Story image

Exclusive: ‘Handholding’ required in un-secure world - Part 2

13 Mar 14

In the constantly changing world of technology, one area remains constant: the need for security. Heather Wright gets some expert views.

Last year ended with plenty of publicity for Cryptolocker, and Patrick Devlin, Watchguard ANZ regional director says we will probably see more variants and new infection vectors based on the success of Cryptolocker.

“Anything that makes money is likely to spawn a whole family of copycats,” he notes.

It is advanced persistent threats, however, that Devlin believes will dominate 2014 locally. “2014 is likely to be the year APTs become front of mind for the wider community.

“News of the International Space Station being infected made many people realise that even non-internet-networked systems are at risk. These attacks are very professionally built to beat normal defences, and have been shown to evolve and be very effective in the wild.

“In the past they have infected SCADA systems – even Google’s Sydney office got hit this year. Many APTs are well funded espionage tools capable of everything from remote control to video and audio surveillance.”

And, on the subject of APTs, Devlin says Zeusbot ‘just keeps hanging around’ because traditional firewalls have no visibility of it. “Many businesses still think IPS is too expensive or an acronym they needn’t worry about.

Meanwhile, Eset’s Malcho says mobile devices will also figure heavily in security concerns over the coming year.

“Mobile devices are being used more and more for internet banking. That has resulted in a gradual shift of interest from the bad guys. Defeating two- factor authentication has become commonplace for modern banking Trojans, now routinely having a mobile component to steal one-time passwords and interfere with the payment process at the mobile endpoint.

“Also, we’re seeing banking Trojans aiming more at enterprise customers, especially SME’s – with a higher monetary value than consumers, and less IT security sophistication than large enterprises – thus hoping to get to accounts with a higher balance, and targeting applications that automate online transactions and banking software.”

Malcho says while the absolute numbers of malware targeting mobile platforms is low – with Android by far the most prevalent – the significance of the attacks is high for victims, since they typically lose money, but may be reluctant to admit how foolish they feel.

“Spying Trojans and banking Trojans always follow the money trail and now turn their attention to Bitcoin, and other similar currencies, directly aiming to steal digital wallets.”

He says DDoS attacks and web defacements will continue with more attacks against critical infrastructure on the internet, be it government sites or privately held industry targets, with some being deliberate, well thought out attacks, but many being attackers probing to see the possibilities.

“Targeted attacks have become a part of our lives, whether we’re talking about espionage or sabotage, and if you are an entity with valuable IP/data, you’d better think twice about the security.”

Talking about checking possibilities and hacking/cracking for fun, Malcho says Eset is seeing attempts to crack any smart devices and find weaknesses in their design and implementation. “This concerns any device you can connect to, such as SmartTVs, intelligent houses – alarm systems, devices – and so on.

The cloud and (dis)trust

Edward Snowden’s revelations last year triggered a wave of distrust in cloud service providers, since it’s not entirely certain who actually sees the data, Malcho says.

“We might be seeing more regulation coming into this area, however, that will hardly satisfy the clients’ worries that certain authorities and institutions who are ‘above the law’ in a particular country have more access to their data than they would like,” he says.

“Expect to see a strong interest in locally hosted, encrypted back-up and file storage in New Zealand,” Malcho adds.

Devlin sounds an even darker warning on the cloud front. “2014 will be a year of cloud security issues. There are some big fat, juicy targets out there right now and the same exploits that affect a business can also affect a massive cloud provider.

“I further expect a lot of cloud providers to start going out of business, putting customer data at risk – it’s expensive to set up the infrastructure for a cloud and, unless you get critical mass of customers quickly, the banks will start calling in the debts without regard for your data.

“When the hosting closes down, those customers who spent lots of time and money to move their data to the cloud might find it tough to rapidly move it back.”

To read Part 1 of this exclusive interview for The Channel click here, and check back to Techday.com on Tuesday for the final part…

LogicMonitor launches container monitoring solutions
Kubernetes monitoring and LM Service Insight provide performance analytics and data retention for microservices and containerised applications.
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.
McAfee Gartner Customers’ Choice for Secure Web Gateway
“We take great pride in being recognised by our customers on Gartner Peer Insights, and their willingness to recommend McAfee Web Gateway technology”
Lenovo invests in ePaper company in bid to revive tablets
As the tablet market declines, Lenovo is making an investment in CLEARlink in order to create a low-power, colour, outdoor-ready display.
OutSystems three APAC Partners of the Year
Of the seven companies named in the OutSystems recent partner awards, three have a strong APAC presence.
Hands-on review: Nvidia GeForce RTX 2080 Ti FE
The lack of games taking advantage of the GeForce RTX 2080 Ti makes reviewing the card rather challenging
IDC: NZ IT services market will near $4B in 2023
As cloud adoption grows with every company seeking the competitive advantage it can provide, the opportunities in IT services are expanding in kind.