- Mobility and the ‘Internet of Things’ are increasing the attack surface from which cybercriminals are launching new and more sophisticated attacks.
- Yet, consumers are still too trusting. In 2013, an alarming increase occurred in the exploitation of web hosting infrastructure for launching cyber attacks.
This past week, Cisco delivered its Annual Security Report, looking back at 2013 and the evolving attack landscape. The theme for this iteration of the report surrounds trust. Quite frankly, I think too many consumers adopting new technologies, particularly mobile devices, are decidedly too trusting. They are not asking the right questions; nor are they concerning themselves with the security of these new technologies they are embracing. In our rush to adopt mobile computing and to bring intelligence and connectivity to everything from refrigerators to TVs and home heating and air conditioning systems, we are not bringing a skeptical eye to the exercise. In fact, on January 16, Proofpoint claimed to have uncovered what could be the first ‘Internet of Things’ cyber attack, which used connected and comprised multi-media centers, TVs, and a connected refrigerator to launch an attack. This is dangerous, because as the Cisco 2014 Annual Security Report highlights, attackers are not only more organized and better financed, but also outnumber IT security professionals. Cisco’s report claims there is a shortage of over 1 million IT security professionals going into 2014.
At the same time, cybercriminals are exploiting vulnerabilities and weaknesses in infrastructures such as web hosting centers to do harm to companies, government bodies, and economies around the globe. The rapid growth of cloud computing and the ever-expanding footprint of these large data centers create a giant bull’s eye on the backs of these hosting companies, so it should be no surprise that cybercriminals are increasingly exploiting the thousands and thousands of servers housed there to carry out their attacks by taking control of those resources. The exponential increase in the number of distributed denial of services attacks aimed at disrupting business and creating a distraction to hide fraudulent activity should serve as a wake-up call to cloud hosting providers to re-examine their security practices. In fact, the Cloud Security Alliance announced in December 2013 that it had formed an anti-bot working group to research this growing problem and create best practices for thwarting exploitation of hosted servers. Such best practices could include quarantining servers identified as being part of a botnet and creating a communications mechanism at hosting centers to allow operators to be alerted by outside sources when their facilities are being used to carry out attacks. The CSA may also create certification for hosting companies that follow the best practices that the anti-bot working group identifies. This cannot happen soon enough.