Guest Post by Prateek Gianchandani
With the new year now upon us, what IT Security Trends can we expect to see in 2014? To find out, we turned to the experts at the InfoSec Institute.
Here are the 2014 security predictions from InfoSec Institute researcher Prateek Gianchandani.
Big Boom in Mobile Security
Security is catching up to mobile fast. We are in the post PC revolution and with the rise in the number of people using Smartphones, most of the information that we have is available to us anytime in the palm of our hand. In 2014, we will see a big rise in mobile security awareness among developers, as well as the number of mobile threats and malware. A number of new mobile security analysis tools will be launched and frameworks like Metasploit will also be added with a number of exploits for mobile operating systems. Mobile Developers will start realizing the fact that their applications are not secure and will begin taking precautions to prevent their applications from being exploited. Every company dealing with security will try to make use of this window and try to emerge as the leaders in the mobile security domain. We will also see a number of certifications being launched by companies with specific focus on Mobile Security.
Attacks on Bitcoin
Bitcoins are becoming popular for a quick and easy way of payment. In the coming year, we will see malware that specifically target the Bitcoin wallets of users. This is more effective because once the coins are stolen, they can be used instantly or even cashed out with full anonymity.
Services which Provide Anonymity Will be in Demand
As the normal user becomes more and more concerned about what they do online because of the intelligence agencies that keep an eye on everything, the use of services that provide more anonymity will become more popular among regular users. Services like Tor and VPN service providers will see a great increase in demand. New encryption mechanisms will also be used to encrypt data.
Concept of a Parallel Internet
The concept of a parallel Internet has been around for some time now. In the past, concerns have been raised over whether Internet censorship is the answer to defend against scenarios that could violate online piracy. This issue has become so prominent because popular sites like Google and Facebook allow users to share information without bearing responsibility for the content posted. Project Meshnet (originally called the Darknet) was born out of concerns over censorship and is aimed at setting up an open, decentralized, and censorship free Internet. This architecture makes mesh topology completely decentralized, (i.e. without any centralized authority) thus making it impossible to censor any form of data. In 2014, we will see an increase in the use of such parallel networks.
Another reason for this fragmentation of the Internet could be for the safety of the users. In the coming years, we might see some countries opting to have a separate “parallel” Internet that keeps a check on everything the user does, and does not allow anonymity at all. This will, however, go against the will of some users. Some countries like China are already doing a similar kind of thing and we will see this practice being followed by other nations or organizations in the coming year.
Personal Attacks Become More Common – and More Personal
We will definitely see a rise in the trend where cyber attacks are not directed at organizations but at individuals. Social Engineering attacks are definitely going to get some heat in the coming year as hackers realize that an individual is much more vulnerable. Attacks aimed at individuals working at an organization will also be a good medium to get some confidential data about the organization. This could include getting the source code of a product before it is released, stealing information about customers, etc.
Attacks on Cloud Storage Providers
These days, we store a lot of our information in the cloud using services like Dropbox, Google Drive, etc. There have been some claims made that companies like Dropbox store our information in an unencrypted format on their servers. As more and more companies start relying on these services to store data, and to exchange data between their employees, a successful attack on these service providers could turn up a lot of information for the hacker. In 2014, we are going to see dedicated attacks on these Cloud Service Providers. Expect at least one major and successful attack!
With the launch of the Samsung Galaxy Gear and Sony’s smartwatch, and with predictions that Apple is going to launch their own iWatch in the second half of 2014, developers will have one more device to build apps for. Just like any other product, these smartwatches are going to have some very common vulnerabilities that will be discovered by hackers. Even though I don’t expect a lot of smartwatch malware, we will definitely see some attacks against smartwatches.
More Advanced Malware
The standards are surely going to increase in 2014. Malware will be more intrusive, yet less easily detectable. Companies dealing with malware threats will have more and more work to do as these malwares become more advanced and stealthy. Expect a large increase in mobile malware.
About InfoSec Institute
InfoSec Institute was founded in 1998 by an expert team of information security instructors. Since then, InfoSec Institute has trained more than 15,000 individuals on everything from industry standard certifications like CISSP, to highly technical customized Windows Kernel Reverse Engineering courses. http://www.infosecinstitute.com/courses/security.html