Biggest Security Threats: Malware on the Mac, mobile threats, social networks new stealth channel, targeted attacks, and cyberwar in the Middle East
London: First ever ‘State of the Threats Report’ released later this week predicts more malware on Macs, increase in cyber warfare in the Middle East and social networks used increasingly for stealth attacks. AlienVault, creator of OSSIM, the de facto standard open source SIEM (Security Information and Event Management), has launched its first ‘State of the Threats Report’, which brings together information from 18,000 security professionals around the world and the expertise from the Alien Labs, to provide the definitive overview of the IT security threats facing the world today.
Highlights from the report include:
• Social networks are the new stealth channel for malware command and control
• Political and espionage breaches rise, but financially-driven theft is still the major driver
• Increasing evidence of state-sponsored infiltration of political enemies via targeted malware
• Java, Office and Flash continue to be the largest attack surface for delivering malware
• Apple OSX malware proves that, just like Windows, the OS is only as secure as the software installed on it.
• New remote desktop software exploits highlight the importance of protecting remote access systems
• Criminals aren’t the only ones to bypass mobile device security as law enforcement agencies use their techniques too
AlienVault CTO, Roger Thornton said, “IT security threats are constantly changing, and they have the potential to impact every one of us. Staying on top of the latest threats and understanding how to protect themselves is a full time job for many IT security managers around the world, so the ‘State of the Threats Report’ helps them see quickly what they need to have on their radar. It is compiled based on input from more than 18,000 contributors, and from the threats we see live in our labs, so these are real problems that are only going to grow in the future.”
The report also goes into details on a number of different threats that it sees as being critical right now:
Malware on the Mac
Mac users, who perhaps experienced a certain degree of smugness in the past based on the relative invulnerability of their chosen computing platform, have found themselves to be at risk since the emergence of serious malware for OSX (the Mac operating system). These systems use exploits in third-party software to infect compromised systems with Trojans – and has resulted in Apple having to respond to the threat of malware on its systems.
Mobile Threats
Mobile malware is increasing exponentially, especially on the Android platform – which correlates with the Bring Your Own Device (BYOD) trend, where consumers are increasingly using their personal tablets and mobile devices for work purposes. This leaves corporations open to security threats through the ‘back door’ if they don’t act quickly and decisively to protect themselves, as mobile devices truly become the new ground in the battle to control the endpoint.
An interesting twist in the tale as mobile devices become more and more laden with information, is the pressure from law enforcement on Google and Apple (to name just two) to help them bypass security systems on mobile devices of criminals.
Targeted Attacks
Spearphishing emails continue to be the preferred method of delivering targeted malware to specific organizations, as seen by the Chinese-backed infiltration of Tibetan organizations. (Interestingly, when this was revealed by AlienVault, the company itself became a target for the cyber criminals who spoofed @alienvault.com email addresses to try to gain the trust of innocent targets.) It all highlights the need for all organizations, no matter what they do or where they are, to examine incoming emails with more than standard off-the-shelf antispam and antivirus tools.
Cyberwar in the Middle East
The internet has become the new battleground in the Middle East, as on-the-ground conflicts have exploded into the digital world. Military, government and civilian groups have all been targeted, primarily using techniques such as SQL Injection or DDos attacks. The battles have seen attacks and responses from all sides, triggering Middle Eastern countries to start training in preparation for attacks on critical infrastructure. The ideologically-driven nature of the activities means that they are likely to continue and intensify in the coming months.