Challenges with mobile device proliferation, the move to the cloud and stealth attacks that traditional defenses can’t spot are among the top cyber threats for 2014, according to a McAfee [MFE] report released this month.
Mobile malware will be the leader in new malware threats as firms and federal agencies wrestle with the increased numbers of mobile devices connecting to their networks. McAfee charted two billion new mobile endpoints, or devices, in 2013 alone.
“People care about mobility unlike any technology in history before,” said McAfee’s Chief Technology Officer for the Public Sector Scott Montgomery. “People take it personal.”
Employee’s attachment to their mobile device makes it harder for managers to regulate access to the network or the functionality of the device itself. The most secure mobile device management (MDM) policy sees IT departments mandating that the device is only allowed to have mission-critical data on it when it’s connected to the network via a secure thin client. With a more restrictive policy, “you’re not worried about the 50,000 devices but the 20 servers they’re connecting to,” Montgomery said. That, however, draws complaints from employees who insist on having access to data at all times–whether they’re working on the metro or stuck in a traffic jam.
Moving IT infrastructure, data storage and software delivery to the cloud has also created a new attack vector that will become more popular in 2014. Montgomery and other experts agree that it’s not the cloud technology itself that’s insecure, but the way the data is managed. When you relinquish data to your cloud provider’s servers, much like managed hosting, you lose some control over it. Agencies or firms that use cloud providers need to make sure the company has good practices for continuous monitoring of its own networks and infrastructure.
“Make sure that when you’re contracting with your cloud provider that your conditions are spelled out in black and white,” he said. “If you don’t contract for it, you’re not going to get it.”
McAfee predicts that cyber threats will also become stealthier. New malware will not fully reveal itself unless it knows for sure that it is on an application and not in a sandbox that IT specialists create to capture and test malicious code. Malware can now delete itself and increasingly hides in legitimate applications, causing them to behave malevolently.
While there is no “silver bullet” for stealth attacks, Montgomery said McAfee has come closer with one type of such attacks. Root kits infect a computer before it even boots up the operating system, targeting the drivers that tell computer hardware how to work with the software. McAfee has been able to detect 100 percent of root kits, he said, even though they do not have digital signatures like other files.
The success of McAfee’s root kit protection is part of the reason why microprocessor manufacturer Intel [INTC] acquired McAfee and recently announced the firm’s rebranding as Intel Security, Montgomery said.
The government should also be concerned about increased spear phishing, in which hackers send targeted emails to entice users to click bad links. The government shutdown, which saw mission critical IT offices stay open, had the byproduct of exposing the people that phishers should target to gain more profitable network access.
“If you’re an attacker, the government gave you the who’s who of who to do social reconnaissance against,” he said.
McAfee’s findings are not all bad news for large enterprises. The company has also begun to leverage big data about user activity to spot abnormalities. McAfee’s analytics software can give IT managers oversight across the network and alert them of suspicious activity, such as an employee accessing a file they would not normally access or downloading large amounts of files. Every device with an IP address–including fax machines, printers and even door badges–generate an activity log that McAfee can use to find a blip.
“It doesn’t make you a bad person, but it makes it worth it to look at,” Montgomery said.