Information security is all about protecting data, because at the end of the day, stolen data is what makes the cyber criminals rich. Criminals started with the basics. Monetizing stolen credit card (CC) information was easy.  You just needed the basic CC information and a few personal details to make a purchase with a stolen card. We saw this in 2014—the year of the retail breach—as cyber criminals stole millions of CC records through point-of-sale systems.

Prediction video link: https://youtu.be/eATe_am6A6E

However, as fraud systems got better, making false CC purchases became harder and today stolen CC information is barely worth the effort to steal it. Meanwhile, the personally identifying information (PII) required to steal a full identity has become much more valuable. PII value in the underground directly increases in relation to how many individual pieces of data you have in a corresponding set. As you can imagine: a name, email, address, CC, date of birth, and social security number (SSN) is much more valuable than just a name and email address. That’s why CCs may only fetch 50 cents to a dollar on the underground, while a full set PII (which the underground calls a fullz) can bring in 10 to 20 dollars, especially since it includes a SSN. That’s also why healthcare records are so valuable—they’re rich in PII data and include SSNs. In 2015, we saw many attacks targeting healthcare data.

So what’s even better than a healthcare record? Apparently, student records! We are learning that the amount of data collected about our kids over their lifetime as a student is staggering. It even includes some of their health records to boot, which is already one of the richest PII datasets. This, combined with the more open network environment found in educational facilities is why we expect cyber criminals to target student data systems in 2016.

If you run IT for an educational facility, look out for hackers next year.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

Security experts have always realized that information security is a constant arms race. Attackers discover new methods to evade defenses, we update our defenses, and the cycle continues and repeats. In fact, much of our legacy defense is reactive. It relies on us having seen a particular attack, and creating a specific defense for that particular attack. The problem is, reactive defenses do little good for new attacks.

Prediction video link: https://youtu.be/PXG-nty1XR0

Today’s attackers have automated their attacks, ensuring they constantly evade our reactive defenses. Signature-based protection is no longer effective. While human analysts can identify new threats by monitoring for suspicious behaviors, cyber criminals release new threats in such volume that humans can’t keep up. The solution? Artificial Intelligence (AI) and machine learning that can automatically recognize malicious behavior.

At a very high level, statisticians and mathematicians have begun to develop big data algorithms that can identify very complex behaviors and trends. The security industry is starting to see a new level of security controls that can proactively find new threats in real-time, without human interaction. We’ll always be one step behind the latest attack, so these more proactive security technologies are the only way we might stop the newest threat.

Expect 2016 to be the year of machine learning and behavioral detection security controls.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)03

Malvertising, the combination of the words malware and advertising, is an attack where criminals booby-trap a legitimate, trusted website with a malicious code by sneaking it in through a third party advertising network. Unfortunately, legitimate web advertising services haven’t been very discerning with the ads they allow their “customers” to upload to their networks.

Prediction video link: https://www.youtube.com/embed/ps2ylLVGyCc

As a result, criminals have paid for advertising services in order to sneak malicious code onto all the legitimate web sites that use that service. Over the past two years, this has been a very successful technique for cyber criminals to redirect innocent users browsing the web to their malicious drive-by download sites.

The good news is a number of reputation services and security products have become better at detecting malicious advertisements, and preventing your users from getting redirected to these evil sites. However, the criminals are fighting back. They have started to implement a number of techniques to obfuscate their malicious web code, including encoding their malicious JavaScript or by burying their attack in a Shockwave video file. The most recent obfuscation technique is the simplest—they serve their malicious advertisement over HTTPS.

In 2016, expect malvertising attempts to triple and for it to succeed more regularly due to its use of HTTPS. Criminals know that security products and companies are keeping on the look out for malicious ads. They also know that many security controls cannot see into HTTPS traffic. By encrypting their malvertising campaigns, they hope to bypass most detections next year. If you don’t have security controls that can monitor HTTPS, you should update as soon as you can.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

Experts have been predicting the growth of mobile malware for years. We’ve covered how the increase in mobile device usage has led to an increase in criminal attention. We’ve predicted how the inclusion of mobile wallets, using NFV and RFID technology, would lead to attackers targeting the mobile payment vector. We’ve even talked about how Google’s open developer and consumer strategy translates to more threats against Android devices, since it’s an easier platform for criminals to infiltrate. However, through all these trends one thing has remained the same—Apple iOS has not seen that many threats. Next year, we expect this to begin to change, and for attackers to launch more attacks against iOS users.

Prediction video link: https://www.youtube.com/watch?v=LjtvfU0Wx4M

Underneath the surface, iOS devices are not technically more secure than their Android brethren. They’re still just mini computers running software. Researchers and blackhats have found plenty of vulnerabilities in iOS software before, including the recent zero day that could easily root an iOS device via the Web. The difference being Apple has retained a much tighter control of their app community than Google, making it much harder for users to install non-sanctioned apps and thus making it harder for attackers to get malware on an iOS device.

However, last year smart cyber criminals found a way around this challenge: they infected the Apple development platform by releasing a maliciously hijacked version of Xcode called XcodeGhost. If Apple’s own development kit builds malicious code that seems legitimate, it makes it much harder for Apple to keep it off their official App store.  Though Apple has since fixed the issue that led to XcodeGhost, and has tried to educate developers about it, we believe cyber criminals will continue to exploit this attack vector to sneak malware onto Apple’s official marketplaces. iOS users should prepare for more threats in 2016.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

Security experts often focus on the latest and greatest progressions of the threat landscape. They’re most interested in sharing how threat actors have become more sophisticated and how attack technology, malware, and techniques have evolved significantly. They warn that the latest attacks bypass or evade many of the industry’s original information security defenses.

Prediction video link: https://www.youtube.com/watch?v=PwBQbx6jRKs

While none of that is false, the truth is a huge majority of successful attacks—especially ones against smaller targets—still rely on the basics. Many successful cyber-attacks last year exploited software flaws that had been fixed for months, took advantage of bad or default passwords or bad password practices, or just tricked users into doing something basic that they shouldn’t do. Despite the fact that some threat actors really are using very sophisticated techniques, we predict the majority of small to-medium businesses (SMBs) will experience security breaches next year that will succeed due to a basic security best practice failure, such as not keeping your software up to date or not using very basic security controls like Gateway Antivirus (GAV) or Intrusion Prevention Services (IPS).

There is a silver-lining to this prediction, though. If you concentrate on following basic security best practices, your organization can avoid a majority of the attacks that will launch in 2016.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

Security professionals spend a lot of time trying to plug the technical security gaps in their organization’s IT infrastructure. We find and fix software vulnerabilities, tighten our network security controls, and monitor the latest malware samples and exploits to try and ensure a hacker can’t leverage them against our systems. However, if you look at most of the advanced network breaches over the past few years, they have one thing in common – and it’s not technical. They all started with spear phishing, which is a social, user issue.

Let’s hypothetically assume you could fix every technical security problem a network faces. Your software is perfect, your network only allows the things you want, and your access controls only let people you know access the things they need. Would this prevent all attacks? No. Rather, bad guys would simply change their focus and instead try to trick one of your trusted users into doing something they shouldn’t, in hopes of gaining that user’s privileges.

Cyber criminals have realized this over the last few years, as our defenses have gotten more advanced. To counter our technical defense, they have increased the reconnaissance capabilities and started to target our specific users with very convincing and customized social engineering. Next year, we believe this trend will grow; and many of the breaches will start with a targeted attack on your organization’s users.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

At the end of each year, WatchGuard’s security team and I like to spend some time imagining what the threat landscape might look like the upcoming year. This not only gives us the opportunity to analyze the security trends we’ve followed over the past year, but also allows us to creatively extrapolate what might happen next. Though our prediction don’t always hit dead on, they’re based on very real security trends, which means they could can help you prepare your defenses for 2016’s upcoming threats.

This year, I’ve come up with ten predictions covering a wide variety of security threats and trends that will impact many organizations. As 2015 comes to a close, let’s explore some of the new security threats we may see in the coming year. I’ll release one prediction a day for the next ten business days. Here’s the first of WatchGuard’s top ten new security predictions for 2016.

WatchGuard Security Prediction #1 – Ransomware Comes Looking for Your Droids

The first prediction focuses on ransomware, which has really taken off over the past three years. Ransomware has evolved from relatively feeble policeware variants like Reveton to extremely effective cryptoware samples like Cryptolocker and Cryptowall.

Unfortunately, these new strains of file encrypting malware are so good at their evil jobs that many victims have paid the ransoms. FBI agents have even gone on record recommending victims pay up.  Our acquiescence to this cyber ransom will only ensure that victims continue paying up in 2016. Proving to cyber criminals that this practice works, so expect them to up the stakes and continue refining their cryptoware techniques next year.

We expect the evolution in two main categories:

• Targeting of wider platforms – Right now, ransomware primarily targets Windows victims. We’ve seen Mac, Linux, and Android samples, but those haven’t had much success yet. Next year, we expect this will change, and that cyber criminals will make very effective ransomware for alternate platforms; especially for Android mobile devices and Mac laptops.
• Refinement of the extortion techniques – Now that cybercriminals have figured out victims are willing to pay for lost files, we suspect they’ll start to develop nasty new methods to tighten the screws on victims. Next year, expect them to target specific business files or other critical information. For instance, in the past they’ve encrypted web server files to temporarily take down a web server. Yet, imagine if they targeted password managers, thus preventing you from logging on to anything, or worse yet, if they targeted the SCADA systems used to run critical infrastructure. We also think they’ll up their psychological pressure by threatening to release your embarrassing files to the public or by harming your reputation in some other way.

In short, Cryto ransomware will get even worse in 2016, and will become more effective at stealing millions from Android and Mac users as well.  Visit our WatchGuard security predictions site to see a new daily security prediction over the next ten days.

— Corey Nachreiner, CISSP (@SecAdept)

Cyber-Kriminelle kombinieren bekannte und neue Methoden, um ihren Einfluss zu vergrößern und in den Besitz von persönlichen Daten sowie geschäftskritischen Informationen zu gelangen. Setzen Sie dazu die Security Best Practices um:

• Trainieren Sie Ihre Angestellten dahingehend, dass sie Bedrohungen und Social Engineering-Versuche frühzeitig erkennen.
• Verwenden Sie in Ihrer IT die neuesten Sicherheitstechnologien ein, damit Sie die von uns für 2016 erwarteten Angriffe sofort bemerken und in Echtzeit dagegen vorgehen können.

#1

#2

#3

watchguard_2016_security_predictions_ebook

Software Release Updates
WatchGuard is pleased to announce the availability of a two important maintenance releases.

Fireware 11.10.2 Update 2
Fireware 11.10.2 Update 2, posted on Sept 17th, provides many key bug fixes, resolving some crashes in the SMTP proxy, and providing a new version of the Premium IPSec VPN client (NCP). The Firebox M200 also now includes the full enterprise anti-Virus signature set. There is no corresponding update to WatchGuard System Manager.

Dimension 2.0.1
WatchGuard Dimension 2.0.1 was posted on Sept 22nd, providing international localization along with many bug fixes. Key highlights include:

• Localization in Japanese, Spanish, and French.
• A number of security fixes and cipher strength upgrades, including adding TLS 1.2 support and removing TLS 1.0, which showed as an issue on PCI compliance scans.
• Official Support of VMware ESXi 6.x
• Performance: Improved Executive/Security Dashboard responsiveness.

As always, please review the Release Notes to see a full list of known issues that have been fixed.

Does This Release Pertain to Me?
The Fireware release applies to all Firebox and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.