With 2012 just a few short days away, it’s that time of year when, in the words of McAfee Labs’ Dave Marcus, we “dust off the crystal ball, put on our battered Mr. Wizard hat,” and speculate about what the new year has in store. McAfee Labs recently announced its 2012 threat predictions, to which I’d like to add some color, and throw in some observations of my own.
Attacks on Critical Infrastructure
We expect that the volume and sophistication of attacks focused on critical infrastructure – in particular electric, oil and gas, and chemical, will continue to rise in 2012, taking the form of extortion, Denial of Service, and targeted Stuxnet-like attacks. In an ever more networked world, the cyber vulnerabilities of critical infrastructure pose challenges to governments and owners and operators in every sector across the globe.
Threats to Mobile Devices
With increasing popularity, and use cases expanding beyond games and books to work-related tasks like banking, we are seeing more and more people trying to exploit mobile systems. Last month, McAfee Labs released its Q3 Threats Report, which showed that the Android mobile operating system solidified its lead as the primary target for new mobile malware. The amount of malware targeted at Android devices jumped nearly 37% since Q2, putting 2011 on track to be the busiest in mobile malware history. We expect this trend to continue into 2012, with more organizations leveraging Virtual Desktop Infrastructure solutions to sandbox organizations from users’ consumer devices.
Consumerization of IT
In 2012, we expect to continue to see an increased use in tablets for mobile computing, as well as an increased use of social media applications from mobile devices. There will be more demand from both technical and business users wanting to bring their own devices, whether or not the company has authorized their use. 35 different brands of tablets were released this year – it’s a huge and growing industry, and organizations are leveraging technology like virtualization, network access control, and solutions like McAfee Enterprise Mobility Management to adapt to this flood of new technology.
Social media is already such an ingrained part of our personal lives, but it has now infiltrated even the depths of our businesses and organizations. Data loss prevention controls, firewalls, IPS, and the like will need to become more application aware in 2012 in order to allow organizations to continue to use social media from a business perspective. We are seeing more and more threats coming in through vehicles like Facebook and Twitter, and we expect to continue to see malware growth in this area, a threat that McAfee is taking very seriously.
McAfee’s Innovation Team has been working hard on a project to apply the concept of reputation from McAfee Global Threat Intelligence to social media systems, letting us probe sites like Twitter for malware-related concepts. On the horizon for 2012 are products using this data – for example, allowing bad tweets to be stripped out of your feed, and flagged in your Twitter reader.
We expect to continue to see an increase in malware and rootkits getting below the user space and into the kernel space, making it tough for most security controls to detect them. Rootkits will self-mutilate – when traditional anti-malware solutions look for malicious content, a rootkit doesn’t come up as looking like anything bad. But the malware is designed to reassemble itself so it can function. The system looks good, you back it up, and a few weeks later that machine you’re running is infected. You restore from what you thought was a good backup, but you restore with a rootkit that has reassembled itself.
Sometimes this means a whole rebuild and a new OS – one of the reasons why we are looking to move security down to the silicon level. Products like McAfee Deep Defender utilize McAfee DeepSAFE technology with Intel, to sit between the processor and the OS to help protect vital system software residing in the physical memory, providing a new view of the drivers and other software as they operate.
In the past, financial gain served as the primary motivation behind cybercrime, but we’re seeing increased groups of hackers with other motivations. They are guided by economic, political, or religious interests that generally go beyond their nation’s borders. In 2011, hacktivist “groups” like Anonymous and Lulzsec grabbed a significant number of headlines, and we expect to see this trend continue into 2012. Especially since many of these groups have garnered publicity and notoriety for their cause, we expect that more individuals will decide to take this path.
Spearphishing and SQL Injection Attacks
As the easiest and most common ways to penetrate an organization, these types of attacks are effective and extremely prevalent. User awareness and reputation solutions will be used to combat these types of threats, as well as improved coding techniques and better database security controls.
In 2012, we expect to see at least one major cyber security event similar to South Korea’s 10 Days of Rain attacks – a blatant attack from a nation state that will serve as a prelude to information warfare. Cybercrime has evolved from something of a hobbyist affair to a very professional activity, and is now being leveraged to increase a country’s political power. As the world enters a new period of tension, many countries have redirected their services toward a cyberwar strategy, and many states have not hesitated to put forward their expertise in this arena.
Here at McAfee, 2012 will continue to see a bringing together of network security, data, endpoint and security management. We’re looking for cohesive solutions – disparate parts that enrich each other with reputation information from McAfee Global Threat Intelligence, and pieces such as our acquisition of SIEM provider NitroSecurity, McAfee Risk Advisor, and security at the silicon level with McAfee Deep Defender. We will be bringing all of these pieces together, making them all much more relevant and central to the business.
Security is becoming more about business enablement and risk mitigation, as evidenced by the recent Disclosure Guidance on Cybersecurity issued by the SEC – a big step towards the widespread realization that for many orgs, IT and the business are one.
Optimized Security Strategies
Going into 2012, we will need to stop narrowing our focus on just stopping bad things from happening – we need to also focus on improving other business units to support this goal. For example, reducing the overhead for an organization’s help desk, and integrating IT and security as early on as possible. We need to see security as a business enabler that will allow us to take advantage of new market opportunities, without taking on inflated levels of risk.
What are your thoughts on this list – anything trends for 2012 that you would add or take away? Let us know here in the blog, or on Twitter at @IntelSec_Biz, where we regularly update our followers on McAfee news, happenings and events.