App vulnerabilities and hidden SSL attacks main threats for networks and mobile devices in 2016
Backdoor attacks are going to increase in the coming year, as cyber criminals exploit patchy mobile security and SSL blindspots to gain access to private data and company networks. Many of the security products businesses rely upon are not equipped to monitor hidden gateways into the network. As a result, organisations will need to invest in plugging these gaps to ensure defences can mitigate against an increasingly varied and powerful threat landscape.
A false sense of security: SSL encryption
Over the past few years, SSL encryption has become popular for both application owners and hackers. Encryption improves security by providing data confidentiality and integrity. However, encryption also allows cyber criminals to conceal their exploits from security devices like firewalls, intrusion prevention systems and data loss prevention platforms. Some of these products cannot decrypt SSL without degrading performance, while others simply cannot decrypt SSL traffic at all because of their location in the network.
Today, encryption accounts for roughly one-third of all Internet traffic, and it's expected to reach two-thirds of all traffic next year when Internet powerhouses like Netflix transition to SSL. As a result, encrypted traffic will become the 'go-to' way of distributing malware and executing cyber attacks simply. Whether sharing a malicious file on a social networking site or attaching malware to an email or instant message, many attacks will be cloaked in SSL.
On top of this threat, movements like Let's Encrypt make it even easier for hackers to generate SSL certificates to sign malicious code or to host malicious HTTPS sites.
A ubiquitous threat: the mobile device
2016 will also see a sustained increase in the number of attacks targeting mobile devices. The sheer number of mobile devices, the amount of malware (20 million apps by the end of 2016, according to Trend Micro), and the inherent vulnerabilities present in even legitimate mobile apps means that a major breach is bound to happen.
To put it into perspective, Cisco recently released an advisory about a vulnerability in its WebEx for Androids app...