Written by Glen Ogden, Regional Sales Director, Middle East at A10 Networks
1 – Malvertisers Will Dole out Trouble as They Infiltrate Ad Networks
Malware distributors have zeroed in on a fast and effective way to infect millions of users: malvertising. With malvertising, cybercriminals distribute malicious code through online advertising networks. Because the malware-laden advertisements are hosted by legitimate websites and the ads constantly change, traditional security tools that “black list” malicious sites cannot easily block malvertisers’ ads. Malware-laden ads often silently infect machines without users’ knowledge. In 2015, we predict that malvertisers will take advantage of new exploits, known exploits like Dynamic DNS, and signature and sandbox evasion techniques to further propagate their malware across advertising networks. To prevent malware infections, organizations should install anti-malware software on client machines and enforce security controls on clients’ browsers. Advanced threat protection platforms can also help detect malware in web traffic. Since many web-based advertisements are now delivered over SSL, organizations should decrypt and inspect encrypted traffic.
2 – A New DDoS Amplification Attack Will Emerge
Over the past two years, cybercriminals and other mischief-makers have exploited DNS and NTP servers to amplify the size of their DDoS attacks. With DNS and NTP amplification attacks, an attacker spoofs, or impersonates, the attack target and sends a small request to a reflector, which is a server that replies with a much larger response to the victim, flooding the victim’s network. DNS amplification attacks can increase the size of DDoS attacks by up to 54 times, while NTP amplification attacks can magnify DDoS onslaughts by a factor of 556 times. But DNS and NTP are not the only culprits of amplification attacks. Attackers can also leverage SNMP, NetBIOS, and other protocols to launch amplification attacks. Attackers have even exploited WordPress applications to carry out large-scale DDoS assaults. Amplification has contributed to the escalating size of DDoS attacks. Between 2011 and 2013, DDoS attacks grew in average size from 4.7 to 10.0 Gbps1[i]. But the real story has been the increase in the average packets per second for typical DDoS attacks; in fact, DDoS attack rates have skyrocketed 1,850% percent to 7.8 Mpps between 2011 and 2013. Many of the largest DDoS attacks over the past two years have been amplification attacks. We predict that in 2015, a new type of DDoS amplification attack will make headlines. While DNS and NTP amplification took the security world by storm in 2013 and 2014, attackers will uncover and exploit a yet unknown attack next year. Attackers continually investigate new attack vectors, as witnessed by the recent discovery of DVMRP-based reflection attacks. Disclosed by Team Cymru, Distance Vector Multicast Routing Protocol (DVMRP) reflection attacks have already been observed by service providers. To protect against amplification attacks in 2015, organizations should deploy security equipment that can mitigate large-scale DDoS attacks.
3 – Traditionally “Secure” Infrastructure such as VDI Will Be Compromised
Virtual Desktop Infrastructure (VDI) allows organizations to host desktop environments on servers and enables users to access these desktops from any location. Compared to traditional desktop infrastructures, VDI provides a host of advantages; organizations can lower hardware and operating costs, support Bring Your Own Device (BYOD) initiatives, and bolster security. Since all data is stored in a central location—rather than on endpoint devices—VDI reduces physical data theft risks. However, desktop virtualization also exposes new security challenges. Organizations often host multiple desktops with the same operating systems and the same set of applications on a single physical server. Without proper isolation, an attacker can install a rootkit and compromise multiple desktops. With limited system diversity, attackers might uncover a vulnerability, allowing them to quickly exploit thousands of desktops in one fell swoop. We predict that in 2015, attackers will execute more brute force attacks and conduct new and creative attacks on virtual desktops. To protect VDI environments, organizations should implement operating system or application isolation—especially if virtual desktops are hosted in the cloud. Organizations should also control how data can be transferred to and from VDI environments, install anti-malware software, and monitor for intrusions.
4 – The Internet of Things (IoT) Will Expose New Security Risks
More knowledge and convenience is not always a good thing. The Internet of Things (IoT) promises to make our lives easier, but without proper safeguards, it also opens us up to an array of new security threats. Even though IoT is still in its early stages, the number of devices connected to the Internet is growing, thereby increasing the potential for attacks at any time.
Three potential IoT risks include:
1. Attackers using brute force or knowledge of default credentials to gain access to IoT devices or to the cloud infrastructure that stores IoT data.
2. Malware infiltrating high-end IoT devices, such as SmartTVs, that have full Android operating systems and access to app stores.
3. Malware infecting PCs and tablets that manage IoT devices, such as home security systems or cameras.
To reduce risks associated with IoT devices, consumers and businesses alike should investigate how the device is accessed and whether it stores sensitive data. They should avoid installing unknown software and, whenever possible, configure strong passwords on devices.
5 – POS Systems Will Continue to Be under Fire, but Smart Cards Will Come to the Rescue
Retail breaches overshadowed virtually every other attack vector in late 2013 and 2014. A continuous parade of breach disclosures hit headlines and affected many of the world’s most well-known retail brands. The culprit behind these breaches: malware infections on point-of-sale (POS) devices. Using a variety of techniques, including brute force and compromising management or software update tools, hackers are able to install malware on POS systems. The malware scrapes credit card numbers and CVVs from system memory. The most advanced malware strains can actually capture data from inter-process communications, quickly zeroing in on payment card data. Malware-infected-pos-system2While we predict that these attacks will continue, the migration to chip-and-pin smartcards towards the end of 2015 will make it harder for hackers to monetize the data stolen from POS systems. They won’t be able to use fake magnetic cards and will primarily be relegated to online payment fraud. What should organizations do to prevent POS-based breaches? They can protect POS systems from malware using white-listing, code-signing and behavioral techniques, harden systems against compromise by controlling who and what can access POS terminals, and monitor for infiltrations with advanced threat prevention platforms. And since malware can communicate to command and control servers over SSL and over normally harmless protocols like DNS, organizations should inspect all traffic, including encrypted traffic.
About the Author
Glen Ogden is the Regional Sales Director, Middle East at A10 Networks. Glen has over 16 years combined experience in Application Delivery and Network Security, holding positions with F5, NetScaler, Cogneto, Nokia and Qualys. Glen holds a post-graduate degree in International Business from Hull University, United Kingdom.