INGATE

From The Sip Trunking Experts

TMCNet:  WatchGuard Reveals Top Security Predictions for 2013

[December 06, 2012]

WatchGuard Reveals Top Security Predictions for 2013

Dec 06, 2012 (M2 PRESSWIRE via COMTEX) -- WatchGuard has revealed its annual security predictions for 2013. Compiled by WatchGuard's security research analysts, the list shows that the rise in emerging cyber threats will be met by increased efforts by governments to fight back through legislation. And while the security industry is expected to focus on 'strike back' measures, WatchGuard believes this will be ineffective leaving most organisations at increased risk.


"2012 was an eye-opening year in cyber security with the number of new, more sophisticated vulnerabilities rising and impacting individuals, businesses and governments," said WatchGuard Director of Security Strategy Corey Nachreiner, a Certified Information Systems Security Professional (CISSP). "This is a year where the security stakes reach new heights, attacks become more frequent and unfortunately more damaging as many organisations suffer attacks before taking measures to protect themselves from the bad guys." WatchGuard's 2013 security predictions include: A Cyber Attack Results in a Human Death WatchGuard hopes it is wrong in this prediction. But with more computing devices embedded in cars, phones, TVs and even medical devices, digitally dealt death is not only possible, it's plausible. Security is still often an afterthought when developing innovative technical systems. Criminals, hacktivists, and even nation-states are launching increasingly targeted cyber-attacks, resulting in the destruction of physical equipment. Most recently, a researcher even showed how to wirelessly deliver an 830 volt shock to an insecure pacemaker, proving that digital attacks can have a physical impact on real lives.

Malware Enters the Matrix through a Virtual Door Last year was the first real-world instance of malware that sought out virtual machines (VMs) and infected them directly. Today, there is an emergence of malicious code that can recognise when it's running in a virtual system and act accordingly. In 2013, WatchGuard predicts attackers will create even more VM-targeted malware that will be designed to take advantage of weaknesses found in many virtual environments, while attempting to avoid virtualised automatic threat detection systems.

It's Your Browser - Not Your System - that Malware Is After WatchGuard anticipates a steep rise in browser-infecting malware in 2013. With increased adoption of cloud services like online banking, a great deal of personal and sensitive data passes through web browsers. Many antivirus solutions are focused on catching traditional malware which infects an operating system and aren't as effective at detecting browser-based infections. Now, a new type of malware has emerged. Sometimes called a Man-in-the-Browser (MitB) or browser zombie, it arrives as a malicious browser extension, plugin, helper object, or piece of JavaScript. It doesn't infect the whole system; instead it takes complete control of a browser and runs whenever the victim surfs the web.

Strike Back Gets a Lot of Lip Service, but Does Little Good 'Strike back', which refers to launching a counter-offensive against cyber hackers will receive a lot of attention but won't be implemented in most organisations according to WatchGuard. "'Strike backs' include lawsuits, launching cyber espionage campaigns, or even launching counter cyber-attacks against attackers. WatchGuard anticipates most organisations won't implement these measures given the jurisdictional challenges of digital attacks that bounce through several countries. In addition, criminals have the ability to plant 'false flags' in malware, tricking victims and authorities into thinking someone else is behind the attack.

We'll Pay for Our Lack of IPv6 Expertise WatchGuard expects to see an increase in IPv6-based attacks and IPv6 attack tools. While the IT industry has been slow to adopt IPv6 into their networks, most new devices ship IPv6-aware and can create IPv6 networks on their own. Many IT professionals don't have a deep understanding of IPv6's technicalities, yet they have IPv6 traffic and devices on their networks. This also means most administrators haven't implemented any IPv6 security controls, opening the door to attackers looking to exploit unprotected weaknesses.

Android Pick Pockets Try to Empty Mobile Wallets Based on the following three factors, WatchGuard expects to see at least one vulnerability, even if just a proof-of-concept, that allows attackers to steal money from Android devices.

* Mobile malware is skyrocketing.

* Cyber criminals are targeting Android devices more than any other because of the platform's openness.

* People are increasingly using mobile devices for online payments. Plus, many vendors, including Google, are starting to launch Mobile Wallets, which attach credit cards to mobile devices.

An Exploit Sold on the "Vulnerability Market" Becomes the Next APT WatchGuard expects that at least one auctioned-off zero day exploit will emerge as a major targeted attack this year. Vulnerability markets or auctions are a new trend in information security, allowing so-called 'security' companies to sell zero day software vulnerabilities to the highest bidder. While they claim to vet their customers and only sell to NATO governments and legitimate companies, there are few safeguards in place to prevent nefarious entities to take advantage.

Important Cyber Security-Related Legislation Finally Becomes Law In 2013, expect the U.S. government to pass at least one new cyber security act, which will impact private organisations. The U.S. government has been trying to pass cyber security bills that give the president and various government agencies some control over what happens in the event of cyber-attack on U.S. infrastructure. The government also wants more cooperation among private infrastructure organisations and U.S. intelligence agencies. Many are pressing for the government to enact more detailed cyber crime laws, which may help prosecute digital crimes. On top of that, some organisations are lobbying for tougher digital IP enforcement, which privacy advocates often oppose. While 2012 proved to be a difficult year for passing new cyber legislation, WatchGuard expects this year to be different.

About WatchGuard Technologies, Inc.

Since 1996, WatchGuard Technologies, Inc. has been a global leader of business security solutions that solve real world security problems. WatchGuard provides easy-to-use but enterprise-powerful protection to hundreds of thousands of businesses worldwide. The WatchGuard family of threat management devices provides network, application and data protection, with unparalleled levels of manageability, usability, and visibility. WatchGuard products are backed by WatchGuard LiveSecurity Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit www.watchguard.com.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.

Natasja de Groot, WatchGuard Technologies Allie Andrews, PRPR +31- 70 711 2085 +44 (0)1442 245030 natasja.degroot@watchguard.com allie@prpr.co.uk ((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to info@m2.com.

[ Back To SIP Trunking Home's Homepage ]

Loading
Subscribe here for your FREE
SIP TRUNKING enewslettter.

Featured Partner


Featured Whitepapers

SIP Security for the Enterprise
Voice over IP (VoIP) is incorporated into a variety of computer networks, both public and private, and used for everyday transactions and communications among carriers, businesses, government agencies...

Making A Broadband Purchase Decision
Businesses today have many options for broadband connectivity. Clarifying your particular business needs prior to selecting a broadband provider will ensure an optimal match of broadband service to your requirements.

Voice-Optimized Network Delivers Premier Call Experience
Customers equate call quality with business quality. Real-time communication, interpersonal interaction, and the cordial tone of a call center representative can create a positive impression of your business that no email can match.

Featured Case Studies

Business Telecom Expenses Reduced 50%
A small to medium sized company in the midwest was interested in migrating to IP Communications, but in today's economy, they were hesitant to upgrade their communication system due to their perception that the cost would outweigh the benefits.

Multi-State Company Cuts Telecom Costs 50%
A multi-site, multi-state company with extensive monthly long distance fees and toll-free charges did not have adequate broadband for Broadvox SIP Trunking requirements, nor did they have a SIP enabled telephone system.

Discover Leisure Connects Remote Users to its IP-PBX
Discover Leisure is one of the largest resellers of caravans and motor homes in the UK. With 15 branch of?ces all over the country, the company spent a great deal of money every month just on internal phone calls.

Featured eBOOKS

Internet+: The Way Toward Global Unified Communication
Connecting the telephony of the enterprise PBX or Unified Communications (UC) system using SIP trunks instead of conventional telephone lines has been very successful in recent years.

What is SIP Trunking? Edition 2
SIP trunking is becoming more of a focus for service providers. One key issue many service providers face when deploying SIP trunks is NAT, or Network Address Translation, traversal.

What is SIP Trunking? Edition 1
A vast resource for information about all things SIP - including SIP, security, VoIP, SIP trunking and Unified Communications.

Featured Videos

Broadvox VAR Testimonial VAR 1:
Part 1 of the VAR (Value Added Reseller) Partner Program Testimonials for Broadvox...

E-SBCs AS The Demarcation Point:
Ingate's Steve Johnson talks to Erik Linask about the role session border controller plays as the demarcation point at...

Demystifying DPI
How can deep packet inspection protect your SIP traffic as well as your entire network?

Featured Resources

Partner Program Overview:
Over 4,000 VARs, Master Agents, Solution Providers, and Independent IT Professionals trust Broadvox. We offer customized services and solutions to fit seamlessly into any company's business model. And when you partner with Broadvox, every member of our team stands behind you and your customers 100%...

SIP Trunk UC Summit

What's New

Presenting the New Ingate/Intertex Website:
Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

Featured Blogs

Featured Webinars

Secure SIP Trunking:
What You Need to Know

Successfully Deploying Enterprise SIP Trunking:
Tools and Techniques for Overcoming Common Roadblocks

Featured Podcasts

Getting the Most Out of Your SIP Trunks:
Ingate's Steve Johnson and TMC's Erik Linask discuss how best practices forgetting the most out of SIP Trunking services and common pitfalls to avoid.

Featured Datasheets

Ingate SIParator E-SBCs
Adopting SIP is a simple process with the Ingate SIParator, the secure enterprise session border controller (E-SBC). The SIParator makes secure SIP communications - including VoIP,SIP trunking and more - possible while working seamlessly with your existing network firewall.

Ingate Firewalls
Everyone is talking about enterprise usage of VoIP, instant messaging and other types of realtime communications including presence and conferencing.

SIP Trunk Solutions for Service Providers
The award-winning Ingate Firewall and Ingate SIParator deliver a high quality, reliable SIP trunk connection between the customer's IP-PBX and the service provider network, and solve interoperability issues to simplify deployments and support for remote diagnosis of reported issues.