|Emerging Cyber Threats: 2012
A new report presented by the Georgia Tech Information Security Center (GTISC) in conjunction with the Georgia Tech Research Institute (GTRI) has revealed the top cyber threats of 2011, and what they think are the emerging cyber threats of 2012. With 2011 being a year that saw cyber attacks with an unprecedented sophistication and reach, preparing for 2012 is that more important for businesses and individuals alike.
These cyber attacks not only affect computers belonging to government or private interests, but they also affect the ordinary citizen as well. The Georgia Tech annual summit, which was held on October 11, provided a chance for security experts from the various sectors most affected by these attacks — industry, academia and the government — to discuss possible strategies to deal with the potential cyber attacks.
Below are four areas discussed at the conference and the highlights of each:
Mobile Threat Vector
- Applications related to mobile devices, such as phones and tablets, rely more and more on the Web browser, which has its own inherent security challenges.
- Threats targeting mobile devices can be expected to increase through such mediums as SMS, e-mail and Web browsers. What’s worse, once these attacks are launched, they will silently record and steal your data.
- Like USB flashdrives, which are known for their malware-spreading capabilities, mobile phones are becoming a new direction from which cyber attacks can be directed at otherwise-protected systems.
- Encrypting and encapsulating the more sensitive areas of a mobile device can strengthen its security overall.
- The controllers of botnets gather massive amounts of information on their targets and then sell that data to the highest bidder.
- Another lucrative avenue that has opened for botnet operators is in the area of providing information on already compromised targets, including information such as type of OS, applications running, and other such system information. In this way, attacks can be planned more stealthily to take advantage of this information.
- By borrowing techniques from Black Hat SEO new ways of deceiving current botnet defenses have become available.
Controlling Information Online
- Researchers are trying to decide if personalizing the online persona, such as for age, ethnicity, location, etc., is a form of censorship.
- Cyber attackers are optimizing their malicious sites so that they will rank high in search engine queries online.
- The overall trust model of the Internet is being exposed through the trend in compromised certificate authorities.
Advanced Persistent Threats
- By using advanced persistent threats, which change and adapt to the security measures presented, attackers are able to achieve their goals.
- Old areas of major vulnerability are still present: human error, weak passwords, and lack of user education.
- With the advent of cloud computing, whole new avenues of attack are opened up, potentially allowing cyber attacks to affect everyone on that particular server.
- Increasingly, it has been found that the perimeter defenses at the Internet entry/exit points are no match for the advanced persistent threats of cyber attacks.
For more information about the Georgia Tech Information Security Center report, visit: http://www.gtisc.gatech.edu/doc/emerging_cyber_threats_report2012.pdf