Yearly predictions are always risky. Even more so when your subjects are cybercrime organizations, hacktivist groups, and other security attackers – entities not exactly known for sharing plans.
Nevertheless, this task fits well into an overall goal of changing the accepted balance of power between attackers and defenders. As defenders, it seems we are destined to constantly be on the reactive side – unlike attackers, who are always the initiators. Therefore, the following predictions may help change these static roles, and allow you to look ahead at the upcoming threat trends to proactively plan your defense strategy.
5 Threat Trends
My 2013 predictions are based on real attack statistics collected by Radware’s Emergency Response Team over the past two years. Here they are.
1. Availability-based threats will become a major IT concern – A recent security survey we conducted revealed the growth in availability-based attacks, such as Denial-of-Service (DoS) and Distributed Denial of Service (DDoS). Hacktivist groups will continue taking advantage of the fact that many security professionals fail to realize how vulnerable their organizations are to an outage from simple volumetric threats.
2. Longer and more persistent attack campaigns – Security attacks will become more persistent and significantly longer. Only a few years ago attacks would last minutes or hours, but in 2012 we already noticed many attacks that lasted days and even weeks, while switching between multiple attack vectors. Attackers will increasingly adopt these long, persistent attack methods as they pose a serious challenge for most organizations.
3. Attackers will increasingly target dynamic web resources – Attackers are always looking for ways to amplify the impact of their attack. Dynamic web resources – data that changes frequently and cannot be cached by CDNs – provides a perfect opportunity for attackers. Attackers can easily bypass CDNs and directly attack dynamic web resources with significant results. The most vulnerable to this threat are financially-oriented web sites, which are inherently focused on dynamic data.
4. More encrypted-based attacks – I expect to see a rise in encrypted attacks carried over HTTPS. Such attacks, particularly at the application level, are very challenging for detection because they reach deep into the network before they are detected and inspecting traffic is not that simple. Most organizations are still not prepared enough to detect or mitigate attacks carried over encrypted traffic.
5. Targeted Advanced Persistent Threat (APT) attacks – In the past, the same security attacks would be launched repeatedly, using the same attack vectors and sequence while targeting a different victim each time. Not anymore. Attackers will launch unique attacks that are designed to exploit the vulnerabilities of a specific organization or network. Each attack will look different so that traditional defense mechanisms, which analyze past attacks and issue patches and signatures, will no longer be relevant.
5 Defense Trends
Since I raised the flag of proactivity, here are five defense approaches and trends we can expect looking forward.
1. Resource-aware detection – Current security solutions are challenged by low and slow attacks, which consume the resources of the attacked service making it unavailable. Such attacks appear legitimate in terms of traffic rates and protocol rules and are therefore difficult to detect. To provide a better detection and mitigation of low and slow attacks we will see resource-aware security solutions that can look into the servers they protect and identify the resource consumption.
2. Counter attack techniques – Defense strategies will increasingly incorporate counter attack techniques. Yes, counter attacks always raise debates, yet they are a decisive way of changing the inherent weakness in the defenders stance. They also allow organizations to stay a step ahead of cybercrime organizations, hacktivist groups and other attackers with malicious intent. Counter attack mechanisms will be able to identify the attack tool, launch a counterattack that exploits the tool’s weakness and slow down or completely neutralize the attack tool.
3. Security eco systems – In order to withstand Advanced Persistent Threat (APT) attacks that change from one case to another, a security eco systems is needed, in which multiple systems share data and work in synch. One such example is the synchronization between on-premise security devices and CDNs – a cooperation that will optimize the detection and mitigation of attacks targeting dynamic resources. Another example may include the synchronization between ISPs and on-premise devices, so that volumetric attacks can be mitigated early on before saturating the customer’s available Internet pipe.
4. Advanced security cloud services – We expect to see more security cloud services that will offload security operations performed on customer premises to the cloud for more effective and centralized handling. This may include malware and virus inspections, forensics and security expert audits – activities that do not require immediate, real-time action.
5. Application real-time signatures creation processes – The APT attack trend is creating a more pressing need for technologies that can automate the security signature creation – whether on the cloud or on premises. Automating the signature creation process will reduce the exposure time to attacks – from malware detection to the configuration of all systems with the new security signature