Kuala Lumpur, 11 December 2014 (Thu): In the last twelve months, we have seen a pivotal acceleration of threats to the security landscape as the threat environment evolve from hobbyists and cyber criminals, to a much more sophisticated group of adversaries.
We have consistently seen an increase in targeted attacks, often called Advanced Persistent Threats (APT), especially in the form of DDOS or data theft. These attacks are highly public and impactful which not only compromising an organization’s network temporarily but also harming the business in various ways. This is very intentional and what is called ‘hacktivism.’
Today, it is not just governments and large organizations that fall victim to cyber-attacks, but also specific individuals within organizations. The nature of attacks is swiftly becoming more personalised, targeted toward the individual.
As a result, the rise of malware attacks on mobile devices is also becoming one of the most notable trends in recent cybercrime. In 2014, ‘Malvertising’ emerged as the leading attack vector mimicking the rise of Web ad traffic. And, there have been many various mobile malwares are leveraged for APT attacks targeted at a specific organization.
As these adversaries become more skilled, the need for more advanced and fully integrated security measures grows. It is also coupled with the facts that today password is no longer secure and traditional security defence remains largely blind to advanced malwares and zero-day attacks.
A trend outlook for IT Security for 2015.
i) PRIVACY AND SECURITY DIG IN FOR A LONG WAR
Encrypted Traffic will increase so will data breaches. The use of encryption will continue to increase to protect consumer privacy. Malware will increasingly hide behind encryption to evade detection by most enterprises that are struggling to balance employee privacy with attacks hiding behind encryption.
ii) BIG MEDIA WILL SAY NO TO MALVERTISING
Major media properties will increasingly display ads from partner networks that host malware. As the risks of infection by visitors to their Web properties increase, these media companies will put more pressure on their ad partners to eliminate malvertising.
iii) 2015 WILL BE THE YEAR OF POTENTIALLY UNWANTED SOFTWARE
Potentially unwanted software (PUS) is picking up on mobile devices. Hidden deep down in end-user licensing agreements and frequently missed by users downloading free aps, PUS will increasingly be part of downloads to gather information about the users’ web surfing. As PUS is increasingly added to free software by developers seeking to monetize their creations, it will slow down or even destabilize an infected device.
iv) RANSOMWARE ON THE RISE
Ransomware hit a lot of people in 2014. The next logical next step for ransomware creators is to increase value from the pool of victims. Blue Coat predicts that the next real targets will be small businesses or small government organizations, organisations and entities with hundreds of thousands in their bank account. These attacks will involve conducting reconnaissance on target computers/systems. If attacks can access the network storage, attackers can demand higher ransoms.
v) CYBER-ATTACK TARGETS SOCIAL NETWORKS
Cyber attackers will increasingly leverage information from social networks to customize the attacks in a better way. Most targeted attacks have a social context which increases the efficacy. Attackers will exploit their knowledge of target victims to gain access to critical systems and data.
vi) THE EMERGENCE OF ESPIONAGEWARE
While it was relatively low in 2014, we expect an increase in the usage of surveillance software that is created by security companies or nation states to monitor certain people. As international conflicts emerge, these tools will inevitably be used to keep track of what people are doing and whether they’re a security risk or not.
vii) MORE VULNERABILITIES
“Common mode failure” events where a single defect such as Heartbleed and Shellshock, can cause failures to ripple through a system. Vulnerability seekers have had their first taste of this and there’s no going back now. In 2015, we expect to see:-
- Increased development and technology costs as developers start to invest more in code analysis on open-source, or move toward commercial alternatives where a 3rd party / licensee can be liable
- More open-source factionalizing
- A slowdown to the pace of innovation overall as vendors are forced to spend more resources on emergency maintenance releases.
- Overview of Blue Coat Business Plans for 2015.
One thing that 2014 has taught us is that even some of the most sophisticated environments can be compromised. – That means businesses must be as vigilant as ever on security, but at the same time they must build a competency in responding to incidents that have occurred.
Security tools that provide forensic data on threats using malware analysis and content analysis systems will ultimately be the defining factor in the level of security against zero-day threats. Today, it is this response capability that most companies lack both in terms of tools and process, which also to be a huge opportunity for Blue Coat to grow in 2015.
Specifically, to close the security gap and overcome the major challenges of achieving advanced threat protection, Blue Coat offers a comprehensive ‘Lifecycle Defence’ approach with security analytic platform. –Enabling local organisations to fortify the network by blocking cyber threats, proactively detecting malware and automating best practices for incident containment post intrusion.
In addition, as Blue Coat predicts that the hostile use of encryption is set to increase in the coming years, we have recently unveiled new Encrypted Traffic Management capabilities that enable local businesses to uncover security threats hidden in secure socket layer (SSL) traffic whereby organisations can gain better network visibility to address the growing risks posed by encrypted traffic.
