2012 Cyber Security Predictions

Cyber-Security

With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? I asked the top researchers at my company’s research labs to take a few minutes and provide their top predictions for the coming year.

Last year our predictions were very accurate, so these predictions should provide very useful guidance for security professionals.

1. Your social media identity may prove more valuable to cybercriminals than your credit cards

Bad guys will actively buy and sell social media credentials in online forums. Trust is the basis of social networking, so if a bad guy compromises your social media log-ins, there is a good chance they can manipulate your friends. Which leads us to prediction #2.

2. The primary blended attack method used in the most advanced attacks will be to go through your social media “friends,” mobile devices and through the cloud

We’ve already seen one APT attack that used the chat functionality of a compromised social network account to get to the right user. Expect this to be the primary vector, along with mobile and cloud exploits, in the most persistent and advanced attacks of 2012.

3. 1,000+ different mobile device attacks coming to a smartphone or tablet near you

People have been predicting this for years, but in 2011 it actually started to happen. And watch out: the number of people who fall victim to believable social engineering scams will go through the roof if the bad guys find a way to use mobile location-based services to design hyperspecific geolocation social engineering attempts.

4. SSL/TLS will put net traffic into a corporate IT blind spot

Two items are increasing traffic over SSL/TLS secure tunnels for privacy and protection. First is the disruptive growth of mobile and tablet devices. And second, many of the largest, most commonly used websites, like Google, Facebook, and Twitter are switching to https sessions by default, ostensibly a more secure transmission. But as more traffic moves through encrypted tunnels, many traditional enterprise security defenses are going to be left looking for a threat needle in a haystack, since they cannot inspect the encoded traffic.

5. Containment is the new prevention

For years, security defenses have focused on keeping cybercrime and malware out. Organizations on the leading edge will implement outbound inspection and will focus on adapting prevention technologies to be more about containment, severing communications, and data loss mitigation after an initial infection.

6. The London Olympics, U.S. presidential elections, Mayan calendar, and apocalyptic predictions will lead to broad attacks by criminals

Cybercriminals will continue to take advantage of today’s 24-hour, up-to-the minute news cycle, only now they will infect users where they are less suspicious: sites designed to look like legitimate news services, Twitter feeds, Facebook posts/emails, LinkedIn updates, YouTube video comments, and forum conversations.

7. Social engineering and rogue anti-virus will continue to reign

Scareware tactics and the use of rogue anti-virus, which decreased a bit in 2011, will stage a comeback. Except, instead of seeing “You have been infected” pages, we anticipate three areas will emerge as growing scareware subcategories in 2012: a growth in fake registry clean-up, fake speed improvement software, and fake back-up software mimicking popular personal cloud backup systems.

2011 proved that in the world of enterprise security, anything and everything goes. This year, as broader adoption of mobile, social and cloud technologies explodes, we will see the bad guys move rapidly to take advantage of this shift.

One thing we do know from the explosion of breaches, amplification of advanced malware, and propagation of exploit kits is that the common factor here is very simply, the web. Almost all of the major attacks of 2011 employed a web component, whether as a vector, command-and-control center, or the pipeline for stolen data and critical IP. Web attacks are going beyond the browser, and as the number of API web requests gains momentum we will see attackers using the APIs for their own malicious exploitation.

The most advanced criminals are going to ride the waves of personal devices, personal social media use, and personal web activities of employees to create more advanced, social engineering attacks to get in. Many of the business and government attacks in the coming year won’t necessarily be about how complex the code is, but how well they can convincingly lure unsuspecting victims to click.

Dan Hubbard is chief technology officer for Websense. He is responsible for research and development of existing and new detection technologies, investigating disruptive technology trends, and driving innovation across the company. Additionally, he manages the global operations of the Websense Security Labs team and acts as the company spokesperson on all things security. At Websense, Hubbard implemented the world’s first Internet HoneyGrid as the technological foundation for the Advanced Classification Engine (ACE) and the Websense ThreatSeeker Network – which analyzes more than a billion pieces of Internet content daily to feed security intelligence to Websense Web, email and data security solutions – providing customers with the most up-to-date protection from Web 2.0 threats, unwanted content and other malicious attacks. Prior to Websense Hubbard served as a senior security architect and consultant, where he configured and implemented hundreds of perimeter security solutions for global Fortune 500 companies. He was also a senior network analyst at a Time Warner startup - The Palace, - a pioneer in online communications. During his tenure at The Palace, he architected and secured one of the largest real-time, online communications networks. Hubbard also served as a senior security analyst at Information Systems Management of British Columbia (ISMBC), a subsidiary of IBM Canada, where he defined and implemented a managed security service offering for the company’s large clients. Before ISMBC, he was a system engineer at Axion Internet, an Internet service provider. Hubbard graduated with a BSc in information and decision systems from Capilano College in Vancouver, Canada.

  • Hongwen Zhang

    Interesting predictions for 2012. The predicted increase of attacks on social media and mobile devices is a frightening one as both are becoming more common within the enterprise. One of the ways they can protect themselves is by ensuring network layer Data Leakage Prevention (DLP) to prevent the outflow of user data. Our company, Wedge Networks continues to lead the efforts through Deep Content Inspection to prevent the good things from flowing out and the bad things from flowing in.

  • Hongwen Zhang

    Interesting predictions for 2012. The predicted increase of attacks on social media and mobile devices is a frightening one as both are becoming more common within the enterprise. One of the ways they can protect themselves is by ensuring network layer Data Leakage Prevention (DLP) to prevent the outflow of user data. Our company, Wedge Networks continues to lead the efforts through Deep Content Inspection to prevent the good things from flowing out and the bad things from flowing in.