Tag Archive | APT

Predictions: “Security 10 for 2017” – Time to consider where to act and to “Act now”

Once a year either at the end of an old or the start of a new year, I deliver a view on the forthcoming year. Common to many industry analysts who “call” the market, it’s a view based on customer sentiment (I speak to many many customers), extensive research, market knowledge and many years of experience (an elegant way of writing “gut feel”). This year I will release the “Security 10 for 2017” earlier than normal to reduce the comparison to other market perspectives that will appear on mass in January. Important note: the views within are my own and do not constitute the views of Computacenter Group.

This overview will be slightly longer than my normal 400 – 500 words, however I hope you understand the content deserves the extra literary real estate. Happy reading.

1: IOT attacks will increase

Focus on IOT non-human devices with weak security may increase as they become the ideal candidates to be used as botnets or drones. The weaker security layers within IOT devices with less evolved security components may result in the industry acting in catch up mode as each compromise signposts the remediation required and the next likely targets. There is no easy fix in sight with between 24 and 50 million IOT connected devices expected by 2020 but security basics including changing default passwords and remaining in tune with vendor software and patch updates are mandatory first steps. Key tip when considering IOT to deliver a business outcome, start with security in mind and end with security by default.

2: DDOS mega attacks will continue and worsen

DDOS attacks haven’t gone away, in fact Akamai cite a 125% increase in year on year attacks. With an increased volume of bots enabled via compromised IOT platforms and the real world turmoil generated by the massive DYN DDOS attack in October, attackers may consider the potential for disruption second to none. DDOS protection solutions have been deploy and forget for far too long with insufficient proactive scrutiny of logs and early warning alerts that may indicate a future larger attack is pending. Now is the time to fully understand the protection delivered by the service provider as a minimum to determine the likelihood of a successful attack.

3: Rise of insider (user) driven attacks.

Sadly humans can be a weak link with non-malicious user errors and insiders encouraged, bribed or bullied into undertaking actions that compromise systems. As client and datacentre security solutions increase in capability, therefore deliver enhanced protection, the user remains the least protected vector. User awareness, education and (with emphasis on accountability and liability) is continually highlighted as essential – now is the time to act and assign the highest priority level possible to security education for end users.

4: Last minute rush for GDPR compliance

Common to other historical compliance requirements, GDPR may suffer from a yearlong “wait and see” with the result slow progress, then a crisis driven rush to design and deploy solutions. GDPR shines a light on privacy with emphasis on data that contains personally identifiable information must be secure by default. The journey to compliance starts with awareness of the key GDPR directives, quickly followed by the need to understand the type of data in existence, where it resides across the enterprise and whether it is within the scope of GDPR. GDPR assessment and remediation solutions will be a major business impacting activity through 2017.

5: Social engineering attacks may become undetectable

Social engineering attacks may become so personalised and well-crafted they may be hard to detect from a human or systems perspective. Whether it’s sales driven “Black Friday” or the Christmas “social” season updates, the endless stream of social media publicised events may act as a catalyst to drive increased volumes of “better than good enough” phishing messages with amazing offers (that sadly deliver a malware payload or redirect). Social engineering is an area positively affected by enhanced user awareness and education.

6: Ransomware may spiral out of control

2016 has proved a successful year for ransomware with ransoms increasing in size and frequency – 2017 may see attacks increase rather than decrease. Recent vendor commentary indicates as many as 54% of UK businesses have experienced some form of attack (source: malwareBytes). Ransomware authors based of the sheer volume of malware released have access to an unprecedented amount of potential human targets. Client security solution enhancement, with the arrival of specialist anti exploit solutions may slow the ransomware march but not without the assistance of greatly increased end user security education. The fear of modern ransomware will drive a review of existing endpoint security technologies to reduce or eliminate the number of “first casualties” as surely one casualty is one too many

7: Cloud computing specific attacks will increase.

With organisations moving to the cloud, dedicated attacks (compromised permissions, etc) on cloud delivered applications and workloads may become the norm based on the potential to gain the largest prize. Cloud platforms are extremely well protected but the long list of potential attack vectors including credential theft, DDOS, data theft, compromise via zero day exploits and many other general security attacks (but targeted at cloud computing) may steadily increase as enterprises accelerate their use of cloud computing solution delivery modes.

8: Credential theft will continue to rise.

A robust digital identity is fast becoming a key deliverable within modern enterprises to facilitate secure single sign on across multiple platforms. This makes a stolen credential more lucrative than ever. Digital identity and credential theft may rise to the top of the security risk agenda for many organisations with digital credentials the golden key to both known and unknown “digital enterprise locks”. Attackers are familiar with the process of stealing credentials for access or to create subsequent hidden and elevated credentials for use during an attack. A least privilege, zero trust approach to IT security must become the new normal.

9: Banking and payment system attacks will increase.

As the world moves to digital payment by default, compromise of a payment system, ATM, contactless platform or digital financial services intermediary may deliver a major shock to the confidence of the financial sector as a whole. We now have attacks on banking and payment systems that have successfully breached existing defences leveraging both known and unknown techniques. This may encourage attackers to invest further to ensure they remain one step ahead of not just those defending but equally other assailants seeking to attack first then disappear. Enhanced visibility is a must with assistance delivered by big data and machine learning enabled advanced security platforms to proactively stargaze “what could happen next” before it occurs.

10: Dedicated attacks on “HomeHub” smart technology

We are entering an era of smart home devices and intelligent digital assistants. This style of attack may exhibit nothing previously seen and include highly non standard attack modes including homes held to “thermal ransom” with heating systems shut down or the potential for unexpected orders / purchases from voice activated digital assistants that may not be detected until a later date. It is a valid assumption that “smart home” technology with wireless enabled devices, creating and accessing data continually will permeate even the most basic home / work environment. Protection of smart home / IOT platforms will evolve as adoption increases, but the initial lag may create a window of opportunity for attackers.

 

The “Security 10 for 2017”mentioned could be 20, 30 or 100 depending on the enterprise, vertical market and enterprise current state. A few of the perspectives mentioned may concur with other industry / market watchers and others may even deliver a totally different viewpoint. However all are areas of potential attack or compromise that should be considered to determine the likelihood of a successful attack and therefore form part of a pre-emptive protection or remediation plan for 2017.

2017 will be the year good enough security may not be “good enough”. Now is the time respond to minimize the need to react.

Until next time.

Colin

Twitter: @colinwccuk

Chief Technologist Computacenter UK:   Networking, Security and Collaboration

Important note: the views within are my own and do not constitute the views of Computacenter Group.

 

“Security Breach” – Stop, think, act now – Don’t lose your money or data to “GameOverZeus”

As we continue to accelerate towards a personal and professional society almost dependant on a digital umbilical cord, the level concern and negative impact equally increases. Zeus (the well known malware Trojan) and Ransomware are now the terms on the lips of all as they have moved through 2014 from a security point of interest to an industry-crippling threat. It is written that circa $500m of banking related financial loss and Cryptolocker ransom requests (who knows the true figure) have been paid to date by those unfortunate enough to have critical information sealed under the digital lock & key of the attacker in question, or siphoned off through a malware Trojan secret back door. But that was then, the news bulletins of the past 24 hours have been carefully crafted to heighten the awareness levels of all of a far more worrying threat sitting above us right now.

The NSA, FBI, UK based cyber agencies and worldwide cyber intelligence organisations have targeted a major global banking/ransomware threat and have shSecurity Image 1ut down communication between the attackers and the currently affected platforms (and hundreds of thousands of compromised systems already exist globally).  The multi-faceted attack consists of the well-known “GameOverZeus” banking malware Trojan (that hides until banking applications are launched) and Cryptolocker (locks and encrypts all data on a disk drive until a ransom is paid). At present over 16,000 UK-based computers are affected by the malware payload, but for now, with the attacker communications (command and control) site down or out of reach the malicious payload cannot be launched. However the real worry is those grand efforts are only delaying or slowing an even larger, more destructive attack, as within a fortnight the attacker communications environment could return to service and enable the global attack on any malware-compromised Microsoft Windows-based unprotected device.

For once, this is NOT a drill and now is the time for vigilance by all. Cyber-attacks are now so ferocious with the potential for personal disruption so great, malaise and ignorance have no place. First step, ensure the Windows update operating system patches that underpin your desktop and mobile devices are working and FULLY up to date. Next, ensure all anti-virus / malware signatures are updated daily (irrespective of the external news commentary the paid-for solutions of the leading end point security vendors are materially better than freeware options). Be aware of targeted emails encouraging you to click on links unknown to you or to download files you are not expecting – just don’t !! And most importantly of all (and the option many frequently ignore) back up critical files, documents, pictures onto another offline storage medium (cloud, usb key, external hard drive) – it is imperative that your key digital data assets exist safety elsewhere (to protect against the worst case data loss scenario).

The world’s leading security agencies are highlighting the critical time-frame of a fortnight to ensure all Windows-based computers are fully up to date, with updated anti-virus / malware software and formally scanned to remove any trace of the GameOverZeus/Cryptolocker malware. Fail to act over the next fortnight (on all the points mentioned) and the result could be a compromised machine at the end of that short period (with the potential for data / financial loss).

The IT, corporate and social network communities are used to prophets of doom highlighting that digital Armageddon is just around the corner. That may normally be somewhat over played on the grand scale, but if you personally lose or lock out digital information unique to you, unavailable elsewhere – the emotional, financial and professional impact may be far more than you can bear.

Act now, protect now – tomorrow may be one day too late.

Until next time,

Colin W

Twitter: @colinwccuk

Security Matters – It’s currently all about “Heartbleed” but what else lies beneath?

At the start of the year I said to anyone who would listen (and that was a fair amount of people) that 2014 would be a milestone year for security and unified communications (UC). We will come back to UC another day, but security is really living up to the prophecy. 2014 is common to previous years with visible attacks, invisible attacks, well published breaches, hidden breaches and all of the above now carefully positioned under the Cyber Threat banner (the advanced persistent threat moniker of yesteryear now seems out of fashion).Security image 2

And already as we cross into quarter two of the year we face the first “cause for concern” security breach that isn’t just affecting the IT rich major corporates, but has the potential to affect anyone who uses the internet in earnest.  Heartbleed is that security breach and exposes vulnerabilities in OPENSSL, the security used to maintain secure encrypted conversations (passwords, usernames, etc.) by some web servers. OPENSSL gives informed users and laymen alike confidence to access the World Wide Web assured that a secure interaction is happening so a problem like Heartbleed potentially has major ramifications. We have always aligned with the view that the use of SSL, https, closed padlock signs on browsers, etc. should have signalled a “secure transaction” but sadly now that perspective is under scrutiny based on a vulnerability in OPENSSL that may have been evident for two years. That is two years when attackers “could” have been accessing hidden digital keys in those seemingly secure browsing or web interactions and “could” have been using those keys to hack the user/sites in question. A quick search across the web for a list of potentially vulnerable sites presents a “who’s who” of many of the biggest and best know destinations on the web.

Good news, the vulnerability was announced and highlighted last week (and most of the key sites have all but eliminated the vulnerability) – bad news, few know or are saying what or if the vulnerability has been used to attack to date.

So where does that leave us – thankfully informed and with that equipped with a “call to action” to ensure we are protected against the Heartbleed threat. But it shouldn’t stop there, if a threat of such magnitude has been hidden / secret for two years what else lies beneath your network, systems, and data – could that next “security threat alarm bell” ring for you. Do you know with confidence if your IT systems, company data, personal data are really secure? I rarely plug IT services and solutions on this blog but it may be time you gave us a call.

Until next time.

Colin W

Twitter: @colinwccuk

“Is my data safe – are my systems secure”. Knock once for Yes and twice for No

IT security infrastructure and associated services aim to deliver the secure computing outcomes expected by enterprise organisation. Put simply via effective use of polices, process, IT security platforms, intellect and a little bit of luck organisations and their customers trade and interact in a secure manner.

But do they really? If 2011 was the year of the hack, 2012 is already becoming the year of the advanced attack. The security threat is no longer one of simple endpoint viruses or malware (even though they still exist), but one of advanced threats and attacks with a level of sophistication that makes them difficult to detect. The term APT (advanced persistent threat) seemed to be a marketing term to sensationalise and align real focus to the new wave of multi vector attacks. But no sooner had we branded them, the innovation within the attacks in question has increased.

The new kid on the block is allegedly “Flame“, a virus claimed to be the most complex malware ever found. Threat analysts worldwide have positioned “Flame” as potentially another nation state style malware vehicle that steals carefully selected data (Stuxnet was allegedly another), with a level of sophistication that may take years to analyse and understand.

In the past, this could be ignored as one of those IT systems, or technology based problems that the IT team should solve (and are paid to solve) so deemed less of a priority amongst the non technical community. But with so many high profile names (including Government bodies) now regularly appearing on BBC news apologising for data loss means it may not only be happening by stealth within your organisation, it may be happening as you read this blog (as the best malware isn’t designed to be easily found).

Does that mean it’s time to admit defeat and prepare your apology (and potential resignation letter). Absolutely not – now is the time to challenge even your most secure environment and ask yourself that worrying question “Is my data secure”? Can you really answer “Yes” with confidence?

Enjoy the Queens Jubilee weekend (and keep safe)

Until next time.

Colin W

Twitter: @colinwccuk