Cybercriminals are successfully defeating security controls across the globe and in all industries. They have moved from the shotgun approach to a marksman’s methodology, becoming focused on the institutions they target.
More organised then ever before, tomorrow’s cybercriminal studies their prey and learns their security controls so then can bypass them and commit fraud. While the Olympic’s may be a distraction, it’s vitally important that security professionals don’t take their eye of the prize – to play these fraudsters at their own game, and win gold.
5 leading predictions for 2012:
1. 2012 will see new multipurpose multi functional malware
I predict malware, originally designed for one purpose, will evolve to pose a new threat with a malicious undertone. Non-financial viruses will morph to become financial malware and be used to commit online banking fraud. Conversely, existing financial malware, will adopt features introduced in non-financial APT attacks. Over the next twelve months perimeters will face an onslaught from various sources, viruses going financial, APT style technologies in ZeuS code derivatives manipulated by new coders and in other commercially available malware kits (e.g. Spyeye).
2. We’re on the verge of malware globalisation
Next year cybercriminals will realise their dreams of global domination as Trusteer expects to see widespread resale and repackaging of malware. This means code, originally designed specifically to target one geographical location, will be adopted and translated to target other regions or even countries. The end result will see terms such as ‘regional malware’ and even ‘malware free countries’ cease to exist as everyone, regardless of where they are, comes into the sights of the criminal fraternity.
3. Cyber criminals will up their game and improve evasion techniques
Ultimately a cyber criminal’s focus is on infecting the user’s PC and to remain undetected for as long as possible. It makes sense, therefore, that they will continue to improve their evasion techniques to ‘hide’ the rogue program or mimic that of another program. But be warned, where evasion techniques are unsuccessful, fraudsters will resort to developing malware designed to attack and destroy existing protection, with the premise that the organization, and its users, may not notice they’re vulnerable to attack.
4. Personal information, disclosed on social networks, will be used in social engineering attacks against the enterprise
Fraudsters, all too aware of the valuable intelligence freely available social networks, are starting to mine these data sources capturing the personal details needed to successfully complete social engineering attacks. I predict this will manifest itself over the coming year as an enterprise issue. As a crude example, if an enterprise uses a ‘secret question’ for password retrieval, it’s feasible that an individual’s answers could be researched via the net, the password reset and the legitimate account used to compromise the organisation.
5. The move to SaaS allowing malware attacks on enterprise applications
Many organisations, in an effort to reduce cost of enterprise application have moved to SaaS. However, as part of this process, many have outsourced services to external websites without first carefully considering the security risks it presents. While the damage that can be done has not yet been evident, Trusteer’s prediction is that it will become apparent over the next 12 months. Its belief is that many organisations will spend 2012 fighting flames, backtracking and perhaps having to withdraw these services.
Searching for security solutions that can turn the table on cyber criminals and maintain the upper hand requires a closer look at the shared attack vectors of successful cyber crime schemes. First, malware residing on the machine abuses the trust a user places in the browser and the rendered site, through which fraudsters can initiate an endless number of social engineering attack variations. Second, malware that has free access to application and system resources will eventually leverage technology and social engineering to penetrate any security control.
Cybercrime will eventually prevail if malware is allowed to infect machines and remain undetected and uninterrupted. Over time cybercrime prevention can simply not coexist with malware infected machines. Consequently, effective sustainable security requires cyber crime intelligence that identifies new malware attack and infection behaviours, complemented by the ability of the security control (technology and process) to quickly adapt to and defeat new threats. Forewarned is forearmed, and you’ve been warned.