As we head into 2014, we’ve asked some of our cyber security experts what they believe will the biggest cyber security trends heading into 2014 and what will have the biggest impact on IT Security. Andrey Dulkin, Senior Director of Cyber Innovation, was the first in the series, discussing the growth of cyber terrorism, the need for broad encryption and insider threat prevention. Today’s thoughts are from Yariv Lenchner, Senior Product Manager.
Social Engineering on Steroids: Social engineering has always been one of the best assets cyber-attackers have at their disposal to breach perimeter security. From spoof emails to fake websites, attackers use the human condition to bypass perimeter security and deliver their malware payload directly into a network. We’ll see more attacks like the ‘damsel in distress,’ a targeted attack aimed at male IT workers that used fake social profiles of attractive females who were posing as new hires and requesting ‘help,’ or fake job proposals and phone calls from ‘head hunters’ to solicit information – all to get one employee to unknowingly open the doors for an attack. As online identity increasingly becomes tied to social networking sites, the sophistication of social engineering attacks will grow.
Hacking the Supply Chain: Cyber attackers revealed a similar strategy in 2012 and 2013 by targeting technology vendors (especially security vendors) in an effort to build backdoors or bypass security at corporate clients. This attack vector will worsen in 2014, as more cyber attackers infiltrate companies well down the supply chain to implant malicious code into software products that eventually get installed at a later date in the real target company’s network.
Controlling a Connected House: Researchers have shown how to use hardcoded and default passwords as backdoors to many enterprise and consumer products. This year, we’ll see researchers (or attackers) demonstrate how easy it is to hack smart meters through default passwords. Through this access, hackers will be able to commandeer the environmental controls of a house.
Organizing Crime: We’ve seen this in many movies, but 2014 will show just how far organized crime can reach into the cyber world as more and more groups target law enforcement networks in order to steal information on current investigations in an effort to stay ahead of the long arm of the law.
Black Fridays: Yes, there is a black market for cyber criminals, where malware, hacking tools and assorted other cyber-attack related items are sold. In 2014, administrative passwords and privileged credentials will become the number 1 hot item on the cyber black markets. We saw a glimpse of this already in 2013 in the indictment for hacker and black market entrepreneur Andrew James Miller.
Cloudy Days Ahead: It’s simply a matter of time when one of the main cloud providers is breached – causing wide spread disruption and downtime.
Click here to read part III of The Advanced Threat Landscape 2014.