2012 IT Security Predictions: What Will the Threat Landscape Look Like in the New Year?
Very soon, 2011 will come to a close. It has been quite a year for hackers and security companies alike.
With the start of the new year coming up, predictions abound about what Web users, enterprises and security professionals can expect to see in the next 12 months. Here at SecurityWeek, we have put our own fortune-telling abilities to good use and pulled together five interesting predictions of our own with input from some of the security vendors out there. So without further ado, here are five predictions for next year’s security threat landscape.
1) Mobile Malware Will Continue to Grow: Throughout 2011, mobile malware became a regular guest in articles about cyber security. The chief target was Google’s Android platform. While the amount of mobile malware remains nascent next to the amount targeting PCs, there is no reason to expect its growth to slow down in 2012. “Mobile malware solutions are in their infancies, so their capabilities to protect users and networks are very limited,” Bradley Anstis, vice president of technology strategy at M86 Security, said in a statement. “To help defend from an influx of mobile malware, organizations will need to extend their security policies to mobile devices. It will be critical to ensure that all personal devices that access an organization’s Wi-Fi and networks are covered.”
Along these lines, security pros at Verizon predict attackers will continue to target app stores, while Lookout Mobile Security sees a future where attackers utilize tools to enable the automatic repackaging of malicious mobile apps. These tools may already be in existence, the firm noted, as Lookout researchers have already seen several infected apps that were packaged by the same developer in a matter of seconds – faster than someone could do it manually.
2) Critical Infrastructure, SCADA Software & Name Calling: This year saw a number of high-profile examples of attacks on critical infrastructure and vulnerabilities in the supervisory control and data acquisition (SCADA) software that is at the heart of their operations. From attacks such as Night Dragon and Nitro to the SCADA bugs uncovered by Italian researcher Luigi Auriemma, the security of companies in the defense, energy and chemical industries has been a popular topic in 2011. These attacks have taken a turn however previously relegated to the world of SCI-FI – malware authors are using their wares to cause damage in the physical world. Though rumors of a cyber-attack destroying a water pump in Illinois were declared untrue by the government, the prospect generated much interest, and will likely be a source of interest for attackers in 2012 as well.
But will the term advanced persistent threat (APT) play itself out? Gunter Ollmann, Damballa’s Vice President of Research certainly thinks so.
“The volume of persistent attacks directed at large corporations will continue to increase and the victims will continue to feel as though they have been specifically targeted,” he blogged recently. “There will thus be a presumption of sophistication to successful penetrations, which will lead to more organizations concluding that they have been the victim of an APT – which, after more detailed analysis and external input, will increasingly be revealed as false claims.”
3) SSL Ecosystem Challenges Ahead: It became painful clear in 2011 that the SSL certificate business needs to make changes. Just what those changes should look like is a matter of opinion. But 2011 saw more than one successful attack on a certificate authority, undermining the trust tying together the Internet. The situation was underscored recently by the CA/Browser Forum, which released a baseline standard for the operation of CAs issuing SSL/TLS certificates natively trusted by the browser. But beyond the CAs themselves, there is the issue of stolen certificates, and vulnerabilities within the SSL protocol itself.
“We will see more people question just how much trust can be afforded to SSL – further undermined with the issues discovered in websites using SSL version 3 and TLS version 1.0 and earlier,” blogged Paul Henry, security and forensic analyst with Lumension. “New tools have even been released that are capable of decrypting and obtaining the authentication tokens and cookies used in many websites’ HTTPS requests.”
4) Embedded Systems Under Attack: We saw it this year at the Black Hat security conference when Don Bailey and Mathew Solnik of iSEC Partners hacked into a car and unlocked its doors. We saw it again at Black Hat when researcher Jay Radcliffe hacked into an insulin pump. Embedded systems seem to be receiving the short end of the security stick. With the number of such systems propagating through society via medical devices, cars and other technology, 2012 will likely be a year when more of these devices make their way into the target range of attackers.
“These new attack vectors will use the new elements, and the interactions between them, in order to break the already fragile Same Origin Policy (SOP),” the firm predicted.
WatchGuard Technologies shared a similar prediction for developers making their first foray with HTML5. “Like the web technologies that came before it, HTML5 is generally secure,” the company wrote. “In fact, it introduces some security benefits that could help developers avoid common web application pitfalls. However, the security of HTML5 applications is dependent on the skill and care with which the developers create them…Developers are still getting comfortable with it, which means they are likely to make programming mistakes that could translate into web vulnerabilities.”
“2012 stands to be a dynamic year for network security as criminals and hackers take threats to new levels,” concluded Eric Aarrestad, Vice President at WatchGuard Technologies.
The one thing that we can guarantee? You can be sure that 2012 will not be boring.