It’s that time of the year again. Time not only to make resolutions (which I fully plan to keep for at least a whole month), but also some predictions on what the future holds for security. One thing is for certain, the threats that companies face will continue to accelerate. And while that might seem like a very obvious and not so insightful observation, the devil is in the details. Here are the trends both in the threats and how we will respond to them in 2014.
First on the attack side, malware distribution is certainly going to become more complex and pervasive.
• Customized Malware-as-a-Service (MAAS) to Accelerate the Death Clock on Signature Detection
The availability of new malware creation services in underground markets will make it easy for attackers—with little skill or effort—to create customized exploits. These tools let malware authors upload malware, run tests against all popular AV engines, and identify those that will not detect threats. The tools then give the malware authors customized HTML code they can inject into various Web pages to cause visitors to load the malware in a hidden iframe.
These MAAS tools, which are being commercialized on the black market, enable the distribution of customized attacks for just a few dollars. Some even let attackers build malware by dragging and dropping features into an interface without even needing to know how to write code. As this customized malware becomes more common, I predict even less efficacy of signature-based defenses and a move by the industry to more heuristic-based defense.
• More Popular Trusted Websites to Host Malware
We will also see a shift in distribution from easily detected websites dedicated solely to placing malware on machines to hacks of legitimate websites not as likely to set off alarm bells. Driven by Google’s diligent blacklisting efforts of illegitimate websites hosting malware, attackers will look to use techniques such as Cross-Site Scripting (XXS) to place malware on legitimate sites. As attackers increasingly find their own channels blacklisted by Google and find it harder to rely on sites dedicated to hosting malware for distribution, only those leveraging an extreme degree of specificity and evasion will succeed in the long run. Everyone else will fail miserably.
• Android Adoption—and Android Malware—to Outpace Competitors
The current trends in Smartphone and tablet adoption will continue, if not intensify. The result will be an even more tilted mobile ecosystem, in which Google’s Android consolidates its position as the most popular mobile operating system and primary attack target for malicious actors interested in compromising mobile devices. While direct attacks on Android are possible, we expect the current focus on Trojanizing mobile applications to continue, as attackers are still realizing plenty of success in penetrating official and third-party Android application marketplaces.
On the industry side, what are some of the most likely areas we are likely to see discussed in 2014 and what are the implications?
• Security to Become the Killer App for Software Defined Networking (SDN)
In 2014, SDN will foster the rise of virtual networking focusing on activation, configuration, and service chaining—the ability to direct traffic flows along a designated path. Companies will be able to intelligently distribute security capabilities at the service layer for quicker and easier data center deployments. We are seeing many in the industry release virtualized versions of security controls that could lend themselves to software deployments.
• Active Defense to Gain Acceptance
Attackers take advantage of a fundamental asymmetry created by the passive nature of traditional security defenses. In response, more companies will adopt active defense techniques, like Intrusion Deception, to identify attackers and take real-time action to disrupt and frustrate their efforts. While the ethical and legal debates about the proper rules of engagement for companies will continue, acceptance of many active defense techniques is likely to grow.
Finally, what significant changes might we see from individual users either as consumers or employees and what will it mean for companies?
• Data Privacy Concerns to Change User Behavior
With revelations of widespread NSA surveillance, there is greater concern over privacy than ever before. This will lead to more people and businesses taking precautions to protect information. For the security community, this will likely mean an increasing demand by companies for new and stronger encryption. For consumers, we are likely to see an increase in the use of privacy enhancing technologies like the TOR network, HTTPS Everywhere, Ghostry, VPN, and private e-mail services.
While positive for privacy, it is an unfortunate development for security. As more users adopt these technologies, security administrators will begin to lose visibility and control over network traffic. With less ability to differentiate between desirable and undesirable traffic, administrators and security solutions will be less capable of defending networks.
It’s unclear if all of these predictions will come true and inevitably there will be events that happen that are impossible predict (hello NSA), but here’s hoping that they at least provide some good food for thought. What do you think?
Related Reading: Strategic Thinking – IT Planning and Risk in 2014
Related Reading: A Cyber Security New Year’s Resolution: Simplify Security
Related Reading: Planning for Network Security in 2014
Related Reading: What Would Nostradamus Have Said About Cyber Security in 2014?