10 security predictions for 2011

WatchGuard Technologies’ security analysts provide their 2011 security predictions:

10. “APT” becomes security acronym of the year – Heard of “APTs” (advanced persistent threats) yet? You will in 2011. Although there is no single, standard definition, APTs have these things in common:

• They apply the most advanced attack, infection, and malware propagation techniques known.
• APTs are designed to stay hidden within a victim network or host for a long period of time – typically by using strong rootkit technology, cleaning logs, and slow, quiet Command and Control channels.
• They tend to have a specific, targeted goal in mind.
• In reality, APT is just a new way to say very advanced malware attack; so this prediction has two parts. First, WatchGuard expects security experts to jump on the term and over-use it throughout 2011. Secondly, WatchGuard expects to see many more treacherous attacks this year that fit the APT category.

9. Cyberwar escalates – Cyberwar skirmishes will occur almost daily. Many believe the Stuxnet worm is a perfect example of a politically motivated attack, likely created by a state-funded team of hackers. The amazingly advanced, highly targeted worm primarily infected Iranian uranium manufacturing facilities with the sole purpose of quietly disrupting the uranium enrichment process. Government, infrastructure and financials will need to be hardened to handle the next onslaught of web attacks.

8. VoIP attacks grow – In 2011, WatchGuard expects to see full-force VoIP attacks. Just in the last few months, VoIP scans and attacks have increased significantly. Some of this has to do with the public availability of VoIP attack tools, such as SIPVicious. Moving forward, brute-force and directory traversal class attacks against VoIP servers will be as common as they previously have been against email servers.

7. Perimeters shrink and harden – Many security researchers have rightly pointed out that networks have become more mobile, and that businesses need protection outside the perimeter to help ward off threats to mobile resources. While that’s true, it doesn’t mean that the perimeter disappears. In fact, WatchGuard expects to see organizations concentrate their perimeter around the assets that matter most – data – that results in concentrating primary perimeter defenses around data centers.

6. Cars hacked in 2011 – Hackers are always trying to find new ways to infiltrate computing devices, cars are no exception. Because cars have become more “connected” than the average computer – with built-in Bluetooth, 3G internet, GPS, OnStar, and dashboard computers – WatchGuard expects more attackers to get into the car hacking game, which is especially worrisome considering the potential for physical harm via a car attack/hack.

5. Facebook and other social media become lead threat vectors – Remember when email attachments were the biggest threat businesses faced? Most of the malware infecting PCs arrived as an executable attachment that proxy firewalls could outright block. Now most attacks come from the web, and one site poses the largest risk of all – Facebook. When you combine Facebook’s culture of trust, the many potential technical security issues (Web 2.0, API, etc.), and it 500+ million users, computer attackers and social engineers have a huge and attractive playground. WatchGuard believes links on Facebook will become the most common threat vector, similar to how attachments in email were years ago.

4. Manufacturer-delivered malware keeps growing – It used to be that one could buy a laptop, a storage device, or even an electronic picture frame and expect the thing to be malware-free. No more! Through 2010, there have reports of many popular products arriving with infections out-of-the-box. In some cases, big companies have even embarrassed themselves by handing out such infected devices at well-known security conferences. This year, WatchGuard expects this “manufacturer-delivered malware” trend to get even worse. WatchGuard recommends that businesses scan all of our new electronic purchases before connected to any corporate networks.

3. DLP for intellectual property protection – WatchGuard believes that governments around the world will become more involved in protecting intellectual property this year. New laws and regulations will force more organizations to implement stronger IP protection, resulting in new security technologies to help keep data and IP from being stolen or used in an unauthorized manner. In 2011, expect to employ even better data loss prevention mechanisms than those currently available.

2. Detection becomes a priority – When implementing security controls, most organization focus more on protection and prevention than on detection and analysis. This will change in 2011. As increasingly advanced threats surface, administrators will realize that even the best prevention technologies cannot stop malware from entering the network. This realization will help them recognize that it is just as important to be able to detect and analyze a threat that has already entered the network, as it is to prevent it from entering. As such, technologies will become very popular in 2011 that can:

a. Increase network visibility
b. Identify threats already infecting business networks
c. Correlate aspects of a network attack
d. Help with forensics

1. Malware as a Service (MaaS) – Over the years, as hacking has become more organized and criminally controlled, the hacker underground has started to mimic commercial markets by releasing pre-packaged, black-market exploit kits. One can already buy web attack kits, pre-packaged botnets, and ready-to-go malware from underground web sites and forums. For 2011, WatchGuard predicts that the criminal underground will take this a step further by creating a convenient “app store” for malware, which means that script kiddies will be just one click away from instantly unleashing their own botnet.