Stuxnetis, a worm that affects industrial control systems, is capable of impacting critical infrastructure such as nuclear power plants, dams, water treatment facilities and other factories. Symantec has observed infections in as many as 155 countries, including India.
Attackers have likely been watching the impact the Stuxnet threat had on industries using industrial control systems and are learning from it. We expect them to take the lessons learned from Stuxnet-the most significant example to-date of a computer virus designed expressly to modify the behaviour of hardware systems to create a physical, real-world impact -and launch additional attacks targeting critical infrastructure over the course of 2011.
Though slower to start, expect the frequency of these types of attacks to increase as well. In fact, India was the third-most affected country for Stuxnet infections, behind Iran and Indonesia.
Zero-Day Vulnerabilities Will Be More Common
In 2010, Hydraq provided a high-profile example of a growing class of highly targeted threats seeking to infiltrate specific organizations or a particular computer system by leveraging previously unknown software vulnerabilities. Attackers have been using such security holes for many years, but as these highly targeted threats gain momentum in 2011, prepare to witness more zero-day vulnerabilities coming to light in the next 12 months than in any previous year.
Symantec has already seen this trend begin. In all of 2009, Symantec observed 12 zero-day vulnerabilities. As of early November 2010, Symantec has already tracked 18 previously unknown security vulnerabilities this year that were or are actively being used in cyber attacks. In fact, Stuxnet alone used a record four zero-day vulnerabilities.
The stealthy, low-distribution nature of targeted threats severely decreases the likelihood that security vendors will be able to create traditional detections to protect against them all. However, technologies such as Symantec’s SONAR, which detects threats based on their behaviour, and Reputation-Based Security, which relies on the context of a threat rather than the content, turn the telling behavioural characteristics and low-distribution nature of these threats against them and make detection possible.
Smart Mobile Devices To Drive New IT Security Models
The use of mobile devices such as smart phones and tablets is growing at an unprecedented pace. A recent Symantec study revealed that nearly three-fourths of Indian enterprises are experiencing growth in smart phones.
Increasingly, the same mobile devices are being used for personal and business use. Already, 46 per cent of Indian enterprises feel employee-owned devices are a security concern. This creates complex security and management challenges for three key groups: IT organizations, consumers and communication service providers.
In fact, Mocana research indicates that attacks against smart mobile devices already require or will require by year’s end the regular attention of IT staff for 65 percent of enterprises.
Therefore, enterprises looking to address these challenges will adopt new models, such as security in the cloud, for solutions that will work seamlessly across platforms and devices.
Adoption of Encryption Technologies
The explosion of mobile devices in the enterprise not only means organizations will face new challenges in keeping these devices and the sensitive data on them accessible and safe; they also must comply with various industry data protection and privacy regulations.
Enterprises are under ever-increasing pressure to meet regulatory compliance standards. In India, a recent Symantec survey discovered that the typical enterprise is exploring 19 different standards or frameworks -eight of which they are currently using. One in two Indian enterprises feels compliance and regulatory mandates were a major driver to prevent data loss, according to another Symantec study.
Many organizations do not disclose when mobile devices containing sensitive data are lost. This year, we expect regulators will crack down on this, driving organizations to implement encryption technologies. In 2011, organizations will take a more proactive approach and adopt encryption technology to meet compliance standards and avoid the heavy fines and damage to their brands a data breach can cause.
Politically Motivated Attacks Will Emerge
In the past, politically motivated attacks primarily fell in the realm of cyber espionage or denial-of-service type attacks against Web services. However, with the Pandora’s Box now opened due to Stuxnet, expect to see these threats move beyond spy games and annoyances as malware is weaponized to cause real-world damage.
Stuxnet’s ultimate objective is to manipulate physical equipment attached to specific industrial control systems causing the equipment to act in a manner dictated by the attacker and contrary to its intended purpose. Such an outcome could have several underlying goals, but sabotage -which could result in real physical harm -is the most likely.
Symantec thinks Stuxnet is possibly just the first highly visible indication of attempts at what some might call cyber warfare that have been happening for some time now. In 2011, more indications of the ongoing pursuit to control the digital arms race will come to light.
