Top Threats for 2012? Just Look to RSA Agenda

Related Articles

• Longline Phishing
• Why You Must Manage Social Media
• Reliability and Security Must Be Decision Criteria for the Cloud

Subscription Options

Subscribe Newswire

Widgets & RSS Feeds

As a perennial New Year tagalong, many predictions have been tossed around the past few weeks. For messaging, the most agreed upon predictions appear to be social network security; targeted data thievery and attacks by groups like the Anonymous hacking collective; mobility; and malicious spam and Internet redirects. While there are other threats out there, these seem to be the ones most commented upon thus far for 2012.

Social Networks

For the enterprise, social networks are still a very hot topic. From marketing to customer service to brand building, organizations are integrating social networks into the fiber of almost all aspects of a company. This translates to an increasing value proposition from a cybercriminal’s perspective.

Michael Sutton, VP of security research at Zscaler ThreatLabZ acknowledges that the majority of malicious activity surrounding social networks today primarily involves unwanted or nuisance traffic as opposed to attacks that lead to a fully compromised machine. “We’re seeing an increase in likejacking and self-inflicted JavaScript injection attacks that have the same overall goal—drive Web traffic or prompt software downloads that can earn the scammer a few cents per click,” he says.

While attacks are not directly malicious, Sutton sees social networks (like Facebook) as valuable to more serious criminals for reconnaissance during targeted attacks. “They are a great resource for learning background information about an individual and uncovering relationships, all of which can be of great value for social engineering. We’re not however, commonly seeing the communication aspects of social networks used to deliver malicious payloads directly to victims or investments in uncovering Web application vulnerabilities used to compromise end-user machines as opposed to spreading the aforementioned scams.”

Going into 2012, Sutton believes attackers will raise the bar and leverage social networks for more sophisticated attacks, the goal of which will be “full compromise as opposed to marketing financial scams.”

Targeted Data Thievery and Attacks

While only three weeks into the New Year, take your pick of headlines for examples of targeted data thievery and attacks. Zappos.com admitted last week that more than 24 million customer records had been stolen. While no credit card numbers were accessed (because it was encrypted and hence protected) the data suspected of being taken included email addresses, phone numbers, shipping information, last four digits of payment cards and password hashes. The stealing of this type of data is now opening new conversations about what data is actually valuable enough to encrypt and be safeguarded.

Very busy last year, the Anonymous hacking collective is not lying low in 2012. In the last few days the group has taken credit for shutting down the Web sites of Universal Music, the U.S. Department of Justice, the Motion Picture Association of America, and the Recording Industry Association of America in retaliation for arrests made of executives from file-sharing service company, Megaupload. In a Tweet the group crowed this retaliation effort was “the largest on scale attack ever” taking down 10 sites in 20 minutes.

In addition, other reports suggest today that the T-Mobile USA Web server has been hacked by the TeaMp0isoN hacktivist group. Notes Avecto COO Paul Kenyon, “As well as being publicly hacked by the Anonymous-linked hacktivist group, T-Mobile has just exited sales negotiation with AT&T and is on the lookout for a suitor that will acquire its US operations. To have its Web server data so publicly hacked could not have come at a worse time.”

The data taken does not appear to be significant. Kenyon says early reports “suggest that only a superficial level of data—including low-grade passwords” was accessed. He terms this data thievery as a “classic case of corporate embarrassment over financial loss.”

Most experts believe more (and more spectacular) targeted data thievery and attacks will occur throughout the year.

Mobility

While mobile was hot in 2011, it shows no signs of stopping in 2012 as more and more organizations allow employees to use personal devices in the workplace.

Neil Saward and Deepak Bharathan, IT experts at PA Consulting Group, believe there are a greater number of organizations considering supporting BYOD (Bring Your Own Device) and expanding the corporate services available for smartphones and tablets. “BYOD enables an organization’s staff to use their own laptop, smartphone or tablets in the corporate environment rather than rely on ones provided by the IT organization. This provides greater convenience for employees, but can present a security challenge for organizations.”

This rise in device choice is reflected in Gartner’s recent prediction that by 2016 at least 50 percent of enterprise email users will rely primarily on a browser, tablet or mobile client instead of a desktop client. “While the rise in popularity of mobile devices and the growing comfort with browser use for enterprise applications preordains a richer mix of email clients and access mechanisms, the pace of change over the next four years will be breathtaking.”

The research firm believes that, “As IT delivery methods meet the demand for the use of cloud services and employee-owned devices, new software vulnerabilities will be introduced, and innovative attack paths will be developed by financially motivated attackers. The combination of new vulnerabilities and more targeted attacks will lead to continued growth in bottom-line financial impact because of successful cyber attacks.” Gartner says that through 2016, the financial impact of cybercrime will grow 10 percent per year, due to the continuing discovery of these new vulnerabilities.

Malicious Spam and Internet Redirects

For spam campaigns, social engineering is still the order of the day. Spammer’s tactics continue to work even in the midst of some unbelievable story lines. “If the spam we’ve seen is any indication, malicious spam we receive in 2012 will come in every available delivery method—email, social networks, IM—and continue to take every conceivable form: shipping confirmations, missed deliveries, reversed credit warnings, utility bills, credit card statements, complaints about you to the Better Business Bureau (whether or not you operate a business), online order confirmations from small boutique etailers, bank statements, electronic funds transfer rejection notices, poorly-spelled ‘friend notification’ emails from a wide variety of social networking sites,” wrote Andrew Brandt, director of threat research for Solera Networks Research Labs in a recent blog. “And yes, even I got drunk, had a stranger drive me home, but then the stranger got a ticket for running a red light, and now I need to find him contrivances. Seriously, who comes up with this crap?” Whatever you think of it, the spammers seem to know what they are doing, as people are responding.

Brandt believes the attacks will continue. “The big question remains which infection method will take the crown: zipped malware attached to the messages, or links to malicious pages and driveby downloads. Right now the two distribution techniques are running neck-and-neck.”

Compromised legitimate sites will also continue to be a popular. “It doesn’t matter whether you own a tiny art collective or you operate an organization as large as Amnesty International,” notes Brandt. “The continued existence of unpatched, vulnerable Web site code—in particular, vulnerable WordPress.org blog plugins—are set to become a big problem in the near future; that, and a massive flood of keylogger malware washing across the net means we’ll see a lot of sites get pwned in the coming year and used to redirect victims into an exploit kit.”

RSA Confirms It

One look at the agenda for RSA Conference 2012 and it is apparent that “defending” is a key theme for this year. The types of threats I mention above appear to be on the hot list for RSA too. RSA, always a moving date due to facility availability, will again be held in San Francisco’s Moscone Center February 27 through March 2. Notes Sandra Toms LaPedis, area vice president and general manager for RSA Conference, “…we use sophisticated ciphers, algorithms and technology to combat enemies intent on infiltrating our domain. But the frequency and severity of threats and attacks continues to accelerate. We must ask ourselves: Is our information threatened by the rise of social networking? How do we protect ourselves from the growing mobile access to the enterprise? For that, we must be sufficiently armed with the latest resources and knowledge to stay ahead of potential assaults.”

For combating the most expected threats this year, vigilance and the understanding that security is never really “done” appears to be the wisest attitude to take. Messaging News will cover these hot topics and much more throughout the year. From all of us at Messaging News, we wish you good “defending” in 2012.