Feeds

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Wheels are about to fall off those bandwagons, warn EU advisors

The essential guide to IT transformation

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned.

The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for "most of the innovation expected in the area of IT" and warned that with their emergence would come an associated increased cyber threat.

ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over "poorly secured ... or unsecured channels". It said that the software used for such systems were not the most "mature", and added that devices were vulnerable to being lost or stolen due to their "mobility". The very fact that they are universally popular also enhances the threat of the technology being exposed to hackers, the agency added.

The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices, known as 'drive-by exploits', ENISA said.

"Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash," it said in a new report [96-page / 1.56MB PDF].

"The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code."

ENISA also warned of an increasing threat that confidential information could be compromised through data breaches, including where information is sent over mobile communication channels. In addition, it said that an "emerging issue" could arise due to the increasing use of mobile to make payments and for doing banking. These activities on mobile platforms "will gain the attention of attackers," it said.

Attackers are also likely to increasingly seek to exploit "low to medium maturity of security controls" contained within social networking technology, ENISA said. One of the main emerging threats in this context is the ability of hackers to "abuse" information that is already in the public domain in order to access social network accounts.

ENISA also warned that hackers will increasingly use "rogue certificates" in order to obtain "fake trust within components of trust infrastructure". Trust infrastructure is becoming of emerging importance as "electronic identity systems for the identification of citizens" are developed.

That's a nice silo of sensitive personal data, you've got there. Would be a shame if anything happened to it

"Trust infrastructure components may be used at all levels of information systems, i.e. from application level to network protocols," ENISA's report said. "Trust infrastructures are usually based on strong encryption technology and key management. Examples of trust infrastructures are authentication infrastructures, secure communication protocols, public key infrastructure components, etc."

"Trust infrastructures are extremely important for information security as they build the basis for securing information at many levels; and help authenticating partners or systems by establishing trusted interactions (i.e. trusted connections, trusted transactions, electronic signatures, etc.)," it said.

Due to the "concentration" of data that cloud computing technology provides for, there would be a greater potential impact if hackers successfully exploited weaknesses in those systems, ENISA said. It warned that cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.

ENISA added that 'big data', which it said is the aggregation of information generated "as a consequence of the proliferation of social technologies, cloud computing, mobile computing and the internet use in general", had also become an emerging security issue.

"Exploitation of big data will affect data privacy," ENISA said. "At the same time, exploitation of big data through adversaries might open doors to new type of attack vectors."

"A number of challenges have been identified for big data security. Indicatively, these challenges address data protection, data access control and data filtering issues for huge data amount that are beyond the processing power of contemporary Security Information and Event Management (SIEM) products," it said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?