12 cloud predictions of Christmas: Protect your cloud

Rik Ferguson Advice
2 Jan, 2012

Rik Ferguson, director of security research at Trend Micro, tells us what he thinks will happen in cloud computing during 2012.

As we say goodbye to 2011 and look forward to the next 12 months, there is sure a lot to look forward to in the cloud market, but don’t forget to be wary as well.

Expect the continued increase in malicious software aimed at mobile platforms, particularly Google’s Android as it solidifies its market leading position.

Security vulnerabilities will be found and exploited in legitimate mobile apps, rather than solely in the form of malicious mobile apps. They will likely find either vulnerabilities or coding errors that can lead to user data theft or exposure.

Compounding this further is the fact that very few app developers have a mature vulnerability handling and remediation process. This means the window of exposure for these flaws may be longer and the means of compromise much less visible than a Trojan in an app store.

Cyber criminals will increasingly try to profit by abusing legitimate online revenue sources, such as online advertising, as evidenced by the recent change in tactics of the gang behind Koobface and the income generated by the Rove Digital gang through click fraud.

This will help them hide from the eyes of both law enforcement and anti-fraud watchdogs hired by banks and other financial agencies. As a related phenomenon, botnets will become smaller in size, but greater in number. This will make them more resistant to takedown activity that has been so successful over the past few years, more manageable and potentially more difficult to spot by anti-fraud mechanisms.

We fully expect the rise in politically or cause motivated “hacking” to continue apace. The many disparate groups that have arisen, and in some cases united under the Anti Sec banner in 2011, have certainly made enough of an impression on their targets, the media and the general public to have solidly entrenched this new route and means of protest.

Enterprises will be increasingly be looking, not only to secure their systems and networks from determined, targeted surgical attacks such as the APT, but also against the brute force and equally determined attacks of hacktivist groups, often in league with insider sympathisers.

The real challenge for data centre owners will be dealing with the increasing complexities of securing physical, virtual, and cloud-based systems. While attacks specifically targeting virtual machines (VMs) and cloud computing services remain a possibility, attackers will find no immediate need to resort to these because conventional targeted attacks will remain effective in these new environments.

Virtual and cloud platforms are just as easy to attack, but more difficult to protect. As a result, the burden will fall on IT administrators who have to secure their company’s critical data as they adopt these technologies.

Sign up for our free newsletter