We got such a great response to a guest contribution by Perimeter CTO Kevin Prince over at our Network Security Edge site about his views on the top threats for this year that we asked him if we could use the information as the basis of this quick presentation.
You’ll get a lot of useful info by clicking through these slides, but we strongly encourage you to check out Prince’s full analysis of 2009’s trends and his thoughts on the threats, both growing and persistent, facing your network.
Click through for more information about the top threats facing your network.
In 2009, Malware was listed as a ‘steady threat’ and the 2nd highest ranked threat to organizations. I underestimated the dramatic increase in malware in 2009. Due to that increase and the number of organizations that are affected each day by malware, I have elevated it to the #1 position. This is a bit controversial since most security experts would list insiders as the top threat, but I believe in 2010 more organizations will be negatively affected by malware than by malicious insiders.
Malicious insiders were listed as the top threat for 2009 but have fallen to the #2 spot for 2010. With the downturn in the economy, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously work for.
Some might wonder why exploited vulnerabilities are listed in the malware section, but then also have a section of their own. Well, malware often relies upon exploited vulnerabilities to be installed properly. At the same time, user behavior can do it as well through social engineering techniques. Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread, and perform the actions cyber criminals want. According to a Microsoft Security Intelligence Report, Conficker was the top threat to enterprise computers during the first half of 2009. Worm infections have doubled between the second half of 2008 and the first half of 2009.
Careless and untrained employees will continue to be a very serious threat to organizations in 2010. Remember that insiders can be broken down into 3 categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. The reason I think it is important to understand these categories of insiders is because protecting your network and critical/sensitive data is done very differently for each type. In a recent research report released by RSA, accidental disclosure of sensitive information occurs far more frequently than deliberate incidents.
Mobile devices have become a plague for information security professionals. They are an easy way for a malicious employee to remove data from the corporate network. There are worms and other malware that specifically target these devices, such as the iPhone worm that would steal banking data and enlist these devices in a botnet. There was also the iPhone game maker that designed his game to harvest user information.
Social networking sites such as Facebook, MySpace, Twitter, and many others have literally changed the way many people communicate with one another. Due to many publicly disclosed breaches and compromises, we saw that these sites can be very real and serious threats to organizations. There are many Trojans, worms, phishing and other attacks targeted specifically at the users of these sites. One main problem is the inherent trust component these sites carry, much like email did many years ago. Furthermore, people that utilize these sites for entertainment purposes, such as online games, are rewarded for accepting friend requests even from people they don’t know. This is very fertile ground for identity thieves. Some might say that there isn’t enough information on their account to do any identity theft, but criminals are very resourceful. Just a little bit of information correlated with other sources of available information on the Internet can give someone all they need to steal your identity.
Social engineering is always a popular tool used by cyber criminals. Often, the more difficult it is to exploit vulnerabilities natively, the more they rely on social engineering to make up the difference. I mean really, why would you go to all the effort to exploit a vulnerability when a user will simply give you their username and password? Phishing is still a popular method for doing just that. But this is where the classifications blur a bit. Phishing in email is a social engineering threat, but is a phishing email on Facebook a social engineering threat? Or is it a social media threat?
Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists. Even a couple of years ago, zero-day exploits were pretty rare. They have become a very serious threat to information security. Many of these zero-day flaws reside in browsers and popular 3rd party applications. In November 2009 alone, Microsoft announced zero-day flaws in IE 6 and 7 and a Windows 7 zero-day vulnerability. Zero day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS as well.
Cloud computing is a concept that is becoming very popular. While it still means a lot of things to a lot of people, using cloud based (i.e. Internet based) applications may not be as secure as you might hope. There were many stories in 2009 regarding cloud based security. Many are calling for forced encryption to access many of these services. While it seems ludicrous that this isn’t done by default, you can’t simply assume cloud apps are secure.
A threat that we hear about more and more all the time is Cyber Espionage. There has been a flood of stories in 2009 on this subject. Most of them of course surround governments and therefore have not been a huge threat to most individual organizations.
