By Dr. Guy Bunker @guybunker
It seems the last of the festive lights have been taken down and the final crumbs of mince pies swept away, so now we can look forward to the coming year. Already the media has been busy with news of prolific cyber-attacks, the likes of which have never been seen alongside the repercussions becoming such a consideration in 2015. But what else do I think is coming our way?
Certainly the ‘social media’ attacks (or compromises) will have some of the most far reaching impacts. Metadata associated with images to find the location where the picture was taken is now making it into the mainstream. Compromises on tools such as DropBox will also force organizations to rethink their use of popular cloud collaboration platforms for storing and sharing their critical information. These changes may make organizations put up their own ‘semi-private’ clouds – servers and applications that they ‘own’ in their own DMZ, where they have improved control, especially for administrative access and monitoring.
Open Source vulnerabilities and exploits, such as Heartbleed and Shellshock have also had an effect. Targeting open source applications will emerge as another attack vector, to be used by technologically competent cyber-criminals. New vigilance will be needed to assess open source solutions to ensure that they are secure, before they are deployed.
The socially-engineered APT will continue to increase, and from the system infrastructure side DDoS attacks will continue to rise as recently seen with both Microsoft and Sony. Tools are available to counter both, but these in turn will need to evolve to keep up with the ever increasing complexities of such attacks. And in turn, outside of these targeted attacks on the large household named Enterprises, we will unfortunately continue to see a rise against the smaller organization, the SME, as their information becomes more marketable by the cyber-criminals.
I don’t think we will see any attack vector becoming less heaviliy used. We also saw the return of some ‘old’ exploits, as they have now become commercialised and therefore more open for *anyone* to use.
From a technology standpoint, I expect 2015 to be a busy year with the media constantly reporting on new targets, new attack vectors and growing ramifications of such exploits. It will also become more apparent that the Enemy Within is not going away… moreover this will become more prevalent as both a route and a source of attack.