounts has become an increasingly key tactic in each phase of an advance persistent threat (APT) attack cycle, and this will largely continue into 2014.

1. State-Sponsored Attacks Will Become Splintered and More Common
The revelations of the spying programmes by the NSA, GCHQ, and other intelligence agencies have established a precedent how governments use the Internet and technology for national defence. More and more countries are expected to embrace and go beyond this approach – both in terms of passive surveillance and in aggressive cyber-attacks.  The major geopolitical players (the West, Iran, China, and Russia) will continue to refine their cyber efforts, which will have a major impact on the powers of rogue nations and state-sponsored terrorist groups.  As with Stuxnet, these attacks are dismantled and re-purposed – the attacks become commoditised and trickle down to the rogue elements.  There will be more attacks of this nature occurring, for a wider array of reasons – economics, politics, and terrorism.

2. Encrypt Everything
The fallout of the Edward Snowden breach will continue to have a major impact on everything we do. As companies like Google continue the call to now “encrypt everything,” new encryption standards will emerge. As encryption methods develop, frontiers will be reached in encryption and hash cracking, whether by novel mathematical methods or by dedicated hardware, such as this 25 GPU-based platform.

3. Malware Prevention Hits the Rocks
The death of the perimeter has been predicted to some degree for the past 10 years. While there will also be a market for perimeter oriented technologies, there will be wide scale disillusionment with technology like next-generation firewalls and sandboxing, primarily driven by the fact that more and more companies will experience targeted breaches, despite having installed these solutions.

 

Artwork by Janis Dei Abad

Artwork by Janis Dei Abad

4. Increased Spending on Insider Threat Prevention
The insider threat is ever present and hangs over every company. The Edward Snowden incident continues to reverberate across industries.  Hence there will be a much greater emphasis on the person aspect of insider threat prevention in 2014.  Companies will spend more money and time on employee screening and monitoring, with a stronger focus on outsourced and contracted positions. A much greater emphasis on monitoring and controlling privileged users is also expected.

5. Social Engineering on Steroids
Social engineering has always been one of the best assets cyber-attackers have at their disposal to breach perimeter security. From spoof emails to fake websites, attackers use the human condition to bypass perimeter security and deliver their malware payload directly into a network. There will be more attacks like the ‘damsel in distress,’ a targeted attack aimed at male IT workers that used fake social profiles of attractive females who were posing as new hires and requesting ‘help,’ or fake job proposals and phone calls from ‘head hunters’ to solicit information – all to get one employee to unknowingly open the doors for an attack.  As online identity increasingly becomes tied to social networking sites, the sophistication of social engineering attacks will grow.

Advertisement. Scroll to continue reading.

6. Hacking the Supply Chain
Cyber attackers revealed a similar strategy in 2012 and 2013 by targeting technology vendors (especially security vendors) in an effort to build backdoors or bypass security at corporate clients. This attack vector will worsen in 2014, as more cyber attackers infiltrate companies well down the supply chain to implant malicious code into software products that eventually get installed at a later date in the real target company’s network.

7. Controlling a Connected House
Researchers have shown how to use hardcoded and default passwords as backdoors to many enterprise and consumer products.  This year, researchers (or attackers) will demonstrate how easy it is to hack smart meters through default passwords.  Through this access, hackers will be able to commandeer the environmental controls of a house.

8. Organising Crime
2014 will show just how far organised crime can reach into the cyber world as more and more groups target law enforcement networks in order to steal information on current investigations in an effort to stay ahead of the long arm of the law.

9. Black Fridays
Yes, there is a black market for cyber criminals, where malware, hacking tools and assorted other cyber-attack related items are sold.  In 2014, administrative passwords and privileged credentials will become the number 1 hot item on the cyber black markets.  The world has witnessed a glimpse of this already in 2013 in the indictment for hacker and black market entrepreneur Andrew James Miller.

10. Cloudy Days Ahead
It is simply a matter of time when one of the main cloud providers is breached – causing wide spread disruption and downtime.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

SOFTWARE

MicroWorld's latest offering aims to reinvent cybersecurity in the face of an ever-evolving threat landscape, especially in light of the ongoing pandemic. The cyber...

HEADLINES

When you compare the immense financial losses that a breached company suffers with the much smaller-scale financial transactions taking place on these criminal forums,...

HEADLINES

The vast majority (70%) of all IT teams said the number of phishing emails hitting their employees increased during 2020. This rose to 82%...

HEADLINES

According to WorldRemit, there are four industry-wide scams that Filipinos should be aware of this 2021: “email scams, online dating scams, shopping scams and...

HEADLINES

Ransomware has become a modern epidemic, hitting government, hospitals, schools and private enterprises and any other targets deemed vulnerable to extortion and capable of...

HEADLINES

Data acquired by Finbold projects that the number of VPN downloads globally will hit 1.05 billion in 2021. The projection represents a growth of 70.45% from...

HEADLINES

The new version of Kaspersky Endpoint Security for Linux hardens defenses from exploits and ransomware attacks. It also extends protection for DevOps with support...

HEADLINES

As the Philippines continues to be on lockdown, virtual classes are still the safest option so students can continue to learn. However, digital transformation...

Advertisement