Page 99 - CDM Cyber Warnings February 2014
P. 99
have weak validation procedures when signing up new users,
these flaws allow ill-intentioned to create networks of accounts
used to deploy and administer malicious botnets that run in the
cloud architecture.
Malware authors are ramping up their use of commercial cloud
services to serve malware, we will assist to a significant growth
in the number of malware writers using services like Dropbox
to distribute their malicious code.
The rise of User Controlled Encryption Advanced malware volume will decrease … wrong illusion
The revelation of the US massive surveillance program, and The volume of advance that will be detected next year it's
similar effort spent by the majority of governments and private expected to decline, but this signal should not be misinterpreted,
companies is fueling the demand of encryption, in the last cyber criminals and state-sponsored hackers will improve
months numerous service providers have announced the launch avoidance detection techniques and will test them far from
of new solutions and services specifically designed to elude security firm probes. To avoid to be discovered the attackers will
censorship and the Internet monitoring. use lower volume in targeted attacks limiting the diffusion of
malicious code.
The huge diffusion of encryption raises another important
question, who managed cryptography keys� In the next months Security firms will observe a decrease in the volume of attacks
a growing number of services will allow users to control but the risks related to the cyber threats will increase due to the
encryption processes in a transparent way, the users will high complexity of the menace. It is shared opinion that due the
responsible for encryption keys management, the dual advantage high level of sophistication of cyber threats a major data-
of the approach is that users do not need to trust the encryption destruction attack will happen, great concern is given to the
management operated by service providers, and service security of critical infrastructure, possible targets of cyber attacks
providers will not be liable for content posted by users. by state-sponsored hackers.
In User Controls Encryption (UCE) scheme user holds the Not necessary the attack could directly harm the population, but
encryption key, the service providers hold the "encrypted" files, a major data breach could cause the disclosure of sensitive
the service managers themselves cannot access the files, neither information that could harm national security. It is to predict
hackers can gain access. that the attribution of responsibility for the attacks will still
remain a principal problem, especially for the announced major
Clouds on the horizon cyber attack. Gaming between cyber espionage and cyber threat
monitoring
The migration of many services on cloud infrastructures and the
diffusion of new ones are attracting the interest of attackers. Intelligence agencies all over the world will continue to invest
Cybercriminals and state sponsored hackers will increase their in the development of tools for the exploitation of the gaming
operations to compromise cloud infrastructures, attackers are platforms. In time I�m writing The Guardian published
focusing their operations to steal data stored in the cloud and/or documents that reveal NSA and GCHQ infiltrate gaming
abuse of the resources available in these powerful infrastructures. platforms and online gaming communities including World of
The hacking of cloud infrastructures gives to the attackers a great Warcraft and Second Life for surveillance purposes.
advantage in term of monetization, in many cases those
infrastructures and their component lack of proper defense In the next months governments will continue to promote
systems and efficient authentication process resulting vulnerable projects to the sophisticated exploitation of gaming console to
to external threats. Penetrate a cloud infrastructure is more track users in the cyberspace, monitor their online habits and
advantageous than hack a private network, cloud providers often for propaganda purposes. Gaming console are devices with high
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 99
