These IT-security-related predictions provide timely warning for chief information security officers (CISOs) about how bad actors will dramatically increase attacks that leverage poorly secured cryptographic keys and certificates on mobile devices, applications, servers and clouds to inject malware that is difficult to detect with traditional security controls and solutions. Additional predictions include insights into changes to be made in the Certificate Authority (CA) market, the impact
Tweet this: .@Venafi 2014 #predictions: 100% of #mobile #malware will misuse #certificates by 2015. #protectyourcerts
Prediction 1: 100 percent of mobile malware will misuse digital certificates
In 2013, cybercriminals and nation-backed operators used digital certificates to authenticate 27 percent of all mobile malware, making it appear as legitimate code. This represents growth from zero percent during the previous year. Venafi expects 100 percent of mobile malware attacks will use digital certificates by the end of 2014. This represents massive growth in the misuse of certificates and poses significant risk to enterprise security. Bad actors have learned that the easiest, fastest and most effective way to inject malware that resides undetected on mobile devices and supporting networks for extended periods is by signing the malware with compromised or stolen digital certificates. Attackers know that most global organizations cannot detect or respond to anomalous certificates that authenticate systems and users on their networks, devices and applications.
Prediction 2: Certificate Authorities (CAs) will need to provide full transparency
Some of the largest trust-based breaches to date have occurred as a result of certificate compromises that took advantage of weak CA issuance processes. Enterprises recognize that CA reliability is key to securing trust on the Internet and will demand transparency into how certificates are issued and what steps are taken to ensure they are properly protected. To provide greater, objective transparency, a governing body will emerge that enables CAs to prove that their processes can be trusted and that their digital certificates can be used to reduce the risk of certificate-enabled compromises.
Prediction 3: In the wake of
Prediction 4: The era of the Internet-enabled human will bridge the gap between cybercrime and the physical world
2013 saw the introduction of wearable Internet-enabled devices such as Google Glass and Samsung Galaxy Gear. 2014 is set to see more innovation in this space, with IP-enabled contact lenses and other wearable technology. The rapid adoption of wearable devices will drive the increased usage of certificates to ensure they are securely authenticated to the network. This rapid adoption also dramatically increases the attack surface for cybercriminals to hack systems and networks. We may see the first cyberattack to impact a human physically because it compromises a digital certificate. For example, incorrect information provided to a wearable device may result in an accident and cause bodily harm.
Prediction 5: PRISM revelations and cybercriminal cloaking attacks will drive the need for more intelligent SSL use
According to the McAfee (Intel Security) Q3 Threats Report, there was a 1,600 percent increase in certificate-signed malware between Q1'12 and Q3'13. Forrester recently found that 44 percent of all enterprises have already experienced attacks on keys and certificates, and 60 percent cannot respond to such attacks within 24 hours.
"Traditionally, organizations have viewed keys and certificates as an operational problem and, for the most part, used encryption key management solutions to ensure their maintenance," said
Visit our blog at http://www.venafi.com/blog/
Follow us on Twitter: @Venafi
Follow us on LinkedIn: http://www.linkedin.com/company/venafi
Like us on Facebook: https://www.facebook.com/Venafi
Venafi is the market leading cybersecurity company in Next-Generation Trust Protection (NGTP). Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. As part of an enterprise infrastructure protection strategy, Venafi Director prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity and increased threats, and remediates errors and attacks by automatically replacing keys and certificates. Venafi Threat Center provides research and threat intelligence for trust-based attacks. Venafi customers are among the world's most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including
Most Popular Stories
- 5 Notable Hispanic Technology Executives
- Top Hispanic Tech Companies Push for the Top
- Russia, Crimea Discuss Referendum
- 'Holy grail of guitars' OM-45 Deluxe Available in in NY Auction
- Justin Bieber Loses Cool Over Selena Gomez
- Maya Angelou Cancels Milagro Gala Appearance Due to Illness
- Spotify Picking up Echo Nest
- Getty Releases Millions of Images for Free Via Embed Tool
- GOP 2016 Hopefuls Face Off at CPAC
- Goya Nutritionist Answers Demand for Healthy Hispanic Dishes