Infotech Lead America: Kyle Adams, chief software architect for Mykonos at Juniper Networks, has shared six developments in the threat landscape in 2012.
Simple attack methods on web applications remain effective
Many of the large public companies this year fell victim to web application vulnerabilities like SQL Injection and Cross Site Scripting. These types of attacks have been known about for several years and remain a popular hacking method because of the relatively low level of sophistication needed and the potential difficulty in preventing them.
Mobile malware and application-centric threats continue to pose a risk to enterprise data
With the continued adoption of Bring Your Own Device policies in the workplace, the risk of mobile malware and invasive applications infiltrating critical corporate data continues to be a top concern. Indeed, 2012 saw a significant increase in the amount of malware and invasive apps aimed at mobile users with a 350 percent increase in mobile malware from Oct. 2011-Oct. 2012, and free applications being four times more likely to track user location and three times more likely to access address books than paid apps.
Increased transparency about data breaches
As the frequency of data breaches continues to increase, companies are judged more on how they handle incidents than if they experience an issue. It seems that many companies, who in the past would have hidden a breach, are now being open and honest about it with the public and their customers. Many companies are still not providing extreme detail about the nature of a breach, but they are taking a publicity risk by acknowledging their existence. Ultimately, this is a very promising development in the industry because it will help raise awareness about the importance of security.
Botnets take a beating
Building on earlier success, public/private partnerships were successful in taking down several prominent botnets responsible for everything from spam to the Zeus banking Trojan. Through a combination of forensic security research and novel legal arguments, researchers were able to block the command and control systems of some of the most infamous botnets.
Sophisticated mobile NFC vulnerabilities exposed
One of the most interesting development in the mobile security space is several vulnerabilities exposed related to the use of Near Field Communication (NFC) technology. NFC has been around for a decade, but 2012 marked an upswing in adoption with mass availability of financial and “mobile wallet” apps using the technology. And, it’s already proven to be a popular use case for demonstrating potential security hacks. At Black Hat th
is year, security researchers demonstrated how easy it is to remotely control a device by exploiting NFC. While an actual hack has yet to occur on a NFC-based mobile application, the technology will remain a likely target as consumer adoption increases.
Advanced Attacks Targeting Government Infrastructure
While the existence of state-sponsored cyber-attacks and espionage on critical government and business systems has existed for years, 2012 saw a significant uptick in sophisticated malware and other attacks. We learned about several new attacks aimed squarely at key government interests in the Middle East including recent Flame and Gauss cyber-espionage malware. Responding to these threats, we’ve seen several countries invest in new cyber-security capabilities, including the U.K. and Hong Kong.
Kyle Adams, chief software architect for Mykonos at Juniper Networks