Narus, Inc., a cyber security firm acquired last summer by Boeing [BA], has issued a top 10 list of cyber security threat trends that are likely to be around during the next few years, beginning with attacks on the ubiquitous USB drives.
"As USB drives become cheaper and information is distributed on them at trade shows and other venues, the possibility of Trojans and other malware increases," Narus says.
Most of the expected attacks appear to be on other lists of top cyber security threats. For example, Narus says other top threats it foresees include large-scale, targeted botnet attacks, increased attacks "on and via social networks," and attacks on mobile devices and wireless networks (Defense Daily, Jan. 10).
Narus says that for social network users to expect threats to infect everyone on a user’s friends list, with future viruses "designed to steal or delete users’ personal information, which can be sold in numerous black markets and used to acquire credit card and bank information."
Other likely attacks on the list include distributed denial of service (DDoS) attacks, click jacking and cross-site scripting, phishing attacks from "trusted" third parties, on line fraud, cloud computing concerns, and data exfiltration and insider threats.
Narus says that DDoS attacks will continue to rise, whether spurred by political activism or the desire to disrupt and destruct critical infrastructure. As for data exfiltration and insider threats, Narus says this problem won’t be solved by "technology alone." That’s because criminal groups or other nations will always attempt to get employees to smuggle data to compromise company and government assets while "untrustworthy people" will also "always find a way to" leak information, it says.
Click jacking and cross-site scripting refers to tricking users into revealing confidential information or to taking control of a person’s computer while they click on Web pages that appear to be harmless. Narus says to expect an increase of this type of threat in the coming years.
Narus says that current cyber security solutions "mostly handle signature-based attacks" but "lack the capabilities to handle non-signature-based attacks and the ability to mitigate malicious attacks in real time." Organizations trying to protect their networks and systems also "must supplement their existing solutions with real-time anomaly detection capabilities," it says.
On top of that, other ways to thwart cyber threats include public-private sector collaboration at home and abroad, increased information sharing by all countries, and enough people and processes "dedicated to fighting cyber crime," Narus says.