Security professionals spend a lot of time trying to plug the technical security gaps in their organization’s IT infrastructure. We find and fix software vulnerabilities, tighten our network security controls, and monitor the latest malware samples and exploits to try and ensure a hacker can’t leverage them against our systems. However, if you look at most of the advanced network breaches over the past few years, they have one thing in common – and it’s not technical. They all started with spear phishing, which is a social, user issue.

Let’s hypothetically assume you could fix every technical security problem a network faces. Your software is perfect, your network only allows the things you want, and your access controls only let people you know access the things they need. Would this prevent all attacks? No. Rather, bad guys would simply change their focus and instead try to trick one of your trusted users into doing something they shouldn’t, in hopes of gaining that user’s privileges.

Cyber criminals have realized this over the last few years, as our defenses have gotten more advanced. To counter our technical defense, they have increased the reconnaissance capabilities and started to target our specific users with very convincing and customized social engineering. Next year, we believe this trend will grow; and many of the breaches will start with a targeted attack on your organization’s users.

Visit our WatchGuard security predictions site

— Corey Nachreiner, CISSP (@SecAdept)

At the end of each year, WatchGuard’s security team and I like to spend some time imagining what the threat landscape might look like the upcoming year. This not only gives us the opportunity to analyze the security trends we’ve followed over the past year, but also allows us to creatively extrapolate what might happen next. Though our prediction don’t always hit dead on, they’re based on very real security trends, which means they could can help you prepare your defenses for 2016’s upcoming threats.

This year, I’ve come up with ten predictions covering a wide variety of security threats and trends that will impact many organizations. As 2015 comes to a close, let’s explore some of the new security threats we may see in the coming year. I’ll release one prediction a day for the next ten business days. Here’s the first of WatchGuard’s top ten new security predictions for 2016.

WatchGuard Security Prediction #1 – Ransomware Comes Looking for Your Droids

The first prediction focuses on ransomware, which has really taken off over the past three years. Ransomware has evolved from relatively feeble policeware variants like Reveton to extremely effective cryptoware samples like Cryptolocker and Cryptowall.

Unfortunately, these new strains of file encrypting malware are so good at their evil jobs that many victims have paid the ransoms. FBI agents have even gone on record recommending victims pay up.  Our acquiescence to this cyber ransom will only ensure that victims continue paying up in 2016. Proving to cyber criminals that this practice works, so expect them to up the stakes and continue refining their cryptoware techniques next year.

We expect the evolution in two main categories:

• Targeting of wider platforms – Right now, ransomware primarily targets Windows victims. We’ve seen Mac, Linux, and Android samples, but those haven’t had much success yet. Next year, we expect this will change, and that cyber criminals will make very effective ransomware for alternate platforms; especially for Android mobile devices and Mac laptops.
• Refinement of the extortion techniques – Now that cybercriminals have figured out victims are willing to pay for lost files, we suspect they’ll start to develop nasty new methods to tighten the screws on victims. Next year, expect them to target specific business files or other critical information. For instance, in the past they’ve encrypted web server files to temporarily take down a web server. Yet, imagine if they targeted password managers, thus preventing you from logging on to anything, or worse yet, if they targeted the SCADA systems used to run critical infrastructure. We also think they’ll up their psychological pressure by threatening to release your embarrassing files to the public or by harming your reputation in some other way.

In short, Cryto ransomware will get even worse in 2016, and will become more effective at stealing millions from Android and Mac users as well.  Visit our WatchGuard security predictions site to see a new daily security prediction over the next ten days.

— Corey Nachreiner, CISSP (@SecAdept)

Cyber-Kriminelle kombinieren bekannte und neue Methoden, um ihren Einfluss zu vergrößern und in den Besitz von persönlichen Daten sowie geschäftskritischen Informationen zu gelangen. Setzen Sie dazu die Security Best Practices um:

• Trainieren Sie Ihre Angestellten dahingehend, dass sie Bedrohungen und Social Engineering-Versuche frühzeitig erkennen.
• Verwenden Sie in Ihrer IT die neuesten Sicherheitstechnologien ein, damit Sie die von uns für 2016 erwarteten Angriffe sofort bemerken und in Echtzeit dagegen vorgehen können.

#1

#2

#3

watchguard_2016_security_predictions_ebook

Software Release Updates
WatchGuard is pleased to announce the availability of a two important maintenance releases.

Fireware 11.10.2 Update 2
Fireware 11.10.2 Update 2, posted on Sept 17th, provides many key bug fixes, resolving some crashes in the SMTP proxy, and providing a new version of the Premium IPSec VPN client (NCP). The Firebox M200 also now includes the full enterprise anti-Virus signature set. There is no corresponding update to WatchGuard System Manager.

Dimension 2.0.1
WatchGuard Dimension 2.0.1 was posted on Sept 22nd, providing international localization along with many bug fixes. Key highlights include:

• Localization in Japanese, Spanish, and French.
• A number of security fixes and cipher strength upgrades, including adding TLS 1.2 support and removing TLS 1.0, which showed as an issue on PCI compliance scans.
• Official Support of VMware ESXi 6.x
• Performance: Improved Executive/Security Dashboard responsiveness.

As always, please review the Release Notes to see a full list of known issues that have been fixed.

Does This Release Pertain to Me?
The Fireware release applies to all Firebox and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

WatchGuard hat mit Wirkung von Montag, 10.05.2010, die Preise für alle Produkte und Services um knapp 7 Prozent erhöht und reagiert damit unter anderem auf den seit Herausgabe der letzten Preisliste Anfang März drastisch gestiegenen Dollarkurs.

Vor ein paar Tagen kam eine Supportanfrage herein, weil eine statische NAT-Regel (eingehend) nicht funktionieren würde, die auf den Port 8000 eines bestimmten internen Servers zielte. Im internen Netz antwortete der Server aber völlig korrekt auf Port 8000 und auch das Routing war in Ordnung.
Die Lösung fand sich im Untermenü Setup > Default Threat Protection > Blocked Ports… Per Default läßt die WatchGuard Firebox keine eingehenden Verbindungen auf den Ports 1, 111, 513, 514, 2049, 6000, 6001, 6002, 6003, 6004, 6005, 7100 und 8000 zu. Diese Liste kann jedoch manuell angepasst werden.

Ein offensichtlicher Bug tritt zutage, wenn das Webinterface (WebUI) verwendet wird, um in einer SMTP-Proxy Action Änderungen an der möglicherweise dort hinterlegten Rcpt To Liste mit den erlaubten E-Mail-Adressen vorzunehmen. Um in die existierende Liste z.B. eine weitere Adresse aufzunehmen, muss das Häkchen Limit email recipients aktiviert werden. Nach dem Hinzufügen mit “Add” wird die Änderung logischerweise über den Save-Button auf die Firebox hochgeladen. Leider führt das dazu, dass alle Adressen in der Liste plötzlich nicht mehr mit der Action Allow versehen sind, sondern mit Deny!!! Es kommen also plötzlich überhaupt keine E-Mails mehr herein. Erst wenn das Häkchen wieder herausgenommen wird – und auch diese Änderung wieder mit “Save” auf die Firebox hochgeladen wird – ist das Verhalten wieder so wie bezweckt…

Seit dem 03.09.2009 stehen die ersten gepatchten Versionen der Fireware XTM und WSM 11 im Downloadportal zur Verfügung. Ich habe bislang etwa 20 Migrationen auf Version 11 durchgeführt und bin mit der generellen Funktionalität und Stabilität unter dem Strich ganz zufrieden. Die lange Wartezeit hat sich offenbar gelohnt, denn durch die extrem lange Beta-Phase konnten offenbar doch die meisten Bugs bereits im Vorfeld gefunden und entschärft werden. Nachdem nun hier etwas Ruhe einkehrt, werde ich in den nächsten Tagen und Wochen hier wieder häufiger über Besonderheiten und Tipps berichten.