www.cyberoam.com I sales@cyberoam.com

2014 - A Security View-pointWith a careful analysis of security and IT trends in the most recent past and a strong foresight

that comes from years of industry experience and intelligent extrapolation of the past and the

present, Cyberoam brings to you Security Predictions for 2014.

“Client-side software

exploits” – it will be!

Attacks on Industrial Control Systems & SCADA systems to continue

Context-Aware security – the saviour

of rising mobility

Security ofHybrid Cloud

Browser-based attacks are still hot!

Mobiles stillremain a darling of malware attackers

0102

03

0405

0607

08

09

10

New exploit kits will be explored and used

Attack vectors to get more intelligent

“Internet of Things” adds Security risks for

home devices Windows users at risk as Windows XP comes to end-of-life

Attacks in 2013 have left us with one clear picture – the rising sophistication and

professionalism among attackers. In times to come, Cyberoam predicts attacks,

wherein the attackers will get more specific, both in terms of their objective and

attack strategies. Gone are the days when attacks were meant for the masses.

Attackers now know whom and how they would attack and they are changing their

attack strategies to hit straight on the bull's-eye rather than shooting in the dark. In

addition to this, few attacks from 2013 indicate the evolution of attacks including

proven components from already-used attacks, combined to form more

detrimental attacks.

Attack vectors to get more intelligent

The amplified impact that an attack on Industrial Control Systems (ICS) can cause,

justifies the interest attackers have on such systems. ICS/SCADA system attacks can

cause catastrophic damage not only to a single unit but at times to an entire

country/province. It is the spread of impact compounded with lack of adequate

security available in such systems that have made ICS/SCADA networks a lucrative

target for attackers. As per statistics, there were 198 cyber attacks in 2012 and the

numbers increased to 240 in 2013. Cyberoam predicts further rise in such attacks on

ICS/SCADA networks in 2014 and beyond.

Attacks on Industrial Control Systems & SCADA systems to continue

“Client-side software exploits” – it will be!

Cyberoam Threat Research Labs foresees an increase in Client-side software

exploits compared to the Server-side in next few years. 2013 has seen numerous

such exploits where base client software like Microsoft and Adobe were exploited

to spread the attack vectors across the network. The recent Microsoft advisories

indicating client side exploits also support this prediction. Reasons for this hike

include increased scope of exploitation with increase in attack vectors, higher base

of users who use these softwares, and lastly, the money involved in it. The exploit

kits used to exploit server side vulnerabilities cost much less than client side exploit

kits, indicating the premium the latter demand. Realizing that client side exploits

will bring in more money, the focus on exploiting client-side vulnerabilities will

increase too!

With increase in number of security features or solutions in an organization's

network to tackle emerging security risks, the job of security professionals is

getting more complex. With rising number of devices, users and applications to

monitor, this becomes even more difficult. The volume of data that the security

appliance(s) offer on various parameters is becoming a problem for network

administrators, presenting a need for context-aware security that enables faster

decision making and action with the security intelligence it offers. Cyberoam

predicts an increase in demand for context-aware security for 2014. The rising

need in context-aware security goes in continuation with Cyberoam's prediction in

2013 regarding the rise in need for User Threat Quotient & Device Threat Quotient.

Increase in need for Context-Aware security

In a generation of increased mobility where tablets and smart devices are displacing

desktops and paper-based processes, more users are turning to Cloud, specifically

the Hybrid Cloud, as it offers more efficiency, business optimization, access to real-

time data and always-on availability. However, the ability of Hybrid clouds to burst

into the public cloud space when necessary is bringing up security concerns.

Although this capability is particularly useful to organisations, it may be a call for

danger and users and security vendors are realizing this. Cyberoam predicts an

increase in demand for security in Hybrid Cloud environments.

Security of Hybrid Cloud

New exploit kits will be explored and used

Use of Blackhole exploit kit for attacks is a known fact. It is no secret that it was used

extensively for attacks in the past. But with the arrest of 'Paunch' in 2013, the man

behind the Blackhole exploit kit, new exploit kits are slowly showing up. In addition

to this, as attacks utilising Blackhole exploit kit have been exposed, it emerges as a

need among attackers to come up with new ways to target their victims. Also, with

recent trends showing rise in exploits based on client side vulnerabilities, Cyberoam

predicts that this menace is only going to aggravate.

Increasing base of smartphone users is a primary reason for attackers to find

interest in attacking those devices. In addition to this, users use their personal

devices to access work emails and connect to company networks, which

aggravates this interest further. Applications are the backbones of smart phones

and most of the mobile apps lack adequate security, adding to the misery of

security on mobile devices. All of these factors collate to increase the interest

attackers have in smart devices. 2014 is sure to experience newer and sharper

mobile threats.

Mobiles still remain a darling of malware attackers and exploits

IOT- 'Internet of Things' is something we all are waking up to, these days. Everything

seems to be on the Internet! Right from our work to social lives, and storage needs,

Internet has also opened its doors to home devices now! As more and more home

devices get connected to the Internet, it is obvious that attackers will soon find their

way through them too. Cyberoam predicts a rise in need for security solutions for

home devices, besides your office devices. Because one thing is evident – the level

of risk and quantum of vulnerability is similar, irrespective of whether the device

resides in your home or in your office network.

“Internet of Things” adds Security risks for home devices

Browser-based attacks are still hot!

In a bait to achieve sure-shot infection and victimize users, use of browser-based

attacks like Water hole will further rise. This will include a rise in exploitation of

browser vulnerabilities and also use of malicious websites. Attackers will continue

to target users by directing them to trusted and commonly visited URLs which would

be infected with malicious codes. Water hole mechanism includes cyber offenders

infecting websites that are frequently visited by their targets. In 2013, many have

already agreed on the rise seen in watering holes. In fact a lot of hackers that were

using spear phishing attacks to target users have also started using watering holes.

Windows users at risk as Windows XP comes to end-of-lifeAs Microsoft decides to stop supporting Windows XP after 8th April 2014, users will

need to upgrade to newer Windows versions, and so will the attackers shift their

focus to these versions. Moreover, users who still continue to use Windows XP, will

not have their vulnerabilities patched, leaving them open to exploits.

www.cyberoam.com I sales@cyberoam.com Copyright © 1999-2013 Cyberoam Technologies Pvt. Ltd. All Rights Reserved

Toll Free Numbers

USA : +1-800-686-2360 | India : 1-800-301-00013

APAC/MEA : +1-877-777-0368 | Europe : +44-808-120-3958CERTIFIED

VPNC

InteropBasic

AES

Interopwww.check-mark.com

SSL Advanced Network Extension

SSL Basic Network Extension

SSL JavaScript

SSLFirefox

SSLExchange

SSLPortal

CERTIFIED

VPNC

About Cyberoam Technologies Private Limited

Cyberoam Technologies Private Limited is a global Network Security appliances company, offering future-ready

security solutions to physical and virtual networks in organizations with its Next-Generation Firewalls (NGFWs) and

Unified Threat Management (UTM) appliances. Cyberoam network security appliances offer multiple security

features like stateful inspection firewall, Application Visibility & Control, Web Filtering, VPN, Intrusion Prevention

System, Gateway Anti-Virus, Gateway Anti-Spam, Web Application Firewall, Bandwidth Management and Multiple

Link Management over these appliances, depending on the need of organizations. The virtual and hardware

Cyberoam Central Console appliances offer Centralized Security Management options to organizations, while

Cyberoam iView allows intelligent logging and reporting with one-of-their-kind, in-depth reports. Cyberoam is

accredited with prestigious global standards and certifications like EAL4+, CheckMark UTM Level 5 Certification,

ICSA Labs, IPv6 Gold logo, and is a member of the Virtual Private Network Consortium. For more information, please

visit www.cyberoam.com

For more news and updates on latest security trends, Subscribe to Cyberoam blogs at www.cyberoam.com/blogs