WatchGuard Unveils high ten Security Predictions for 2022
WatchGuard Technologies’ security analysts offer their 2022 security predictions:
10) HTML5 offers 5 times the ways in which to hijack your web site – New internet technologies like HTML5 fuel the expansion for next year’s internet application attacks
Like the internet technologies that came before it, HTML5 is usually secure. In fact, it introduces some security advantages that might facilitate developers avoid common internet application pitfalls. However, the safeties of HTML5 applications depend on the ability and care with that the developers produce them. HTML5 is new and complicated. Developers are still obtaining comfy with it, which implies they’re possible to create programming mistakes that might translate into internet vulnerabilities. For this reason, WatchGuard predicts that the increased usage of HTML5 can heavily contribute to internet applications attacks next year.
9) Location aware malware customizes its attacks – Spyware is aware of where you reside
WatchGuard suspects that malware can increasingly leverage geolocation to customise attacks, therefore increasing its cash creating potential. a straightforward technique already in use is to forward victims in specific locales targeted fraud sites that job best in that region. WatchGuard anticipates hackers can realize even additional malicious ways in which to take advantage of geolocation in malware next year.
8) Attackers launch a digital attack that affects physical infrastructure or equipment – My power plant got a pandemic infection
Expect a minimum of one digital attack in 2012 to cause a big repercussion to a physical infrastructure system.
Attacks on infrastructure, like power grids, have long been theoretically possible; we tend to had never extremely seen one happen till Stuxnet came along. Stuxnet really infected SCADA equipment, and created changes that had real physical results.
Since then, researchers and attackers alike have heavily targeted SCADA systems. currently that they need seen what highly advanced malware will accomplish against industrial management systems, they need gone all in.
7) Because the high vector for social engineering and malware, Facebook is forced to extend its security – If Facebook does not “like” security they will surely get “poked”
Two years ago, WatchGuard predicted that social networks would be a dangerous playground for attackers. Last year, WatchGuard predicted that Facebook links would take over where malicious email attachments left off. This year each those predictions still prove true. Expect to visualize additional Facebook security updates next year.
In fact, in 2012 WatchGuard forecasts Facebook-based attacks can increase and Facebook are forced to take a seat up and take notice. Specifically, Facebook can implement new security solutions on their web site to avoid losing fed-up users.
6) Adoption of BYOD and IT self-service ends up in additional knowledge loss – Bring your own device suggests that clean your own infections
In 2012, WatchGuard anticipates many knowledge loss incidents and breaches as results of the increased adoption of Bring Your Own Device (BYOD) and self-serve IT.
Proponents of BYOD say it will scale back IT prices, increase productivity, reduce helpdesk load, and simply plain build staff happy.
Not solely is staff bringing their own devices, but also, they’re launching their own network services. New cloud offerings build it doable for non-IT departments to simply contract and launch new technical services, while not the assistance of their own IT department.
While BYOD and IT self-service do supply some clear edges, they conjointly return at a worth – the potential loss of management. Offloading IT services and device purchase selections to others makes it infinitely more durable to implement access controls on such services and devices.
5) Smartphone app stores and marketplaces facilitate proliferate mobile malware within the universe – Who planted digital weeds into my mobile app garden?
In 2012, WatchGuard forecasts that the mobile threat can still grow, however with an additional specific supply – app stores and marketplaces. To avoid mobile malware, watch out of what’s downloaded from an app marketplace, and verify that the associated vendors will a solid job validating apps.
During 2011 attackers centered most of their malware delivery efforts on infecting numerous smartphone providers’ application delivery systems, like Google’s App Marketplace or Apple’s App Store. They need been additional successful at infecting some app stores quite others, however have proven that every one application repositories may be fallible.
4) Increased reliance on virtualization reawakens want for virtual security – Unprotected virtual machines build unhealthy neighbors
Expect to visualize a substantial rise in interest for virtualization security solutions among smaller and medium businesses next year, because of their increased reliance on this technology.
As with different new technologies, as virtualization matures, its usage will increase among smaller corporations and organizations. Several SMB IT professionals still don’t absolutely perceive the potential security ramifications of poorly implemented virtual environments. as a result of the dearth of security know-how and increased reliance on virtualization, risk of information loss dramatically will increase.
3) The barrage of noteworthy knowledge breaches continues through 2012 – Hacktivists and script-kiddies rage against the machine
Whether owing to APT attackers, criminal malware authors, or hacktivist teams like Anonymous and LulzSec, WatchGuard saw additional headline-grabbing hacks than in any previous year.
It is arduous to mention if the rise in reported breaches is owing to smarter criminals, additional attacks, hacktivists, or simply new laws that need businesses to report knowledge loss. In any case, expect this trend to continue in 2012. Currently that criminals notice what proportion they’ll build by stealing knowledge, and hacktivists notice that network attacks draw attention, WatchGuard suspects that they’re going to each still besiege networks for next year.
2) Organized criminals can leverage Advanced Malware techniques in targeted attacks against businesses – Advanced Persistent Threats (APT) trickle right down to SMBs and customers
Expect the APT trend to continue in 2012, however with a rather new twist. APTs can trickle right down to everyday individuals.
Last year, WatchGuard predicted the expansion of advanced persistent threats (APTs). This prediction appears to own proven true with huge breaches like RSA’s SecureID incident and operation ShadyRat, moreover because the discovery of Stuxnet’s successor, Duqu. of course, these APTs of 2011 primarily affected terribly huge organizations, like governments, industrial management suppliers, and huge enterprises.
In 2012, less subtle criminals can begin to leverage the advanced techniques they’ve learned regarding from APTs, to make additional advanced malware targeting smaller businesses and even customers.
1) a serious cloud supplier can suffer a big security breach – Cloud Computing brings probability of malware-storms
In 2012, expect organized criminals to focus on cloud services, and considerably breach a minimum of one well-known cloud supplier. That said, conjointly expect to examine smarter, trustworthy cloud suppliers acknowledge that risk, and add premium security to their offerings.
While several cloud services provide enticing edges, they conjointly leverage advanced technologies that have security ramifications. Most cloud suppliers have faith in intricate, custom-made internet applications, or leverage virtualization to supply scalability and multi-tenancy. These are nice technologies. However, they’ll conjointly create dire risks when implemented insecurely. Boost the equation the very fact that a lot of customers share sensitive knowledge with one standard cloud supplier. It’s straightforward to examine why one giant cloud supplier presents an especially juicy target to attackers.