CDM Annual Ed. is out – Security Predictions for 2014

Pierluigi Paganini February 25, 2014

Enjoy the reading CDM for free.We are thrilled to join you at the RSA Conference 2014 with our Second Annual Edition of Cyber Defense Magazine.









Following the tradition I am imagining the evolution of the cyber security scenario for next year, it’s quite easy to predict an increase of the volume of cyber attacks conducted by state-sponsored actors and cyber criminals.

The current year has been characterized by the increase of the number of cyber attacks, events such as the Adobe data breach remind us the necessity to carefully consider the impact of a security flaw on large audience.  The cyber attacks are becoming even more sophisticated, but what is really scaring is that the “economy” of the attacks is advantaging attackers, their investments respect the gained benefits are very limited differently from the costs faced by companies to protect their infrastructure.

The cybercrime will intensify its action, in particular thanks to the model of sale known as “malware-as-a-service” a growing number of non professional cyber criminals will be attracted by the possibility to easily monetize their efforts with illegal cyber activities.

Java will probably remain highly exploitable platform because the victim’s system will continue to run older versions of the popular framework.

The offer of exploiting  kits on the underground market will grow exponentially, it is expected that new tools will be more effective and user-friendly able to automatically compromise vulnerable systems based non only on Java application.

It is easy to predict also an increase in the number of state sponsored hacking campaigns for both sabotage and cyber espionage.

No doubt that the security scenario has been shocked by revelations of Edward Snowden on the surveillance activities conducted by the United States, the former NSA intelligence consultant described a complex spying machine that is able to track practically every internet user’s and that conduct an aggressive cyber policy funded also on the “preventive” cyber espionage on allies and hostile countries. Snowden’s truth has profoundly changed the user’s perception of privacy and as we will see it will have a serious impact also about the IT industry in the next year.

Lets’ give a look at principal trends expected for the next year.

Mobile Malware increase

Following the trend observed this year the number of mobile malware will continue to increase becoming even more sophisticated. Multiplatform malicious code will target the most popular mobile OSs, Android, iOS and Windows Mobile. Mobile users are surpassing desktop ones the awareness of cyber threats is very poor, the majority of mobile users doesn’t adopt defensive measures and wrong habits expose them to risks of cyber attacks.

A growing number malware specifically designed for mobile architectures will be observed during the next year, the underground market will continue to propose software to “trojanize” also legitimate application, due this reason it is essential always refers the official stores.

Mobile malware will further complicate the threat landscape, especially for workspace, a growing number of devices will be improperly used by their owners, the promiscuous use in private life could enlarge in unpredictable way the surface of attack of businesses, that’s why BYOD paradigm will assume  a crucial role for private industries. A last reflection on mobile malware is related to their extension to Industrial Control Systems, and Internet of Things, a concerning trend that will be consolidated in the next months.

State-sponsored hacking – the army race

The number of state-sponsored attacks is destined to rapidly increase due the great effort spent by governments and the huge investment in the development of new cyber capabilities. State-sponsored attacks are characterized by a high level of sophistication and the implementation of efficient avoidance techniques, in the majority of cases attackers exploit zero-day vulnerabilities in the targeted networks to have a further advantage of their victims.

The increasing of state-sponsored attacks will have a serious political and economical repercussion on a global scale, hackers will be principally  interested to steal sensitive information by foreign government organizations and intellectual property by private industries.

Recent revelations speculate on the fact the most advanced cyber power are working to the definition of a new generation of cyber weapons, a silent menace that could stealthy hit any infrastructure making impossible the attribution of the attack.

Sabotage is the other soul of state-sponsored hacking, the cyber tools are used to support military operations to probe defensive enemy’s infrastructures or to damage its critical infrastructures.

The lack of a shared law framework that regulate the use of cyber weapons and that establish the legal and political responsibility of the attacker, is an incentive to operate borderline, governments will continue the developments of new sophisticated cyber tools to offend foreign governments moving the attack from the cyberspace.

Internet of thing malware explosion

Internet of things is a crucial part of our daily life, a huge quantity of devices that surround us have computational capabilities that could be targeted by hackers for various purposed.

According a study proposed by Harbor Research the number of smart connected devices will reach 13,5 Billion in 2016, an impressive figure that have to remind us the importance to consider their security an essential requirement.

Almost every smart object that we use has a hidden operating system, has a computational capability more or less complex depending on its usage, it is always online and it is able to execute a multitude of applications, due these reasons it’s necessary design these devices having in mind an efficient model of security.

Cybercriminals and state-sponsored hackers will look with a greater interest the industry, it is expected that malware authors will increase their effort in the design of powerful malicious code to automatically infect millions of devices. Next year security firms will detect a growing number of malware specialized for the infection of devices belonging to the“Internet of Things”, these new generation of malicious code will be very insidious considering also the majority of these objects are unprotected. It is also possible that on the underground black market a specifically designed exploit kit will be sold to target Internet of Thing or cybercrocks could start to rent network of compromised devices belonging to this category implementing the model of sale known as malware-as-a-service. The attacks against Internet of Things could be responsible for large scale offensive.

Tor Network, cybercrime and law enforcement

In the next months the number Tor network users will be stabilized, the popular network will be mainly used by cybercriminals and whistleblowers. The cybercrime will use the popular anonymizing network mainly to try to strengthen their malicious botnet hiding command and controls within Tor network, no meaningful changes will be observed in the activities of commercialization of odds like drugs and weapons, the volume of sale will remain constant.

The real novelty will be the creation of a growing number of services for social purposes, primarily for the reporting of illegal or abuses.

On the other side law enforcement to fight cybercrime will increase the activities of infiltration of the anonymizing networks, in the case of Tor network the authorities will sustain the creation of new hidden services with a primary purpose to track Tor users and to create “honeypots” to monitor illegal activities.

The rise of User Controlled Encryption

The revelation of the US massive surveillance program, and similar effort spent by the majority of governments and private companies is fueling the demand of encryption, in the last months numerous service providers have announced the launch of new solutions and services specifically designed to elude censorship and the Internet monitoring.

The huge diffusion of encryption raises another important question, who managed cryptography keys? In the next months a growing number of services will allow users to control encryption processes in a transparent way, the users will responsible for encryption keys management, the dual advantage of the approach is that users do not need to trust the encryption management operated by service providers, and service providers will not be liable for content posted by users.

In User Controls Encryption (UCE) scheme user holds the encryption key, the service providers hold the “encrypted” files, the service managers themselves cannot access the files, neither hackers can gain access.

Clouds on the horizon

The migration of many services on cloud infrastructures and the diffusion of new ones are attracting the interest of attackers. Cybercriminals and state sponsored hackers will increase their operations to compromise cloud infrastructures, attackers are focusing their operations to steal data stored in the cloud and/or  abuse of the resources available in these powerful infrastructures.

The hacking of cloud infrastructures gives to the attackers a great advantage in term of monetization, in many cases those infrastructures and their component lack of proper defense systems and efficient authentication process resulting vulnerable to external threats. Penetrate a cloud infrastructure is more advantageous than hack a private network, cloud providers often have weak validation procedures when signing up new users, these flaws allow ill-intentioned to create networks of accounts used to deploy and administer malicious botnets that run in the cloud architecture.

Malware authors are ramping up their use of commercial cloud services to serve malware, we will assist to a significant growth in the number of malware writers using services like Dropbox to distribute their malicious code.

Advanced malware volume will decrease wrong illusion

The volume of advance that will be detected next year it’s expected to decline, but this signal should not be misinterpreted, cyber criminals and state-sponsored hackers will improve avoidance detection techniques and will test them far from security firm probes. To avoid to be discovered the attackers will use lower volume in targeted attacks limiting the diffusion of malicious code.

Security firms will observe a decrease in the volume of attacks but the risks related to the cyber threats will increase due to the high complexity of the menace. It is shared opinion that due the high level of sophistication of cyber threats a major data-destruction attack will happen, great concern is given to the security of critical infrastructure, possible targets of cyber attacks by state-sponsored hackers.

Not necessary the attack could directly harm the population, but a major data breach could cause the disclosure of sensitive information that could harm national security. It is to predict that the attribution of responsibility for the attacks will still remain a principal problem, especially for the announced major cyber attack.

Gaming between cyber espionage and cyber threat monitoring

Intelligence agencies all over the world will continue to invest in the development of tools for the exploitation of the gaming platforms. In time I’m writing The Guardian published documents that reveal NSA and GCHQ infiltrate gaming platforms and online gaming communities including World of Warcraft and Second Life for surveillance purposes.

In the next months governments will continue to promote projects to the sophisticated exploitation of gaming console to track users in the cyberspace, monitor their online habits and for propaganda purposes. Gaming console are devices with high computational capabilities that are able to interact with the surrounding environment, they could  be used to infiltrate domestic networks and to serve any kind of malicious code within targeted systems.

Gaming console could be used also to build a powerful alerting network, every device of these architectures is represented by a gaming device that is always online and exchange data to peers monitoring for anomalous traffic and any other sign of malicious activity. Cybercrime, cyber terrorism and state-sponsored operations could be also monitored analyzing a series of network activities and indicators thanks to the use of gaming platforms.

Increased exploitation professional social networks

Cybercrime and state-sponsored hackers will increasingly target executives and organizations via professional social networks.
A recent research of Group-IB on cybercrime senior management remarked that senior management is among most privileged targets, attacker are interested to to personal details of key employees to arrange attacks against the organizations. The problem is very actual in banks, defense and online-trading companies.

The precious information is available in professional social networks where employees use to share a mine of sensitive information used by hackers for intelligence activities on the targets.

Targeted attacks against professional social networks will explode, hackers are interested in the credentials of middleware employees and senior management for placing malware and getting more information about the network topology of potential victims, sometimes they spawn a specially crafted code for reverse connection to use the infected machine for cyber espionage.

The attacks will mainly target IT-administrators and IT-managers because most of them have full access to the company’s infrastructure, which means that if they will be compromised, the attackers may gain access to different information resources, including corporate e-mails.

The side effect for the increment of the number of attacks against professional social networks is that increase of the offer on the underground market of company confidential data (e.g. Customers database and partners’ contacts (CRM), employee database, credentials to corporate e-mails and personal e-mails of employees), mostly it is used by competitive entities for intelligence in the same segment of the market, by big players on the market for struggling, and hackers as well.

Hackers will increase pressure on consultants and subcontractors

In 2014 I believe that the number of attacks against subcontractors and consultants will increase with a concerning trend. These categories of professionals represent in the majority of cases the weakest ring in the information chain.

The vulnerabilities in the information management are usually related to the way those entities manage sensitive data targeted by hackers, but in many cases the flaws are present in the way the contracting authority and subcontractors/ consultants exchange information.

The attack techniques are becoming even more sophisticates, watering hole attacks and spear phishing are the most common techniques of attack for targeted offensives and their frequency is destined to grow. Consultants, contractors, vendors and others entities typically share sensitive information with the large corporate and government entities, this consideration makes them a privileged target for hackers.

It is also expected that a growing number of large enterprises will review their security policies to better approach the possible cyber threats and to promptly respond in case of incident.

Pierluigi Paganini

(Security Affairs –  CDM, Security)

you might also like

leave a comment