Skip to main content

Non-Windows attacks will increase in 2013


Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware.As your work and play converges even more on a digital device - a tablet, smartphone or the laptop, beware of the increasing threats. Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware. Consumers aren't the only ones at risk of mobile threats.


Enterprises, particularly those embracing Bring Your Own Device (BYOD), are also at risk. Overall, non-Windows attacks will increase in 2013. Software security expert McAfee, an Intel company, in a release, looks at the threats to computers in 2013: 

Top 10 Enterprise Security Predictions 

1. Targeted Attacks: 2012 saw an increased growth in targeted attacks that proved successful in disrupting service and fraudulently obtaining significant amounts of intellectual property. We expect cyber criminals will continue to use this method and as a result, in 2013, we are likely to see significantly more targeted attacks and targeted malware. This type of attack is more difficult to protect against. Uniform attacks are still out there but as soon as they are identified and a security fix is released they are no longer effective. 

One disturbing development in this trend across 2012 was that we started to see more targeted attacks that destroyed evidence of the attack afterwards and we are likely to see this continue. We have seen attacks where 30,000 hard drives were left non-operational after an attack. Dealing with the clean-up distracts the IT administrators who don't immediately realize they have been hacked. It also adds to the difficulty in ensuring effective incident response as hackers literally attack any hardware on the way out. Protecting against this will be a major challenge - particularly for enterprise and government. 

2. Signed malware: Signed malware was prevalent in 2012 and this is likely to continue. Signed malware is present when a hacker obtains a digital certificate from an organization and appends it to malware, allowing the malware to pass through an organization's operating system. Stuxnet is a high profile example of this threat. There will be a large increase in this type of threat and it will be harder to stop because it appears more legitimate. 

3. Big business at risk: Enterprises can be at a higher risk of an attack as there is often a greater attack surface and more 'visibility gaps' in their security posture. With targeted attacks on the rise, the motives to target a large enterprise are often greater than a smaller organization. 

4. Non-Windows attacks: We suspect non-Windows attacks will continue to increase in 2013. Android devices are now the highest selling mobile devices in the Asia Pacific market and hackers will take advantage of that by developing mobile malware. Consumers aren't the only ones at risk of mobile threats.

Enterprises, particularly those embracing Bring Your Own Device (BYOD), are also at risk. Interestingly, the mobile malware growth rate is similar to what we saw for Windows malware some time ago, which shows it is a genuine threat. McAfee's Q3 Threat Report for 2012 showed mobile malware almost doubled when compared to the previous quarter's numbers. 

5. Ransomware: This will also be prevalent in 2013. Ransomware is operated by encrypting files on a victim's computer which can only be unlocked by paying the criminals a 'fine'. It has been a big issue in other countries around the world in the past. 
       

6. Impact of changing regulations: The Indian banking regulator (RBI) has generally been proactive in advising banks on issues relating to security and has acted as an important institution to drive the importance of this matter at the level of Board of Directors. According to the Reserve Bank of India report released in January 2011, the regulator acknowledges that given the increasing reliance of customers on electronic delivery channels to conduct transactions, any security related issues have the potential to undermine public confidence in the use of e-banking channels and lead to reputation risks to the banks.

The regulator has institutionalized a whistle-blowing system by means of a quarterly assessment of all banks towards their progress on these guidelines in the AFI (Annual Financial Inspection) cycle 2011-2012. To conform to these guidelines, financial services organizations in India will need to demonstrate compliance with RBI regulatory mandates, which include data protection, event collection and analysis, endpoint controls, and related security measures. 

7. Need for incident response: In 2013, organizations will have to review their processes for dealing with a targeted attack. If the organization falls foul from a targeted attack or Advanced Persistent Threat (APT) they will need to adopt a process of incident response and many organizations don't necessarily have the technologies in place to ensure timely investigation and remediation is possible. As such, solutions providing incident response capabilities will become a security infrastructure priority for many organizations over the next year. 

8. Security Process Automation: In many organizations cyber security function is one of the only IT functions that have not yet leveraged the speed, visibility and capabilities provided through automation. With an increasing number, variety and complexity of the threats faced by organizations, many security technologies still require hands-on management. We expect that IT managers will have to embrace security automation in order to keep up. 

9. Connected Devices: We also anticipate the growth in number and variety of new connected devices will provide additional gateways for hackers to access personal or business networks - these 'connected devices' include connected homes and connected cars. While the home or car may not be hacked, they are used as a vehicle to access other networks. 

10. Bring Your Own Application (BYOA): With BYOD comes Bring Your Own Applications where many employees are now downloading Apps within the organization. As a result IT administrators are losing control of what tools and applications are used inside the enterprise and business users (often lacking in an understanding of the potential security risks these applications can pose) are becoming their own system administrators.

There are many examples of Apps that transmit information with no security, Apps that leak sensitive information, through to Apps that are malicious and place the user and the information at risk. 


source:economictimes.com

Comments

Post a Comment

Popular posts from this blog

CIA Triad for- Base of Information security

The essential security principles of confidentiality, integrity, and availability are often  referred to as the  CIA Triad. All security controls must address these principles. These three  security principles serve as common threads throughout the CISSP CBK. Each domain  addresses these principles in unique ways, so it is important to understand them both in  general terms and within each specific domain: Confidentiality is the principle that objects are not disclosed to unauthorized subjects. Integrity is the principle that objects retain their veracity and are intentionally modified by  authorized subjects only. Availability is the principle that authorized subjects are granted timely access to objects  with sufficient bandwidth to perform the desired interaction. Different security mechanisms address these three principles in different ways and offer varying  degrees of support or application of these principles. Objects must be properly classified

List of Company Slogans

·          3M : "Innovation" ·          Agere Systems : "How Communication Happens" ·          Agilent : "Dreams Made Real" ·          Airbus : "Setting the Standards" ·          Amazon.com : "…and You're Done" ·          AMX : "It's Your World. Take Control" ·          Anritsu : "Discover What's Possible ·          AT&T : "Your World. Delivered" ·          ATG Design Services : "Circuit Design for the RF Impaired" ·          ATI Technologies : "Get In the Game" ·          BAE Systems : "Innovating for a Safer World" ·          Ball Corporation : "The Leader in Small Space and Rocket Systems" ·          BellSouth : "Listening, Answering" ·          Blackhawk : "Powering DSP Development" ·          Boeing : "Forever New Frontiers" ·          Bose Corporation : "Better Sound Through Research" ·          Bowers & Wil

My Article :- હેકર બનવું છે? કઈ રીતે?

મારી ૨ વર્ષ ની કારકિર્દી માં મને કેટલાય  લોકોએ, ખાસ કરીને કોલેજ ના વિદ્યાર્થીઓએ ઘણી વાર પૂછ્યું છે કે "મારે હેકર બનવું છે. તો હું શું કરું? " અને મારા બ્લોગ્સ માં પણ પૂછવામાં આવે છે કે એક સારો હેકર કઈ રીતે બની શકાય? એવું હું શું કરું અથવા તો મારા માં કઈ લાયકત હોવી જોઈએ એક હેકર બનવા માટે? આ પ્રશ્ન નો સંતોષકારક જવાબ આપવા માટે મેં internet પર શોધખોળ કર્યા પછી મને જે કઈ માહિતી મળી તેને હું આજે અહી રજુ કરું છું. મિત્રો, સૌપ્રથમ હેકર કઈ રીતે બનવું એ જાણવા પહેલા એ જાણવું જરૂરી છે કે ખરેખર હેકિંગ શું છે ? અને હેકર કોને કહેવાય. હેકિંગ ની સીધી અને સરળ વ્યાખ્યા નીચે મુજબ છે.  "તમારા કમ્પ્યુટર,નેટવર્ક(ઈન્ટરનેટ કે LAN દ્વારા) કે કોઈ ડીવાઈસ માં (ફોન, ટેબ્લેટ) માં કરવામાં આવતા ગેરકાયદેસર પ્રવેશ અને ઉપયોગ એ હેકિંગ કહેવાય છે."અને હેકિંગ કરતા લોકોને હેકર કહેવાય છે. હવે તમને થશે કે આવું શું કામ કરવું જોઈએ? આ તો ક્રાઈમ છે. તો તમને જણાવી દઉં કે હેકર મુખ્યત્વે ૨ પ્રકારના હોય છે.    વાઈટ હેટ હેકર્સ (એથીકલ હેકર્સ) : ધારો કે તમે તમારો ફેસબુક નો પાસવર્ડ ભૂલી ગયા(ખરેખર ના ભૂલતા ક્યારેય..)કે ત