McAfee Labs sammanställer varje år de trender och tendenser inom IT-säkerhet för att göra förutsägelser om vilka cyberhot som kan komma att bli aktuella under det kommande året. Förhoppningen är att det hjälper företag och organisationer att förbereda sig på bästa sätt inför framtida säkerhetsrisker. McAfee Labs förväntar sig ett antal nya hotbilder och några betydande utvecklingar av existerande hot: 

<ol>

Hot mot infrastruktur kommer att öka

Attacker mot inbyggda system kommer öka i kvalitet och kvantitet

”Hacktivism” och hackergruppen Anonymous samlar nya krafter och utvecklas

Virtuella valutasystem kommer att drabbas av fler attacker på bredare front

Cyberkrig är en större risk än någonsin förut

DNSSEC ger upphov till nya nätverkshot

Spam kommer ”legaliseras” – spearphishing kommer öka och bli ett större och mer riktat säkerhetshot

Mobila botnät och rootkit kommer mogna och utvecklas

Falska certifikat och falska certifikatutställare kommer skada användarnas förtroende för digitala certifikat

Framsteg inom operativsystems säkerhet kommer att driva nästa generations botnät och rootkit

</ol>
För att företag och organisationer ska vara bättre förberedda på dessa nya typer av hot har McAfee sammanställt säkerhetsrekommendationer för vart och ett. Dessa rekommendationer följer nedan på engelska.

1. Industrial threats will mature and segment

The Threat: Water, electricity, oil and gas are essential to people’s everyday lives, yet many industrial systems are not prepared for cyberattacks.  Many of the environments where SCADA (supervisory control and data acquisition) systems are deployed don’t have stringent security practices. As with recent incidents directed at water utilities in the United States, attackers will continue to leverage this lack of preparedness with greater frequency and success, if only for blackmail or extortion in 2012.

What Organizations Should Do:  There is a great need for the upgrade of the industrial infrastructure, and there are several steps SCADA users should take to protect themselves.  Agencies and organizations should have a formal business continuity plan (BCP) in place that will keep core enterprise processes running even if the majority of IT infrastructure is offline.  A robust disaster recovery (DR) plan must be in place and practiced at last a year. Most importantly though, they should be proactive about attacks, employing vulnerability discovery, security auditing, penetration testing exercises (red and blue team), patch and change management programs, secure software development lifecycle (SDLC) programs, execution and change control (application whitelisting) technologies, privilege management (access control, encryption, two factor authentication) technologies, and blacklist detection technologies (antivirus, NIPS/NIDS).  It’s important to conduct regular, robust penetration testing in order to understand how your network will stand up to an attack.

2.  Embedded hardware attacks will widen and deepen

The Threat: Embedded systems are designed for a specific control function within a larger system, and are commonly used in automotive, medical devices, GPS devices, routers, digital cameras and printers. McAfee Labs expects to see proofs-of-concept codes exploiting embedded systems to become more effective in 2012 and beyond. This will require malware that attacks at the hardware layer, and will enable attacks to gain greater control and maintain long-term access to the system and its data. Sophisticated hackers will then have complete control over hardware.

What Organizations Should Do:  Embedded systems by their very nature are hardwired systems that prevent simple updating, and many such as biomedical devices are regulated by the FDA which require a rigorous approval process. This antiquated updating system makes it difficult, if not impossible to update quickly to prevent newly discovered attack vectors. As such new attacks or techniques are difficult to prevent in the embedded world – often requiring a recall.  Organizations should firewall their embedded systems as best as possible and control or turn off all interfacing radios to the device (including wifi, GPS, Bluetooth, GSM/GPRS/CDMA). Lastly, apply any firmware updates as quickly as possible. In the (not too distant) future, McAfee expects to see remote firmware updates in the same way that we have ”Patch Tuesday” for software. Manufactures must consider secure development lifecycle programs including auditing and best practices. 

3. Hacktivism and Anonymous will reboot and evolve

The Threat: McAfee Labs predicts that in 2012, either the ”true” Anonymous group will reinvent itself, or risk marginalization. Additionally, those leading the digital disruptions will join forces with physical demonstrators, and will target public figures such as politicians, industry leaders, judges and law-enforcement, more than ever before. 

What Organizations Should Do:  In the case of targeted data extraction attacks, constant review and revision of the enterprise security posture is required. Hactivists need only one break in the defenses for their efforts to succeed, but security defenders need to fill every crack. This is a formidable challenge for any security professional and why Hactivists are typically successful, given enough time. However, Hacktivists tend to leverage age-old attack techniques such as password guessing attacks, SQL injection attacks, and other low hanging fruit openings that are easy to prevent and detect (if the security program is complete and active). Hactivists tend not to be leading edge developers of new attack vectors or exploits.  If an enterprise’s security program is robust and inclusive of a combination of endpoint security, firewall, database, mobile and threat response technologies then there is less to worry about. However, stay vigilant as the bad guys need only one crack in the armor that can reveal itself at any moment.   Organizations should particularly be aware of the security of their Web servers and ensure that encryption and data loss prevention systems are in place.  They should ask themselves ”how will I stand up to an anonymous attack, and what can we do to prepare?”

4. Virtual currency systems will experience broader and more frequent attacks

The Threat: Virtual currency, sometimes called cybercurrency, has become a popular way for people to exchange money online. These online ”wallets” are not encrypted and the transactions are public, making them an attractive target for cybercriminals. McAfee Labs expects to see this threat evolve into spam, data theft, tools, support networks and other associated services dedicated to solely exploiting virtual currencies, in order to steal money from unsuspecting victims or to spread malware.

What Organizations Should Do:  From a merchant perspective the main issue here is ensuring they aren’t victimized by a man-in-the-middle attack that extracts currency, real or virtual, from the merchant fraudulently. The best way to do this is to completely review merchant operations on a regular basis.  At minimum this should be done annually to make sure the merchant-currency vendor transactions are being properly authenticated.

5. This will be the ”Year for (not ”of”) Cyberwar”

The Threat: Countries are vulnerable due to massive dependence on computer systems and a cyberdefense that primarily defends only government and military networks.  Many countries realize the crippling potential of cyberattacks against critical infrastructure, such as water, gas and power, and how difficult it is to defend against them. McAfee Labs expects to see countries demonstrate their cyberwar capabilities in 2012, in order to send a message.

What Organizations Should Do:  For most private enterprises the business continuation and disaster planning exercises noted above will also mitigate damage in the event of cyberwar or cyberespionage attack.  In addition to a robust security program, enterprises that do material business with the military/intelligence communities or operate in physical proximity to them will want to have formal information sharing and incident response plans (such as those with ISAC – isaccouncil.org) in place to minimize the impact of any cyberwar attacks.  Organizations should follow the movements on proposed legislation and understand their potential impact.

6. DNSSEC will drive new network threat vectors

The Threat: DNSSEC (Domain Name System Security Extensions) are meant to protect a client computer from inadvertently communicating with a host as a result of a ”man-in-the-middle” attack. Such an attack redirects the traffic from the intended server (Web page, email, etc.) to another server.  Unfortunately DNSSEC would also protect from spoofing and redirection any attempts by authorities who seek to reroute Internet traffic destined to websites that are trafficking in illegal software or images. Governing bodies around the globe are taking greater interest in establishing ”rules of the road” for Internet traffic, and McAfee Labs expects to see more and more instances in which future solutions are hampered by legislative issues.

What Organizations Should Do:  Organizations should keep an eye on legislation that may require additional legal requirements for managing current DNS infrastructure, which may not be compatible with DNSSEC infrastructure. If such requirements are implemented, then the process of upgrading the security of our DNS infrastructure may be put on hold while committees seek a technical middle ground between the law and DNSSEC.

7. Traditional spam will go ”legit,” while spearphishing will evolve into targeted messaging

The Threat: McAfee Labs has seen a drop in global spam volumes in the past two years. However, legitimate advertisers are picking up where the spammers left off using the same spamming techniques, such as purchasing email lists of users who have ”consented” to receive advertising or purchasing customer databases from companies going out of business. McAfee Labs expects to see this ”legal” spam and the technique known as ”snowshoe spamming” to continue to grow at a faster rate than illegal phishing and confidence scams.

What Organizations Should Do:  The snowshoe spam techniques that will be so popular in the coming year dictate a more holistic approach to prevention. When spam engines are changing domain ID and IP address every hour or so, signature and even heuristic filtering techniques will catch an ever-smaller fraction of bad email. Organizations can’t stop using them, but they can add sophisticated network filtering techniques with real time data feeds that identify and block each attack as the spammer changes source IP.  At the same time, enterprise IT needs to understand that many of the miscreants intent on making money from spam have moved onto spearphishing, which doesn’t really lend itself to a pure technology solution. The best defense against spearphishing is employee (particularly executive employee) education. Next generation firewall technology can also help prevent employees from accessing rogue sites.

8. Mobile botnets and rootkits will mature and converge

The Threat: 2011 has seen the largest levels in mobile malware history. In 2012, McAfee Labs expects for mobile attackers to improve on their skill set and move toward mobile banking attacks. Techniques previously dedicated for online banking, such as stealing from victims while they are still logged on while making it appear that transactions are coming from the legitimate user, will now target mobile banking users. McAfee Labs expects attackers will bypass PCs and go straight after mobile banking apps, as more and more users handle their finances on mobile devices.

What Organizations Should Do:  The number of threats targeting mobile devices is still extremely small and not all of them even have the ability to do a lot of damage yet.  Cybercriminals are on reconnaissance missions more than anything else.  This will change, however, and when it does, enterprise IT needs to be ready.  In 2012, organizations should develop mobile access and security policies and determine exactly what sort of technologies will be needed to prevent the mobile era from completely corrupting enterprise information security.

9. Rogue certificates and rogue certificate authorities will undermine users’ confidence

The Threat: Organizations and individuals tend to trust digitally signed certificates, however, recent threats such as Stuxnet and Duqu used rogue certificates to evade detection. McAfee Labs expects to see the production and circulation of fake rogue certificates increase in 2012. Wide-scale targeting of certificate authorities and the broader use of fraudulent digital certificates will affect key infrastructure, secure browsing and transactions as well as host-based technologies such as whitelisting and application control.

What Organizations Should Do:  First, organizations should ensure that all of the SSL certificates they use in the normal course of business are current and not dependent upon authorization from any suspect issuers.  McAfee expects lists of ”good” and ”questionable” issuers begin to appear in 2012.  Second, policies should be developed and deployed to deal with ”self-signed” certificates.  Accepting a self-signed certificate from a well-known company such as Verisign is sensible, whereas, accepting one from an unknown party in the Ukraine is a very different proposition.

10. Advances in operating systems and security will drive next-generation botnets and rootkits

The Threat: New security features baked into the core of the operating system will cause hackers to find alternate entryways: down into the hardware and out of the operating system. Attacking hardware and firmware is not easy, but success allows attackers to create persistent malware in network cards, hard drives and even system BIOS (Basic Input Output System). McAfee Labs expects to see more effort put into hardware and firmware exploits and their related real-world attacks through 2012.

What Organizations Should Do:  From a prescriptive perspective, this issue has the advantage that the solution has to be almost completely technological with no user involvement.  Organizations can’t educate their way out of this problem, so enterprise IT will need to develop policies, procedures, and deploy prevention and mitigation tools as this class from threat proliferates.

In Summary

As technology evolves and our use of the Internet and mobile devices becomes more complex, cybercriminals are also evolving and honing their skills with new types of attacks. But although some of the threats may seem scary, the reality is many offer new takes on old forms of attack and with a little bit of foresight and preparedness, organizations can guard against them.

To keep up on the latest threats and to learn how to protect your organization, please visit: http://blogs.mcafee.com/mcafee-labs.

Pressreleasen kommer från: Newsdesk