December 22, 2015
Check Point Security Predictions for 2016
Simon Moor, UK regional director for Check Point gives his security predictions for the coming year, featuring Scada, IoT and wearable attacks increasing but most problems still due to software vulnerabilities unpatched.
Simon Moor, UK regional director, Check Point
If a week is a long time in politics, as former prime minister Harold Wilson observed, a year in cyber-security can seem like an eternity.
But despite rapid changes, many things remain constant. Check Point's top three predictions for this year – unknown malware, mobile threats and critical vulnerabilities in popular platforms – were all realised and will remain a significant threat. The cat-and-mouse game that has typified cyber-security continues, with hackers constantly finding new ways in which to attack networks – as the high-profile breaches at Anthem, Carphone Warehouse, Ashley Madison and TalkTalk showed.
Of course, I would prefer these predictions not to come true. But by anticipating the next wave of threats, we hope to help businesses stay on top of the evolving tactics that criminals will use to target them. So here are ten IT security threats and trends that we can expect to see during 2016.
‘Sniper' and ‘shotgun' malware
We believe that larger breaches in 2016 will be the result of custom malware designed to get past the defences of specific organisations, such as the attack on US retailer Target. While generic, broad-brush attacks will continue to threaten individuals and small enterprises, hackers will raise their game for larger organisations with more sophisticated security postures. They will use deeper, more sophisticated social engineering tricks to gain access to the data that they want.
Moving to mobile
Mobile attacks continue to increase as mobile devices become more commonplace in the workplace, offering hackers direct and potentially lucrative access to personal and corporate data. Our 2015 Security Report found that 42 percent of organisations had suffered mobile security incidents, which cost more than US$ 250,000 (£165,000) and 82 percent expected incidents to rise. This year has also seen several high-profile mobile vulnerabilities emerge, including Certifigate on hundreds of millions of Android devices and XcodeGhost, the first major malware infection targeting non-jailbroken iOS devices. We expect to find more in the next year.
In the ongoing battle between hackers and security professionals, attackers are deploying more sophisticated, custom variants of existing malware and zero-days that can bypass traditional sandboxing technology. These new attack vectors require more proactive and advanced solutions that catch evasive malware. CPU-level sandboxing is able to identify the most dangerous threats in their infancy before they can evade detection and infect networks.
Attacks on critical infrastructure
In December 2014, a steel mill in Germany was hit by hackers who accessed the plant's production network and caused “massive” damage. Also, the US Department of Homeland Security found that ‘Havex' Trojan infections had compromised industrial control systems in more than 1,000 energy companies across Europe and North America. Attacks on public utilities and key industrial processes will continue, using malware to target the SCADA systems that control them. As control systems become increasingly connected, this will extend the potential attack surface and require better protection.
IoT and smart devices
The Internet of Things is still emerging and is unlikely to make a big impact in 2016. Nevertheless organisations need to think about how they can protect smart devices and prepare themselves for wider adoption of the IoT. The key questions users need to ask is ‘where is my data going?' and ‘what would happen if someone gets hold of this data?' A year ago, we discovered a flaw in SOHO routers worldwide that could allow hackers to hijack the router to launch attacks on devices connected to it, and we will see more of these vulnerabilities in connected devices.
You wear it well
Wearables like smartwatches
are making their way into the enterprise, bringing with them new security risks and challenges. There are several security concerns about data that is held on smartwatches, or that wearables could even be used by hackers to capture video and audio via mobile remote access Trojans, so organisations that permit these devices need to ensure that they are protected with encryption and strong passwords.
Trains, planes and automobiles
2015 saw the emergence of car hacking, whereby the vehicle's software is hijacked to take control of it. In July, 1.4 million Jeep Cherokee vehicles were recalled in the US after security researchers found that they could be hacked via the connected entertainment system. With modern cars featuring more and more gadgetry and connected systems, we need to apply protection to these in-car systems. The same applies to the complex systems in aeroplanes, trains and other forms of transport.
Real security for virtual environments
Virtualisation has been adopted rapidly in the enterprise over recent years, whether it's through SDN, NFV or cloud computing. Virtualised environments are complex and create new network layers, and it's only now that we are seeing a real understanding of how to secure these environments. As organisations move to virtualised environments, security needs to be designed in from the outset to deliver effective protection.
New environments, new threats
2015 saw the launch of new operating systems such as Windows 10 and iOS 9. The bulk of enterprise attacks in recent years have been on Windows 7, but with Windows 10 experiencing a high uptake driven by the free download available, cyber-criminals will turn their attention to these new operating systems where updates are more frequent and users are less familiar with the environment.
Keep it simple
There is a shift towards centralised security management solutions to protect against multi-faceted threats. Large enterprises have a plethora of different security products on their network, which can quickly become unmanageable and impede rather than improve security. Consolidation offers a way of reducing both complexity and cost, preventing new threats from entering the gaps between systems.
Contributed by Simon Moor, UK regional director, Check Point
Also see a range of predictions in the January Print issue of SC Magazine UK