by Pierluigi Stella, Network Box USA
This is always the same question – every year, we try to forecast what will happen, and in the last 10 years, the forecast has always been very right, and very wrong. Confusing, right?
There is, however, one thing we can be quite certain of – we haven’t seen the worse yet, and not by a long shot. We will see increased attacks, increased Anonymous, increased Hactivism, increased malware, increased exploits, increased frauds. Just about everything malicious will be on the rise.
My opinion is that smart portable devices will be the main target because they are very vulnerable, and, unfortunately, this is especially true for Androids. There are already mobile versions of Zeus and SpyEye; and we will see even more as hackers find new ways to steal personal information and, from there, steal our money. In particular, personal data in the hands of hospitals/clinics as it’s now evident to everybody that this industry is lagging far behind in terms of network security and, accordingly, will be a big target. Case in point: a recent article I read compared hospital networks to colanders. I’m not as concerned about the devices left in cars as I am about the quasi, total lack of security in health care systems’ networks.
I know with certainty that everything will happen; in fact, I think a child could forecast this. But, will this be all? I’d be utterly wrong if I thought so. I know from past experience that we’ll definitely see something else, something we never expected, and which will both surprise us and catch us unprepared.
Was anyone prepared for the onslaught of attacks on large corporations seen this year? Clearly demonstrating there’s something inherently wrong with the way we’re doing security today. I don’t think anyone could have predicted that RSA, Chase and so many others would’ve fallen victim to attacks so easily; and yet, they did.
One trend we are witnessing and which I think will only get worse is Denial of Service attacks. Today, it’s possible to ‘rent’ a botnet and conduct an attack. So the (in)famously disgruntled employee no longer needs to try and hack his way into the ex-employer’s network. Why would he when he could just rent a botnet and unleash havoc without any risk of being caught.
Isn’t that worth $1000 for the satisfaction of causing some damage? Unfortunately, I’m sure someone will think so!