Dev Dives: Streamline document processing with UiPath Studio Web
Security_prediction_2014
1. www.cyberoam.com I sales@cyberoam.com
2014 - A Security View-point
With a careful analysis of security and IT trends in the most recent past and a strong foresight
that comes from years of industry experience and intelligent extrapolation of the past and the
present, Cyberoam brings to you Security Predictions for 2014.
“Client-side
software
exploits” –
it will be!
Attacks on
Industrial Control
Systems & SCADA
systems to continue
Context-Aware
security – the saviour
of rising mobility
Security of
Hybrid Cloud
Browser-based
attacks are still hot!
Mobiles still
remain a darling of
malware attackers
01
02
03
04
05
06
07
08
09
10
New exploit kits will be
explored and used
Attack vectors to
get more intelligent
“Internet of Things”
adds Security risks for
home devices
Windows users at risk as Windows XP
comes to end-of-life
2. Attacks in 2013 have left us with one clear picture – the rising sophistication and
professionalism among attackers. In times to come, Cyberoam predicts attacks,
wherein the attackers will get more specific, both in terms of their objective and
attack strategies. Gone are the days when attacks were meant for the masses.
Attackers nowknowwhom and howtheywould attackand theyarechangingtheir
attackstrategiestohitstraightonthebull's-eyeratherthanshootinginthedark.In
addition to this, few attacks from 2013 indicate the evolution of attacks including
proven components from already-used attacks, combined to form more
detrimentalattacks.
Attack vectors to get more intelligent
The amplified impact that an attack on Industrial Control Systems (ICS) can cause,
justifies the interest attackers have on such systems. ICS/SCADA system attacks can
cause catastrophic damage not only to a single unit but at times to an entire
country/province. It is the spread of impact compounded with lack of adequate
security available in such systems that have made ICS/SCADA networks a lucrative
target for attackers. As per statistics, there were 198 cyber attacks in 2012 and the
numbersincreasedto240in2013.Cyberoampredictsfurtherriseinsuchattackson
ICS/SCADAnetworksin2014andbeyond.
Attacks on Industrial Control Systems &
SCADA systems to continue
“Client-side software exploits” – it will be!
Cyberoam Threat Research Labs foresees an increase in Client-side software
exploits compared to the Server-side in next few years. 2013 has seen numerous
such exploits where base client software like Microsoft and Adobe were exploited
to spread the attack vectors across the network. The recent Microsoft advisories
indicating client side exploits also support this prediction. Reasons for this hike
include increased scope of exploitation with increase in attack vectors, higher base
of users who use these softwares, and lastly, the money involved in it. The exploit
kits used to exploit server side vulnerabilities cost much less than client side exploit
kits, indicating the premium the latter demand. Realizing that client side exploits
will bring in more money, the focus on exploiting client-side vulnerabilities will
increasetoo!
3. With increase in number of security features or solutions in an organization's
network to tackle emerging security risks, the job of security professionals is
getting more complex. With rising number of devices, users and applications to
monitor, this becomes even more difficult. The volume of data that the security
appliance(s) offer on various parameters is becoming a problem for network
administrators, presenting a need for context-aware security that enables faster
decision making and action with the security intelligence it offers. Cyberoam
predicts an increase in demand for context-aware security for 2014. The rising
needincontext-awaresecuritygoesincontinuationwithCyberoam'spredictionin
2013regardingtheriseinneedforUserThreatQuotient&DeviceThreatQuotient.
Increase in need for Context-Aware security
Inagenerationofincreasedmobilitywheretabletsandsmartdevicesaredisplacing
desktops and paper-based processes, more users are turning to Cloud, specifically
the Hybrid Cloud, as it offers more efficiency, business optimization, access to real-
time data and always-on availability. However, the ability of Hybrid clouds to burst
into the public cloud space when necessary is bringing up security concerns.
Although this capability is particularly useful to organisations, it may be a call for
danger and users and security vendors are realizing this. Cyberoam predicts an
increaseindemandforsecurityinHybridCloudenvironments.
Security of Hybrid Cloud
New exploit kits will be explored and used
Use of Blackhole exploit kit for attacks is a known fact. It is no secret that it was used
extensively for attacks in the past. But with the arrest of 'Paunch' in 2013, the man
behind the Blackhole exploit kit, new exploit kits are slowly showing up. In addition
to this, as attacks utilising Blackhole exploit kit have been exposed, it emerges as a
need among attackers to come up with new ways to target their victims. Also, with
recenttrends showingriseinexploitsbased on clientsidevulnerabilities,Cyberoam
predictsthatthismenaceisonlygoingtoaggravate.
4. Increasing base of smartphone users is a primary reason for attackers to find
interest in attacking those devices. In addition to this, users use their personal
devices to access work emails and connect to company networks, which
aggravates this interest further. Applications are the backbones of smart phones
and most of the mobile apps lack adequate security, adding to the misery of
security on mobile devices. All of these factors collate to increase the interest
attackers have in smart devices. 2014 is sure to experience newer and sharper
mobilethreats.
Mobiles still remain a darling of malware
attackers and exploits
IOT- 'Internet of Things' is something we all are waking up to, these days. Everything
seems to be on the Internet! Right from our work to social lives, and storage needs,
Internet has also opened its doors to home devices now! As more and more home
devices get connected to the Internet, it is obvious that attackers will soon find their
way through them too. Cyberoam predicts a rise in need for security solutions for
home devices, besides your office devices. Because one thing is evident – the level
of risk and quantum of vulnerability is similar, irrespective of whether the device
residesinyourhomeorinyourofficenetwork.
“Internet of Things” adds Security risks for
home devices
Browser-based attacks are still hot!
In a bait to achieve sure-shot infection and victimize users, use of browser-based
attacks like Water hole will further rise. This will include a rise in exploitation of
browser vulnerabilities and also use of malicious websites. Attackers will continue
totargetusersbydirectingthemtotrustedandcommonlyvisitedURLswhichwould
be infected with malicious codes. Water hole mechanism includes cyber offenders
infecting websites that are frequently visited by their targets. In 2013, many have
already agreed on the rise seen in watering holes. In fact a lot of hackers that were
usingspearphishingattackstotargetusershavealsostartedusingwateringholes.