Feeds

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Wheels are about to fall off those bandwagons, warn EU advisors

Reducing security risks from open source software

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned.

The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for "most of the innovation expected in the area of IT" and warned that with their emergence would come an associated increased cyber threat.

ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over "poorly secured ... or unsecured channels". It said that the software used for such systems were not the most "mature", and added that devices were vulnerable to being lost or stolen due to their "mobility". The very fact that they are universally popular also enhances the threat of the technology being exposed to hackers, the agency added.

The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices, known as 'drive-by exploits', ENISA said.

"Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash," it said in a new report [96-page / 1.56MB PDF].

"The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code."

ENISA also warned of an increasing threat that confidential information could be compromised through data breaches, including where information is sent over mobile communication channels. In addition, it said that an "emerging issue" could arise due to the increasing use of mobile to make payments and for doing banking. These activities on mobile platforms "will gain the attention of attackers," it said.

Attackers are also likely to increasingly seek to exploit "low to medium maturity of security controls" contained within social networking technology, ENISA said. One of the main emerging threats in this context is the ability of hackers to "abuse" information that is already in the public domain in order to access social network accounts.

ENISA also warned that hackers will increasingly use "rogue certificates" in order to obtain "fake trust within components of trust infrastructure". Trust infrastructure is becoming of emerging importance as "electronic identity systems for the identification of citizens" are developed.

That's a nice silo of sensitive personal data, you've got there. Would be a shame if anything happened to it

"Trust infrastructure components may be used at all levels of information systems, i.e. from application level to network protocols," ENISA's report said. "Trust infrastructures are usually based on strong encryption technology and key management. Examples of trust infrastructures are authentication infrastructures, secure communication protocols, public key infrastructure components, etc."

"Trust infrastructures are extremely important for information security as they build the basis for securing information at many levels; and help authenticating partners or systems by establishing trusted interactions (i.e. trusted connections, trusted transactions, electronic signatures, etc.)," it said.

Due to the "concentration" of data that cloud computing technology provides for, there would be a greater potential impact if hackers successfully exploited weaknesses in those systems, ENISA said. It warned that cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.

ENISA added that 'big data', which it said is the aggregation of information generated "as a consequence of the proliferation of social technologies, cloud computing, mobile computing and the internet use in general", had also become an emerging security issue.

"Exploitation of big data will affect data privacy," ENISA said. "At the same time, exploitation of big data through adversaries might open doors to new type of attack vectors."

"A number of challenges have been identified for big data security. Indicatively, these challenges address data protection, data access control and data filtering issues for huge data amount that are beyond the processing power of contemporary Security Information and Event Management (SIEM) products," it said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.