De­cod­ing Net­work Se­cu­rity

The emer­gence of in­creas­ingly so­phis­ti­cated eva­sion tech­niques will push the bound­aries of de­tec­tion and foren­sic in­ves­ti­ga­tion as hack­ers face in­creas­ing pres­sure from law en­force­ment.

Voice&Data - - COLUMN -

Global Se­cu­rity Strate­gist, Fortinet

As 2016 ap­proaches, Fortinet and its threat re­search divi­sion, For­tiGuard Labs, have made their an­nual pre­dic­tions of the most sig­nif­i­cant trends in mal­ware and net­work se­cu­rity go­ing into 2016.

The In­ter­net of Things (IoT) and cloud will play heav­ily in the pre­dic­tions but new ma­li­cious tac­tics and strate­gies will cre­ate unique chal­lenges for ven­dors and or­ga­ni­za­tions alike.

For­tiGuard also pre­dicts the emer­gence of in­creas­ingly so­phis­ti­cated eva­sion tech­niques that will push the bound­aries of de­tec­tion and foren­sic in­ves­ti­ga­tion as hack­ers face in­creas­ing pres­sure from law en­force­ment.

The top cy­ber­se­cu­rity trends for 2016 in­clude:

Sev­eral trou­ble­some proofs of con­cept made head­lines in 2015 demon­strat­ing the vul­ner­a­bil­ity of IoT devices.

In 2016, though, we ex­pect to see fur­ther de­vel­op­ment of ex­ploits and mal­ware that tar­get trusted com­mu­ni­ca­tion pro­to­cols be­tween th­ese devices.

For­tiGuard re­searchers an­tic­i­pate that IoT will be­come cen­tral to “land and ex­pand” at­tacks in which hack­ers will take ad­van­tage of vul­ner­a­bil­i­ties in con­nected con­sumer devices to get a foothold within the cor­po­rate net­works and hard­ware to which they con­nect.

While worms and viruses have been costly and dam­ag­ing in the past, the po­ten­tial for harm when they can prop­a­gate among mil­lions or bil­lions of devices from wear­ables to med­i­cal hard­ware is or­ders of mag­ni­tude greater.

For­tiGuard re­searchers and oth­ers have al­ready demon­strated that it is pos­si­ble to in­fect head­less devices with small amounts of code that can prop­a­gate and per­sist. Worms and viruses that can prop­a­gate from de­vice-to-de­vice are def­i­nitely on the radar.

The Venom vul­ner­a­bil­ity that sur­faced this year gave a hint about the po­ten­tial for mal­ware to es­cape from a hy­per­vi­sor and ac­cess the host op­er­at­ing sys­tem in a vir­tu­al­ized en­vi­ron­ment.

Grow­ing re­liance on vir­tu­al­iza­tion and both pri­vate and hy­brid clouds will make th­ese kinds of at­tacks even more fruit­ful for cy­ber­crim­i­nals. At the same time, be­cause so many apps ac­cess cloud-based sys­tems, mo­bile devices run­ning com­pro­mised apps can po­ten­tially pro­vide a vec­tor for re­motely at­tack­ing pub­lic and pri­vate clouds and cor­po­rate net­works to which they are con­nected.

Romber­tik gar­nered sig­nif­i­cant at­ten­tion in 2015 as one of the first ma­jor pieces of “blast­ware” in the wild.

But while blast­ware is de­signed to de­stroy or dis­able a sys­tem when it is de­tected (and For­tiGuard pre­dicts the con­tin­ued use of this type of mal­ware), “ghost­ware” is de­signed to erase the in­di­ca­tors of com­pro­mise that many se­cu­rity sys­tems are de­signed to de­tect. Thus, it can be very dif­fi­cult for or­ga­ni­za­tions to track the ex­tent of data loss as­so­ci­ated with an at­tack.

Many or­ga­ni­za­tions have turned to sand­box­ing to de­tect hid­den or un­known mal­ware by ob­serv­ing the be­hav­ior of sus­pi­cious files at run­time.

Two-faced mal­ware, though, be­haves nor­mally while un­der in­spec­tion and then de­liv­ers a ma­li­cious pay­load once it has been passed by the sand­box. This can prove quite chal­leng­ing to de­tect but can also in­ter­fere with threat in­tel­li­gence mech­a­nisms that rely on sand­box rat­ing sys­tems.

Each of th­ese trends rep­re­sents a sig­nif­i­cant and novel chal­lenge for both or­ga­ni­za­tions de­ploy­ing se­cu­rity so­lu­tions and for ven­dors de­vel­op­ing them.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.