Experts have been predicting the growth of mobile malware for years. We’ve covered how the increase in mobile device usage has led to an increase in criminal attention. We’ve predicted how the inclusion of mobile wallets, using NFV and RFID technology, would lead to attackers targeting the mobile payment vector. We’ve even talked about how Google’s open developer and consumer strategy translates to more threats against Android devices, since it’s an easier platform for criminals to infiltrate. However, through all these trends one thing has remained the same—Apple iOS has not seen that many threats. Next year, we expect this to begin to change, and for attackers to launch more attacks against iOS users.

Prediction video link: https://www.youtube.com/watch?v=LjtvfU0Wx4M

Underneath the surface, iOS devices are not technically more secure than their Android brethren. They’re still just mini computers running software. Researchers and blackhats have found plenty of vulnerabilities in iOS software before, including the recent zero day that could easily root an iOS device via the Web. The difference being Apple has retained a much tighter control of their app community than Google, making it much harder for users to install non-sanctioned apps and thus making it harder for attackers to get malware on an iOS device.

However, last year smart cyber criminals found a way around this challenge: they infected the Apple development platform by releasing a maliciously hijacked version of Xcode called XcodeGhost. If Apple’s own development kit builds malicious code that seems legitimate, it makes it much harder for Apple to keep it off their official App store.  Though Apple has since fixed the issue that led to XcodeGhost, and has tried to educate developers about it, we believe cyber criminals will continue to exploit this attack vector to sneak malware onto Apple’s official marketplaces. iOS users should prepare for more threats in 2016.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

Security experts often focus on the latest and greatest progressions of the threat landscape. They’re most interested in sharing how threat actors have become more sophisticated and how attack technology, malware, and techniques have evolved significantly. They warn that the latest attacks bypass or evade many of the industry’s original information security defenses.

Prediction video link: https://www.youtube.com/watch?v=PwBQbx6jRKs

While none of that is false, the truth is a huge majority of successful attacks—especially ones against smaller targets—still rely on the basics. Many successful cyber-attacks last year exploited software flaws that had been fixed for months, took advantage of bad or default passwords or bad password practices, or just tricked users into doing something basic that they shouldn’t do. Despite the fact that some threat actors really are using very sophisticated techniques, we predict the majority of small to-medium businesses (SMBs) will experience security breaches next year that will succeed due to a basic security best practice failure, such as not keeping your software up to date or not using very basic security controls like Gateway Antivirus (GAV) or Intrusion Prevention Services (IPS).

There is a silver-lining to this prediction, though. If you concentrate on following basic security best practices, your organization can avoid a majority of the attacks that will launch in 2016.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

Security professionals spend a lot of time trying to plug the technical security gaps in their organization’s IT infrastructure. We find and fix software vulnerabilities, tighten our network security controls, and monitor the latest malware samples and exploits to try and ensure a hacker can’t leverage them against our systems. However, if you look at most of the advanced network breaches over the past few years, they have one thing in common – and it’s not technical. They all started with spear phishing, which is a social, user issue.

Let’s hypothetically assume you could fix every technical security problem a network faces. Your software is perfect, your network only allows the things you want, and your access controls only let people you know access the things they need. Would this prevent all attacks? No. Rather, bad guys would simply change their focus and instead try to trick one of your trusted users into doing something they shouldn’t, in hopes of gaining that user’s privileges.

Cyber criminals have realized this over the last few years, as our defenses have gotten more advanced. To counter our technical defense, they have increased the reconnaissance capabilities and started to target our specific users with very convincing and customized social engineering. Next year, we believe this trend will grow; and many of the breaches will start with a targeted attack on your organization’s users.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

At the end of each year, WatchGuard’s security team and I like to spend some time imagining what the threat landscape might look like the upcoming year. This not only gives us the opportunity to analyze the security trends we’ve followed over the past year, but also allows us to creatively extrapolate what might happen next. Though our prediction don’t always hit dead on, they’re based on very real security trends, which means they could can help you prepare your defenses for 2016’s upcoming threats.

This year, I’ve come up with ten predictions covering a wide variety of security threats and trends that will impact many organizations. As 2015 comes to a close, let’s explore some of the new security threats we may see in the coming year. I’ll release one prediction a day for the next ten business days. Here’s the first of WatchGuard’s top ten new security predictions for 2016.

WatchGuard Security Prediction #1 – Ransomware Comes Looking for Your Droids

The first prediction focuses on ransomware, which has really taken off over the past three years. Ransomware has evolved from relatively feeble policeware variants like Reveton to extremely effective cryptoware samples like Cryptolocker and Cryptowall.

Unfortunately, these new strains of file encrypting malware are so good at their evil jobs that many victims have paid the ransoms. FBI agents have even gone on record recommending victims pay up.  Our acquiescence to this cyber ransom will only ensure that victims continue paying up in 2016. Proving to cyber criminals that this practice works, so expect them to up the stakes and continue refining their cryptoware techniques next year.

We expect the evolution in two main categories:

• Targeting of wider platforms – Right now, ransomware primarily targets Windows victims. We’ve seen Mac, Linux, and Android samples, but those haven’t had much success yet. Next year, we expect this will change, and that cyber criminals will make very effective ransomware for alternate platforms; especially for Android mobile devices and Mac laptops.
• Refinement of the extortion techniques – Now that cybercriminals have figured out victims are willing to pay for lost files, we suspect they’ll start to develop nasty new methods to tighten the screws on victims. Next year, expect them to target specific business files or other critical information. For instance, in the past they’ve encrypted web server files to temporarily take down a web server. Yet, imagine if they targeted password managers, thus preventing you from logging on to anything, or worse yet, if they targeted the SCADA systems used to run critical infrastructure. We also think they’ll up their psychological pressure by threatening to release your embarrassing files to the public or by harming your reputation in some other way.

In short, Cryto ransomware will get even worse in 2016, and will become more effective at stealing millions from Android and Mac users as well.  Visit our WatchGuard security predictions site to see a new daily security prediction over the next ten days.

— Corey Nachreiner, CISSP (@SecAdept)

Cyber-Kriminelle kombinieren bekannte und neue Methoden, um ihren Einfluss zu vergrößern und in den Besitz von persönlichen Daten sowie geschäftskritischen Informationen zu gelangen. Setzen Sie dazu die Security Best Practices um:

• Trainieren Sie Ihre Angestellten dahingehend, dass sie Bedrohungen und Social Engineering-Versuche frühzeitig erkennen.
• Verwenden Sie in Ihrer IT die neuesten Sicherheitstechnologien ein, damit Sie die von uns für 2016 erwarteten Angriffe sofort bemerken und in Echtzeit dagegen vorgehen können.

#1

#2

#3

watchguard_2016_security_predictions_ebook

Software Release Updates
WatchGuard is pleased to announce the availability of a two important maintenance releases.

Fireware 11.10.2 Update 2
Fireware 11.10.2 Update 2, posted on Sept 17th, provides many key bug fixes, resolving some crashes in the SMTP proxy, and providing a new version of the Premium IPSec VPN client (NCP). The Firebox M200 also now includes the full enterprise anti-Virus signature set. There is no corresponding update to WatchGuard System Manager.

Dimension 2.0.1
WatchGuard Dimension 2.0.1 was posted on Sept 22nd, providing international localization along with many bug fixes. Key highlights include:

• Localization in Japanese, Spanish, and French.
• A number of security fixes and cipher strength upgrades, including adding TLS 1.2 support and removing TLS 1.0, which showed as an issue on PCI compliance scans.
• Official Support of VMware ESXi 6.x
• Performance: Improved Executive/Security Dashboard responsiveness.

As always, please review the Release Notes to see a full list of known issues that have been fixed.

Does This Release Pertain to Me?
The Fireware release applies to all Firebox and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

WatchGuard hat mit Wirkung von Montag, 10.05.2010, die Preise für alle Produkte und Services um knapp 7 Prozent erhöht und reagiert damit unter anderem auf den seit Herausgabe der letzten Preisliste Anfang März drastisch gestiegenen Dollarkurs.

Vor ein paar Tagen kam eine Supportanfrage herein, weil eine statische NAT-Regel (eingehend) nicht funktionieren würde, die auf den Port 8000 eines bestimmten internen Servers zielte. Im internen Netz antwortete der Server aber völlig korrekt auf Port 8000 und auch das Routing war in Ordnung.
Die Lösung fand sich im Untermenü Setup > Default Threat Protection > Blocked Ports… Per Default läßt die WatchGuard Firebox keine eingehenden Verbindungen auf den Ports 1, 111, 513, 514, 2049, 6000, 6001, 6002, 6003, 6004, 6005, 7100 und 8000 zu. Diese Liste kann jedoch manuell angepasst werden.