2013 has been an eventful year in the Information Security space as information became the most valuable & challenging asset for organizations while being borderless and dispersed, as cloud, mobility and “Bring your own device” took a stronger hold on businesses. Information Security has been immensely threatened with businesses, government and individuals relying on the internet for dynamic needs and cybercriminals have devised more sophisticated methods/techniques to trap victims. Blurring boundaries between consumer and business, sophistication in enterprise attacks and dispersion of authority for security within the ecosystem has led to growing concerns over data, financial information and critical infrastructure.
The threats observed throughout the year were in line with the predictions firstmade by Symantec which saw conflicts between nations, organizations and individuals; using evolved social engineering techniques such as Ransomware, Madware and Cloud based attacks aimed at financial gains, IP and in some cases to bring down the critical infrastructure. Symantec’s report findings also points at India as among world’s top five countries for the highest number of incidences of cybercrime such as Ransomware, Identity Theft and Phishing. India also witnessed a 280 percent increase in Bot infections, with a sizable percentage coming from cities emerging cities such as Bhubaneswar, Surat, Cochin, Jaipur, Vishakhapatnam, Indore, Kota, Ghaziabad and Mysore.
As the New Year approaches, we predict that this trend will only further increase as cyber criminals continue to employee more sophisticated and targeted techniques. They will continue to focus their attacks on data stored on the cloud vs. data stored on the network, thus putting a massive challenge for enterprises to handle.
Below are Symantec’stop predictions in the Information Security space in 2014:
1. “Targeted attacks” on the upsurge through sophisticated techniques
In 2013, we reported on a sophisticated social engineering attack implemented at a French-based MNC who got Francophoned, where the administrative assistant to a vice president received an email referencing an invoice hosted on a popular file sharing service and subsequently received a phone call from another vice president within the company, instructing her to examine and process the invoice. However, the invoice was a fake and the vice president who spoke to her with authority was an attacker. Incidents like these were observed and we predict that in 2014, these attacks will become commonplace and attackers will further refine these targeted attack tacticssuch as Ransomware to make financial gains.
2. Perils of Social Networking – no matter how “niche” or obscure.
It’s tempting to believe that you can move to a new neighborhood and all your old problems will go away. They don’t in real life and they won’t when it comes to social networking. Any new social network that attracts users will also attract scammers and miscreants. It has been observed that individuals are increasingly choosing convenience over safety and constantly exhibiting a potentially risky behavior online. According to the latest Norton Report 2013, 18% social media users connect with people they do not know and 61% access their social network account over unsecure wifi. Therefore it is important to protect yourself by using security best practices no matter where you are on the Internet or how you connect to it especially on social networks.
3. The “Internet of Things” becomes the “Internet of Vulnerabilities.”
With millions of devices connected to the Internet—and in many cases running an embedded operating system—in 2014, they will become a magnet for hackers. Security researchers have already demonstrated attacks against smart televisions, medical equipment and security cameras. Already we’ve seen baby monitors attacked and traffic was shut down on a major tunnel in Israel, reportedly due to hackers accessing computer systems via a security camera system. Major software vendors have figured out how to notify customers and get patches for vulnerabilities to them. The companies building gadgets that connect to the Internet don’t even realize they have an oncoming security problem. These systems are not only vulnerable to an attack – they also lack notification methods for consumers and businesses when vulnerabilities are discovered. Even worse, they don’t have a friendly end-user method to patch these new vulnerabilities. Given this, we are going to see new threats in ways in which we’ve never seen before.
4. Cybercriminals will target the weakest links in the Enterprise ecosystem
Third party consultants, suppliers and partners outside the enterprise network as well as business associates in the ecosystem will be the easy targets for attackers as they are the weakest links in the information exchange chain. This includes consultants, contractors, vendors and others who typically share sensitive information or even have access to the networks of large organisations and Government entities. And, it has been repeatedly observed that only a few of these partners have sufficient defenses.
5. Cloud will be in the crosshairs for cybercriminals
Increasingly enterprises and individuals are using public clouds to store and access data. As per the latest Norton Report 2013, 29 percent individuals in India and 24 percent across the world are already practicing this trend. And with rise in usage of these platforms for both personal and private information, it is highly likely that we will see this as an easy target for cybercriminals to penetrate these data-rich cloud platforms for profitable motives.