The cyber landscape is quickly evolving from hacking by teenagers to nation-sponsored cyber crime. As a result, in the next decade, we will face new cyber security issues and trends. To cope with these more complex and powerful cyber threats, organizations must shore up their existing cyber defenses to protect and mitigate these malicious attacks with a combination of security software and new real-time capabilities.
In 1983, the nation was introduced to WarGames, an Academy Award-nominated film chronicling the exploits of fictional hacker David Lightman as he successfully (and unwittingly) penetrates a U.S. military supercomputer, almost starting World War III. Back then, hacking was left to teenagers, and the Internet itself was hardly a household term. This thriller introduced the extraordinary idea that a common hacker could wield his keyboard as a weapon to initiate mass destruction.
The Evolving Cyber Landscape
Since the film was released, computer knowledge and access have increased, and weve become a truly Internet-centric society. In fact, in just this past decade, worldwide Internet usage has grown 444.8 percent1. Its an astounding number, yet its hardly surprising: The Internet has become the foundation of our everyday personal and business lives. We use it to do our banking, our grocery shopping and our general communicating. On a larger scale, the Internet powers critical infrastructures utility grids, aviation, space transport, shipping and mass transit, to name a few and carries information relating to national security and safety.
While advances and expansion in the Internet and technology in general revolutionized our lives and how we conducted business in the first decade of the 21st century, they also presented new cracks through which nations and well-financed and sophisticated cyber criminals obtained data and manipulated our critical infrastructures and made a boatload of money. Hacking, for one, was tagged as a billion-dollar business run by criminal cartels. In fact, wave3.com reported that one busted organized cyber crime gang in the Ukraine made $900 million in a single month2.
Viruses, spyware and malware have also been on the rise since 2000. Remember SQL Slammer, Conficker, MyDoom and ILOVEYOU? And McAfee reports that the first six months of 2010 alone was the most active half-year ever for total malware production3.
Distributed Denial of Service (DDoS) attacks also popped up all over the news, moving from fun to profit to politics. First, in 2000, Mafiaboy shut down Amazon, CNN, Dell, eBay and Yahoo! with a DDoS attack. Then opportunist criminals used DDoS attacks to hold various gambling sites for ransom. In 2007, DDoS attacks turned political when Russian sympathizers used them to literally shut down Estonias entire network of government Web sites. The following year, Russian organized crime targeted Georgia with a DDoS attack.
Zero-day attacks, botnets and attacks on social networks also entered the cyber crime fray over the past 10 years, and are poised to continue their destruction in the foreseeable future.
Looking Forward: Top Cyber Issues for the Start of the New Decade
Narus believes that we will be faced with a continuation of cyber threats that originated over the past several years, as well as new threats along the lines we indicate here. We expect to see more cyber security threats launched for financial remuneration or political gain, la the current Wikipedia DoS and DDoS attacks to shut down PayPal, Visa, MasterCard and counter-attacks. Here, weve compiled a list of the top 10 key cyber threat trends for 2011 and beyond.
1.Attack of the USB. Cyber criminals are taking advantage of individuals inclination to share with friends and the growing memory capacities of USBs. As USB drives become cheaper and information is made available on them at trade shows, the possibility of Trojans and other malware increases. In fact, research conducted by analysts at the Avast! Virus Lab has found that 1 out of every 8 attacks on computers now enters via a USB device4.
2.Large-scale, targeted botnet attacks. Bots seem to be the weapon of choice. Botnets have begun using protocols such as HTTP and DNS for coordinating their bots since these traffic flows are always allowed by firewalls by default. The challenge therefore lies in detecting which HTTP or DNS traffic corresponds to bots vs. legitimate users. In the future, expect to see more sophisticated targeted peer-to-peer-based botnets (along the lines of Storm) that will be completely distributed with no standard command-and-control traffic.
3.DDoS attacks. There are two types of DDoS attacks: those that intend to disrupt services and those that crash services by flooding servers. Regardless of the intent, DDoS attacks spurred by political activism or for disruption and destruction of critical infrastructures will continue to rise.
4.Increased attacks on and via social networks. Social network users can expect more threats to travel virally, infecting everyone on a users friends list. Future viruses will likely be designed to steal or delete users personal information, which can be sold in numerous black markets and used to acquire credit card and bank information.
5.Click jacking and cross-site scripting. These social attacks are related to No. 4 on our list. The goal of click jacking and cross-site scripting is to trick users into revealing confidential information, or taking control of a users computer while they click on seemingly innocuous Web pages. It takes the form of embedded code or scripts that can execute without the users knowledge, such as clicking on a button that appears to perform another function.
6.Phishing attacks from trusted third parties. These attacks originated over the past several years and will continue, especially with the increased use of smart phones for mobile e-mail. The most common attacks come in the form of e-mails from recognizable companies, banks or organizations that tempt the reader to open a link. The attacks can come via office or personal e-mail. The most recent incident was the malware-infected holiday e-card purportedly sent from the White House. Its reported that those who downloaded the links became infected with a Zeus Trojan variant that would steal passwords and documents. The hijacked information was uploaded to a server in Belarus. It has already stolen sensitive data from numerous people.
7.Online fraud and money mules. This is another side of phishing attacks and has become a bigger problem with increased unemployment and the unstable economy. The dramatic rise in phishing and identity theft attacks includes a well-organized offline component the not-so-innocent money mules recruited by fraudsters to launder stolen money across the globe. The ads appear innocently on all the major employment listing sites, offering stay-at-home positions titled financial rep or sales representative. These, however, are active attempts to enlist people to transfer illegal funds from credit card thieves. Easy money-transfer sites like PayPal are targeted. The number of money mule sites is increasing exponentially each year.
8.Cloud computing concerns. As cloud computing becomes more of a reality for many companies, the opportunities to compromise data and cloud networks increase. Companies that adopt cloud-based services are made vulnerable as sensitive information (financial, employee, corporate and medical) travels to and from protected networks via a public pipe, creating many more opportunities for data infection ortheft.
9.Data exfiltration and insider threats. No. 9 on our list is a bit tricky, as technology alone will not solve it. Unfortunately, untrustworthy people will always find a way to anonymously leak private (government, enterprise, etc.) information; hence, this trend will grow. Criminal elements or nations will try to entice employees to exfiltrate data and compromise company and government assets.
10.Mobile devices and wireless networks. The world has become increasingly mobile, as smart phone, iPad and other mobile device use spreads at an exponential pace. Mobile computing devices contain the same vulnerabilities as laptops and desktops, but they are also susceptible to DDoS attacks specifically designed for wireless devices. New custom financial applications like digital wallets and pocket ATMs are also particularly attractive to hackers. Moreover, wireless networks themselves put entire companies at risk, especially as the mobile workforce does not have the benefit of the secured corporate LAN. Cyber criminals may therefore intercept a companys intellectual property via laptops and smartphones in the field that access unsecured wireless networks. Detecting cloned devices or unauthorized laptop tethering is important for providers in order to retain revenue sources.