The fallout from just two recent data breaches -- against Target and SnapChat -- exposed the personal information of tens of millions of consumers in the weeks leading up to the end of the year. But these attacks are just the tip of a full-throated onslaught against enterprise networks. To get a sense of some of the threats enterprises need to guard against in 2014, SearchNetworking Associate Editor Sonia Groff spoke with two McAfee...
Labs security experts: Charles McFarland, senior MTIS researcher, and Norris Brazier, threat analyst. McAfee's 2014 Threats Forecast is available here.
What are going to be the main network security threats in 2014?
Norris Brazier: What we're going to see in 2014 is a lot of threats along the landscape of mobile platforms. That [has] been exploding over the last few years and there's pretty much one [mobile device] in every household. Also, toward the end of 2013 we saw an increase in ransomware and we expect to see a definite proliferation along those lines, especially crossing over from the PC world into the mobile landscape. Those are the two biggest, but we also expect to see more social attacks and PC server targeting in terms of hypervisors.
Charles McFarlandsenior MTIS researcher, McAfee
Charles McFarland: We're also seeing a lot of exposure to threats in cloud-based applications. We're seeing a lot of companies that are doing what [has] been called "bring your own application" where you have users using applications that can be cloud-based. That creates a really large target for a cybercriminal to attack.
What is the potential impact of social attacks on network security?
Brazier: The real-life impacts of the social attacks are quite big. Think in terms of LinkedIn. If someone at a company friends someone whom he thinks is legitimate and starts talking to the person about some sort of project that they have coming down the pipe [he may believe] he's sharing information from one developer to the next. Before you know it they have a competitor come out with a similar product sold at a lesser price. So there's an economic impact. Not only in terms of intellectual property, but it can also lead to propagating infections [and] creating botnets -- machines that report back to a server telling them what to do. We can move from social attacks to ransomware. For example, someone trusts a person on his Facebook account, so he clicks on a link [he or she posted], and before he knows it, his machine is encrypted. Now he's going to have to deal with paying a ransom to [have] his machine unlocked.
McFarland: The reason we have social media listed as one of the big threats for 2014 isn't necessarily because we think social media [is] the next big target, but [rather] because we've seen [an] increase in attacks. For example, look at Koobface and the amount of people affected by it. There are instances where people pretend to be other people on social media so they can social engineer their way into a network. One of the easy things you can get done is to get into a website and do a drive-by download. With Koobface you have tons of infections because of the way social networks are working right now. It's a very big threat factor and we've already seen the increase in the use of it in 2013. Social media is not just a problem for individuals. When you look at enterprises, they use social media to present information to their customers. We are predicting that Twitter accounts may be hacked. Passwords of users may be downloaded. That information goes out on the front end where companies directly interact with customers. That causes massive amounts of damage to your PR and your company.
How can companies prepare for these types of social attacks?
Brazier: Behavior is always important. You want to know your network intimately.
McFarland: When you're using social networks you have to know what it is you're using and what it does. For example, Facebook can be used on your PC or on your phone. Those are two different vectors that someone can use to infiltrate your social network. So you need to protect your PC by keeping your antivirus [software] up to date and look[ing] at Web scanning and Web traffic. In terms of bring your own device, professionals use their phones for work, but they may also have their Facebook account on their phone, as well. So you have to be careful about what you use and when and how you protect it. In the mobile space, we've even seen infections where Master Key back in July was circumventing digital picture validation on the Android system. So if that Android system that's coming into your network is infected, you'll have big problems.
Looking back at the emergence of the "Deep Web" that was mentioned in the Q3 report, how do you judge its impact in 2014, and why is it important to pay attention to it?
McFarland: What we've seen is that we have this underground market that is selling mostly drugs and it was using crypto-currency as its main form of transaction. We see virtual currencies being a big part of security. We've seen ransomware now asking for virtual currency. In the Deep Web, there is a lot of traffic with this crypto-currency, mostly bitcoin. The underground market is an interesting dynamic because it is relatively new and there are a lot of things going on. There is law enforcement going after that. Quite a bit of what is occurring is what's called "Tor." It used to be called the Onion Router. What Tor allows [hackers] to do is encrypt the traffic and hide. So looking at some of the attacks that we're going to see in the future, there are points where you will be able to purchase stock, using these crypto-currencies that will go toward financing a malicious attacker. Everyone will be affected by it, although not necessarily directly. There are a lot of locations on the Deep Web where you can post information that cannot easily be taken down. So, if for example, your enterprise was infiltrated and data had been leaked, it could be posted on forums that can't be easily taken down by law enforcement. There could be a long period of time that you would be losing money because of this data leak. The Deep Web allows a difficult and somewhat unrestricted Web route for cybercriminals to act in. Any enterprise needs to be concerned, not just about security, but also about who are the bad guys and what can they do. These forums on the [Deep] Web allow them to easily transfer information. We have groups acting together for a single goal. A lot of it is for monetary gain, but we also have hacktivism to worry about. So everybody should be concerned about this.
Brazier: What makes the Deep Web attractive is that there is money to be made, and that's why it will continue in 2014.
McFarland: Security doesn't have a silver bullet. As the security industry changes, so do the bad guys. That's why education is at the forefront. Educate yourself in how to stay secure [and] then you can begin to stop a lot of these threats before they happen, or at least recognize when they happen so you can mitigate the damage.
You have to change your security based on your behavior. And we all know business changes over time. So you need to know your industry and know your network and you need to keep up with the current business practices regarding your data and everything else. Ten years ago we weren't even worried about social media. That wasn't a way we were getting attacked on our networks. These days we have to worry about that. Many companies are trying to block all types of social media from getting into their network, but that's a very difficult endeavor, so the smart thing is to understand that this is the way our business model is working.
Brazier: It's more than keeping your IT up to date. If you see something, say something. If you see a guy using a piece of hardware and you don't know what it is, report it.
What are steps individuals can take to prevent some of these attacks?
McFarland: Look at what you use and how it can be misused. Everyone does business on their phone. You need to look at every application you install and make sure the settings are correct. There are certain applications that do not need to know your GPS settings. There are certain applications that don't need to know certain personal information. The more you give those applications and the more you just press "accept" without understanding what that means, the more vulnerable you make yourself. So just the simple steps of understanding what you are installing and asking why it needs what it's asking for are ways to protect yourself as an individual.
Brazier: You want to be functionally paranoid. It's okay to download apps, but do your research.