Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. I 2014 - A Security View-point With a careful analysis of security and IT trends in the most recent past and a strong foresight that comes from years of industry experience and intelligent extrapolation of the past and the present, Cyberoam brings to you Security Predictions for 2014. “Client-side software exploits” – it will be! Attacks on Industrial Control Systems & SCADA systems to continue Context-Aware security – the saviour of rising mobility Security of Hybrid Cloud Browser-based attacks are still hot! Mobiles still remain a darling of malware attackers 01 02 03 04 05 06 07 08 09 10 New exploit kits will be explored and used Attack vectors to get more intelligent “Internet of Things” adds Security risks for home devices Windows users at risk as Windows XP comes to end-of-life
  2. 2. Attacks in 2013 have left us with one clear picture – the rising sophistication and professionalism among attackers. In times to come, Cyberoam predicts attacks, wherein the attackers will get more specific, both in terms of their objective and attack strategies. Gone are the days when attacks were meant for the masses. Attackers nowknowwhom and howtheywould attackand theyarechangingtheir attackstrategiestohitstraightonthebull's-eyeratherthanshootinginthedark.In addition to this, few attacks from 2013 indicate the evolution of attacks including proven components from already-used attacks, combined to form more detrimentalattacks. Attack vectors to get more intelligent The amplified impact that an attack on Industrial Control Systems (ICS) can cause, justifies the interest attackers have on such systems. ICS/SCADA system attacks can cause catastrophic damage not only to a single unit but at times to an entire country/province. It is the spread of impact compounded with lack of adequate security available in such systems that have made ICS/SCADA networks a lucrative target for attackers. As per statistics, there were 198 cyber attacks in 2012 and the numbersincreasedto240in2013.Cyberoampredictsfurtherriseinsuchattackson ICS/SCADAnetworksin2014andbeyond. Attacks on Industrial Control Systems & SCADA systems to continue “Client-side software exploits” – it will be! Cyberoam Threat Research Labs foresees an increase in Client-side software exploits compared to the Server-side in next few years. 2013 has seen numerous such exploits where base client software like Microsoft and Adobe were exploited to spread the attack vectors across the network. The recent Microsoft advisories indicating client side exploits also support this prediction. Reasons for this hike include increased scope of exploitation with increase in attack vectors, higher base of users who use these softwares, and lastly, the money involved in it. The exploit kits used to exploit server side vulnerabilities cost much less than client side exploit kits, indicating the premium the latter demand. Realizing that client side exploits will bring in more money, the focus on exploiting client-side vulnerabilities will increasetoo!
  3. 3. With increase in number of security features or solutions in an organization's network to tackle emerging security risks, the job of security professionals is getting more complex. With rising number of devices, users and applications to monitor, this becomes even more difficult. The volume of data that the security appliance(s) offer on various parameters is becoming a problem for network administrators, presenting a need for context-aware security that enables faster decision making and action with the security intelligence it offers. Cyberoam predicts an increase in demand for context-aware security for 2014. The rising needincontext-awaresecuritygoesincontinuationwithCyberoam'spredictionin 2013regardingtheriseinneedforUserThreatQuotient&DeviceThreatQuotient. Increase in need for Context-Aware security Inagenerationofincreasedmobilitywheretabletsandsmartdevicesaredisplacing desktops and paper-based processes, more users are turning to Cloud, specifically the Hybrid Cloud, as it offers more efficiency, business optimization, access to real- time data and always-on availability. However, the ability of Hybrid clouds to burst into the public cloud space when necessary is bringing up security concerns. Although this capability is particularly useful to organisations, it may be a call for danger and users and security vendors are realizing this. Cyberoam predicts an increaseindemandforsecurityinHybridCloudenvironments. Security of Hybrid Cloud New exploit kits will be explored and used Use of Blackhole exploit kit for attacks is a known fact. It is no secret that it was used extensively for attacks in the past. But with the arrest of 'Paunch' in 2013, the man behind the Blackhole exploit kit, new exploit kits are slowly showing up. In addition to this, as attacks utilising Blackhole exploit kit have been exposed, it emerges as a need among attackers to come up with new ways to target their victims. Also, with recenttrends showingriseinexploitsbased on clientsidevulnerabilities,Cyberoam predictsthatthismenaceisonlygoingtoaggravate.
  4. 4. Increasing base of smartphone users is a primary reason for attackers to find interest in attacking those devices. In addition to this, users use their personal devices to access work emails and connect to company networks, which aggravates this interest further. Applications are the backbones of smart phones and most of the mobile apps lack adequate security, adding to the misery of security on mobile devices. All of these factors collate to increase the interest attackers have in smart devices. 2014 is sure to experience newer and sharper mobilethreats. Mobiles still remain a darling of malware attackers and exploits IOT- 'Internet of Things' is something we all are waking up to, these days. Everything seems to be on the Internet! Right from our work to social lives, and storage needs, Internet has also opened its doors to home devices now! As more and more home devices get connected to the Internet, it is obvious that attackers will soon find their way through them too. Cyberoam predicts a rise in need for security solutions for home devices, besides your office devices. Because one thing is evident – the level of risk and quantum of vulnerability is similar, irrespective of whether the device residesinyourhomeorinyourofficenetwork. “Internet of Things” adds Security risks for home devices Browser-based attacks are still hot! In a bait to achieve sure-shot infection and victimize users, use of browser-based attacks like Water hole will further rise. This will include a rise in exploitation of browser vulnerabilities and also use of malicious websites. Attackers will continue totargetusersbydirectingthemtotrustedandcommonlyvisitedURLswhichwould be infected with malicious codes. Water hole mechanism includes cyber offenders infecting websites that are frequently visited by their targets. In 2013, many have already agreed on the rise seen in watering holes. In fact a lot of hackers that were usingspearphishingattackstotargetusershavealsostartedusingwateringholes.
  5. 5. Windows users at risk as Windows XP comes to end-of-life As Microsoft decides to stop supporting Windows XP after 8th April 2014, users will need to upgrade to newer Windows versions, and so will the attackers shift their focus to these versions. Moreover, users who still continue to use Windows XP, will nothavetheirvulnerabilitiespatched,leavingthemopentoexploits. I Copyright © 1999-2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved Toll Free Numbers USA : +1-800-686-2360 | India : 1-800-301-00013 APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958 CERTIFIED VPNC Interop Basic AES SSL Advanced Network Extension SSL Basic Network Extension SSL JavaScript SSL Firefox SSL Exchange SSL Portal CERTIFIED VPNC AboutCyberoamTechnologiesPrivateLimited Cyberoam Technologies Private Limited is a global Network Security appliances company, offering future-ready security solutions to physical and virtual networks in organizations with its Next-Generation Firewalls (NGFWs) and Unified Threat Management (UTM) appliances. Cyberoam network security appliances offer multiple security features like stateful inspection firewall, Application Visibility & Control, Web Filtering, VPN, Intrusion Prevention System, Gateway Anti-Virus, Gateway Anti-Spam, Web Application Firewall, Bandwidth Management and Multiple Link Management over these appliances, depending on the need of organizations. The virtual and hardware Cyberoam Central Console appliances offer Centralized Security Management options to organizations, while Cyberoam iView allows intelligent logging and reporting with one-of-their-kind, in-depth reports. Cyberoam is accredited with prestigious global standards and certifications like EAL4+, CheckMark UTM Level 5 Certification, ICSALabs,IPv6Goldlogo,andisamemberoftheVirtualPrivateNetworkConsortium.Formoreinformation,please For more news and updates on latest security trends, Subscribe to Cyberoam blogs at