![Page 1: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/1.jpg)
Security Trends and Predictions2015
(+ 2016)
Dr. Enis Karaarslan
http://netseclab.mu.edu.tr
![Page 2: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/2.jpg)
● Based on Sophos Security Threat Trends 2015 and other several reports
![Page 3: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/3.jpg)
Content
● More attacks against end users● Botnets, DDOS● Global Skills Gap● Massive regulatory changes ● Exploit Mitigations● Device & Internet of Things Attacks● Encryption Implementations?● Major flaws in widely-used software● Attacks to Mobile payment systems● Attack services and exploit kits● ICS/SCADA security● New Attacks for the New Protocols
![Page 4: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/4.jpg)
More attacks against end users ...
![Page 5: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/5.jpg)
Ransomware ...
![Page 6: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/6.jpg)
Botnets, DDOS ...
![Page 7: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/7.jpg)
Botnets – DDOS
● More attacks (with political purposes) to the infrastucture where botnets are used widely
![Page 8: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/8.jpg)
Need for Collaboration
● Attacks to the DNS servers shows the need for global collaboration against attacks– Between service providers and the DNS
administration
– Between Tiers
![Page 9: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/9.jpg)
Global Skills Gap
![Page 10: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/10.jpg)
Global skills gap
● More and more data breaches and attacks● The cyber security skills shortage is becoming more critical● Global skills gap continues to increase● The requirement to handle incidents when they occur
(incident response)● Education need● Industry – Need for recruitment strategy for these
professionals ● Make clear to Graduates - career prospects
![Page 11: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/11.jpg)
Massive regulatory changes
![Page 12: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/12.jpg)
Massive regulatory changes
● European Union – implementing tough new standards in 2015, with enforcement commencing in 2016
● New regulations and fines● More progressive data protection regulation in
other jurisdictions is on the way?● cybercrime laws especially for the international
issues is needed!
![Page 13: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/13.jpg)
Exploit Mitigations
![Page 14: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/14.jpg)
Exploits ...
● Delivery for malicious code with– Formerly: Spam
– Now: web based infection and browser based exploits
● High value exploits (sold for more targeted use and deployed more selectively)
● Simple & effective social engineering● focusing on non-Microsoft platforms ?● Patching strategy?
![Page 15: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/15.jpg)
OS exploit mitigations
Changes in OS like Microsoft Windows 8 and Windows 8.1:– DEP (data execution prevention, designed to
prevent the execution of attacker code in certain parts of a computer’s memory),
– ASLR (address space layout randomization, which makes writing attack code difficult by shuffling memory around),
– and more improvements
![Page 16: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/16.jpg)
Myths
● Myths like …– Mac-OS does not have an exploits
– Linux does not have an exploits
![Page 17: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/17.jpg)
Device &
Internet of Things Attacks
![Page 18: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/18.jpg)
Device Security
● Wireless routers, CCTV cameras … etc are easy to hack
● Internet of Things (IoT) devices - failed to implement basic security standards
● Security– Should be a commercial requirement
– Patch distribution problems?
![Page 19: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/19.jpg)
From the news ...
![Page 20: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/20.jpg)
Encryption Implementations?
![Page 21: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/21.jpg)
Encryption
● growing awareness of security and privacy
concerns● full-disk encryption
– Standard?
– Far more common default provided by OS
● More Android applications which encrypt local data
![Page 22: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/22.jpg)
Incorrect use of SSL
● difference between effective encryption and
“marketing” encryption● Virtually no business use case involving SSL/TLS
can be considered totally secure.– making the encryption more for show (ex. most do not
use certificate pinning)
– protocol vulnerabilities
– unnecessary features
– implementation errors
![Page 23: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/23.jpg)
Encryption problems
● Encrypt data flowing in to cloud services– Flaws in implementation?
– is it really encrypted?
● Law enforcement forensics – encryption concern
● More traffic is encrypted and can not be intercepted and scanned at the network
![Page 24: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/24.jpg)
major flaws in widely-used software
![Page 25: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/25.jpg)
![Page 26: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/26.jpg)
![Page 27: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/27.jpg)
Attackers for the search of less-considered systems?
● Heartbleed Bug - OpenSSL project – Before: No proper audits and code checks a lot of the time
– After: slow patch times
● Shellshock / Bashdoor, is a family of security bugs in the widely used Unix Bash shell. This can allow an attacker to gain unauthorized access to a computer system.
● Attackers interested in less-considered software and systems?
![Page 28: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/28.jpg)
Attacks to Mobilepayment systems
![Page 29: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/29.jpg)
Attacks against Mobile payment?
● Mobile payment systems– implementation mistakes?
● special hardware that makes it much harder to extract information– the use of a PIN, password or fingerprint for
– authentication;
– a token to represent your authorization
● An improvement over simple, easy to clone cards
● New payment systems will more resistant to theft
![Page 30: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/30.jpg)
Attack services and exploit kits
![Page 31: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/31.jpg)
Exploit kits ...
● Rise of products and services to make hacking and exploitation point-and-click easy
● Specific products for mobile and IoT on the way?● new innovation in commercializing non-PC hacking
– Android malware - the vast majority of it posing as legitimate applications and tricking the user into installing their nasty code
– New security measures - ASLR (userland and Kernel) and sandboxing features (amongst other security controls).
![Page 32: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/32.jpg)
ICS/SCADA security
![Page 33: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/33.jpg)
ICS Security
● Industrial control systems (ICS) are behind the mainstream desktop environment in terms of security.
● Lack of authentication, encryption or integrity-checking
● The only viable security strategy is to keep them isolated on air gapped networks.
![Page 34: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/34.jpg)
ICS Security
● Shodan Web Search & API?● There are security initiatives from the bigger
players in this space● The gap between the mainstream world of
security and ICS is only growing bigger.● Security of the Critical Infrastructures like
Energy
![Page 35: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/35.jpg)
Turkey Electricity blackout – a cyber attack?
● It's argued that the electricity blackout is a cyber attack?– Probably not
– Smart Grid and its potential future risks?
![Page 36: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/36.jpg)
Flaws?
● Expect far more serious flaws exposed and used by attackers as motives continue to evolve from being by majority financially motivated.
● Greater regulation and industry standardization needed in these areas
● It will take long time to change given their high cost, high complexity and often bespoke nature
● Significant risk and security is low
![Page 37: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/37.jpg)
![Page 38: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/38.jpg)
![Page 39: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/39.jpg)
![Page 40: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/40.jpg)
New Attacks for the
New Protocols
![Page 41: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/41.jpg)
Major Changes
● Major changes and deploying new protocols:– new version of HTTP (2.0 the successor to 1.1) is
– IPv6
● Lower level changes will likely bring interesting flaws● Ex: The IPv6 stack on Windows 7 and Windows 8 is
vulnerable to a resource exhaustion flaw which allows an attacker to send continuous random router advertisements and consume 100% CPU of the system ( crash the system entirely)
![Page 42: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/42.jpg)
Major Changes
● IPv6 re-implements some of the old trust flaws of IPv4, such as providing mechanisms to do man in the middle but also provisions in the standard?
● UEFI provides a rich boot environment – easier to program than BIOS.
– provides interesting rootkit and bot capabilities
that may turn up new attack vectors
● Be careful with these new technologies ...
![Page 43: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/43.jpg)
And more to come every day ...
![Page 44: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/44.jpg)
Dr. Enis KARAARSLAN
MSKÜ Network & Security Labhttp://netseclab.mu.edu.tr
![Page 45: Security Trends and Predictions 2015 (+ 2016)wiki.netseclab.mu.edu.tr/images/7/7e/Ceng3544... · Major Changes Major changes and deploying new protocols: – new version of HTTP (2.0](https://reader033.vdocuments.us/reader033/viewer/2022042308/5ed46c02638f1c7113662a99/html5/thumbnails/45.jpg)
References
● Security Threat Trends 2015, SOPHOS● Amid SSL security issues, enterprises face
many problems, few answers
http://searchsecurity.techtarget.com/news/4500243725/Amid-SSL-security-issues-enterprises-face-many-problems-few-answers
● The Heartbleed Bug, http://heartbleed.com/