With the growing popularity of new consumer technologies, the face of the information security landscape has changed drastically in recent years. Mobile devices provide users with quick access to data, and internet users are turning more and more to cloud-based applications for online data storage.
Business professionals are also starting to recognize the conveniences of these technologies, and companies are beginning to implement policies that allow for the use of them in the corporate environment. However, as such technologies become more prevalent, the threat to information security becomes more complex.
These threats are documented by the Georgia Tech Information Security Center and the Georgia Tech Research Institute’s Cyber Technology and Information Security Laboratory in their annual “Emerging Cyber Threats Report” (PDF) for 2013.
Issued Nov. 14, the report serves as a resource for security professionals in the academic, government and private sectors.
Malicious software, often designed to steal or corrupt sensitive data, is one of the biggest threats to information security. Throughout 2012, numerous high-profile malware attacks were discovered, many of which involved new and sophisticated methods of avoiding detection.
Two notable cases were the Flashback and Gauss trojans. Discovered in late 2011 and 2012, these trojans both made use of unique encryption techniques, similar to those used in digital rights management, to bind the processes of the malware to a specific system. When run in a different system, these malware samples would remain inert, complicating automated analysis systems designed to study malware during run-time.
Despite increasingly complex malware variants, researchers have noted that information security trends in 2012 are not all bad. Although mobile malware appears to be growing in the wild, Georgia Tech researchers found that only a small percentage of devices in the United States show evidence of malware infection, perhaps as low as 0.002 percent.
In contrast, many security firms have found evidence of much higher mobile infection rates in foreign countries, such as China and Russia, possibly as high as 40 percent. Comparatively low infection rates in the United States may be a result of well-vetted app stores, which act as a strong preventative measure.
Yet although infection rates for mobile devices in the United States are currently low, researchers have noted that such devices are becoming more complex, and may provide an increasingly attractive target for more creative malware authors.
Mobile malware authors currently emphasize monetization; however, mobile devices have significant capacity for information-gathering functionality. Researchers at the University of Indiana, for example, have already demonstrated a program that is capable of taking opportunistic photos of a user’s surroundings, from which a 3-D representation of the room could be built.
In 2011, Georgia Tech assistant professor Patrick Traynor demonstrated a program that allowed a phone lying on a desk to identify keystrokes as they were typed on a nearby keyboard. As mobile malware becomes more sophisticated, the information-gathering potential of such mobile devices will likely be exploited.
Individuals are not the only technology users to be affected by more sophisticated malware techniques. Cloud technologies, now entering their teenage years, are becoming more and more prevalent in the corporate environment for data storage and processing. As companies begin transferring their data storage to the cloud, such technologies become increasingly attractive targets for malware authors.
Although many companies try to keep data in the cloud encrypted for as long as possible, use of the data in searches or algorithms requires decryption, often exposing keys to the cloud as well. As such, the ability to operate on and perform searches over encrypted data will become much more important in the coming years.
Other private industries are concerned with supply chain security – a subject that gained much attention in 2012, when the House Select Committee on Intelligence issued a report on the danger of using products made by Chinese telecommunication firms Huawei and ZTE.
Information security in the supply chain is particularly difficult to monitor, due to the time-consuming and expensive nature of testing products to ensure that they have not been modified. As a result, Georgia Tech Research Institute researchers are looking at more proactive strategies to counteract this issue. One proposed method under investigation would use non-destructive screening to identify signatures of components and detect components that do not match legitimate profiles, or profiles of known counterfeit components.
Researchers also caution that threats to information security are not always limited to those than involve data leakage or compromise. As automated information systems, such as search engines, develop more sophisticated ways of streamlining search results, users are often presented with information that is personalized based on a number of factors, such as previous search history and geography. However, there is a fear that such personalization can ultimately limit access to diverse information, providing an unintentional form of automated censorship.
Attackers have already developed ways to manipulate search engine results by creating artificial webs of sites that link to one another, raising a website’s reputation and placing it higher in the order of search results. This may also be achieved by compromising legitimate websites with code that will create links to malicious websites. By manipulating search results, an attacker may be able to influence what information with which a user is presented.
More common attacks in the future will most likely use cross-site scripting to inject links from legitimate sites to malicious destinations, avoiding the need for full compromise. Researchers believe that manipulating a victim’s search history to control search engine results may be next.