Feeds

Happy now? Mobiles, cloud, big data now 'a growing security risk'

Wheels are about to fall off those bandwagons, warn EU advisors

The Essential Guide to IT Transformation

Innovations in mobile and cloud computing, social technology and the use of "big data" present an emerging risk to organisations' IT security, experts have warned.

The European Network and Information Security Agency (ENISA), which is an EU advisory body, said that those technologies would increasingly provide the platform for "most of the innovation expected in the area of IT" and warned that with their emergence would come an associated increased cyber threat.

ENISA warned that the threat stemming from mobile computing comes from the fact that mobile communications take place over "poorly secured ... or unsecured channels". It said that the software used for such systems were not the most "mature", and added that devices were vulnerable to being lost or stolen due to their "mobility". The very fact that they are universally popular also enhances the threat of the technology being exposed to hackers, the agency added.

The most significant threat stems from hackers inserting malicious software in website browser and other software available on mobile devices, known as 'drive-by exploits', ENISA said.

"Drive-by downloads attacks against web browsers have become the top web threat. More specifically, attackers are moving into targeting browser plugins such as Java (Java exploits are the major cross-platform threat), Adobe Reader and Adobe Flash," it said in a new report [96-page / 1.56MB PDF].

"The drive-by download attacks are almost exclusively launched through compromised legitimate websites which are used by attackers to host malicious links and actual malicious code."

ENISA also warned of an increasing threat that confidential information could be compromised through data breaches, including where information is sent over mobile communication channels. In addition, it said that an "emerging issue" could arise due to the increasing use of mobile to make payments and for doing banking. These activities on mobile platforms "will gain the attention of attackers," it said.

Attackers are also likely to increasingly seek to exploit "low to medium maturity of security controls" contained within social networking technology, ENISA said. One of the main emerging threats in this context is the ability of hackers to "abuse" information that is already in the public domain in order to access social network accounts.

ENISA also warned that hackers will increasingly use "rogue certificates" in order to obtain "fake trust within components of trust infrastructure". Trust infrastructure is becoming of emerging importance as "electronic identity systems for the identification of citizens" are developed.

That's a nice silo of sensitive personal data, you've got there. Would be a shame if anything happened to it

"Trust infrastructure components may be used at all levels of information systems, i.e. from application level to network protocols," ENISA's report said. "Trust infrastructures are usually based on strong encryption technology and key management. Examples of trust infrastructures are authentication infrastructures, secure communication protocols, public key infrastructure components, etc."

"Trust infrastructures are extremely important for information security as they build the basis for securing information at many levels; and help authenticating partners or systems by establishing trusted interactions (i.e. trusted connections, trusted transactions, electronic signatures, etc.)," it said.

Due to the "concentration" of data that cloud computing technology provides for, there would be a greater potential impact if hackers successfully exploited weaknesses in those systems, ENISA said. It warned that cyber criminals could also use the capabilities of cloud computing for their own gains, such as by storing malware in those systems and using the technology as a platform to launch attacks.

ENISA added that 'big data', which it said is the aggregation of information generated "as a consequence of the proliferation of social technologies, cloud computing, mobile computing and the internet use in general", had also become an emerging security issue.

"Exploitation of big data will affect data privacy," ENISA said. "At the same time, exploitation of big data through adversaries might open doors to new type of attack vectors."

"A number of challenges have been identified for big data security. Indicatively, these challenges address data protection, data access control and data filtering issues for huge data amount that are beyond the processing power of contemporary Security Information and Event Management (SIEM) products," it said.

Copyright © 2012, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.