This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.
Looking back at the last 12 months, the two major themes that dominated security headlines were large-scale retail breaches and vulnerabilities in widely used software libraries. What cyber-security bombshells are in store for us in 2015? We look at the top security predictions for the year ahead and see five key trends/scenarios taking place.
Security Predictions for 2015 No.1 - A New DDoS Amplification Attack Will Emerge
The Asia Pacific has become the target of large-scale DDOS attacks and over the past two years, cybercriminals and other mischief-makers have exploited DNS and NTP servers to amplify the size of their DDoS attacks. With DNS and NTP amplification attacks, an attacker spoofs, or impersonates, the attack target and sends a small request to a reflector, which is a server that replies with a much larger response to the victim, flooding the victim's network.
DNS amplification attacks can increase the size of DDoS attacks by up to 54 times, while NTP amplification attacks can magnify DDoS onslaughts by a factor of 556 times. But DNS and NTP are not the only culprits of amplification attacks. Attackers can also leverage SNMP, NetBIOS, and other protocols to launch amplification attacks. Attackers have even exploited WordPress applications to carry out large-scale DDoS assaults.
Amplification has contributed to the escalating size of DDoS attacks. Between 2011 and 2013, DDoS attacks grew in average size from 4.7 to 10.0 Gbps. But the real story has been the increase in the average packets per second for typical DDoS attacks; in fact, DDoS attack rates have skyrocketed 1,850% percent to 7.8 Mpps between 2011 and 2013. Many of the largest DDoS attacks over the past two years have been amplification attacks.
We predict that in 2015, a new type of DDoS amplification attack will make headlines. While DNS and NTP amplification took the security world by storm in 2013 and 2014, attackers will uncover and exploit a yet unknown attack next year. Attackers continually investigate new attack vectors, as witnessed by the recent discovery of DVMRP-based reflection attacks. Distance Vector Multicast Routing Protocol (DVMRP) reflection attacks have already been observed by service providers.
To protect against amplification attacks in 2015, organizations should deploy security equipment that can mitigate large-scale DDoS attacks.
Security Predictions for 2015 No.2 - Traditionally "Secure" Infrastructure such as VDI Will Be Compromised
Virtual Desktop Infrastructure (VDI) allows organizations to host desktop environments on servers and enables users to access these desktops from any location. Compared to traditional desktop infrastructures, VDI provides a host of advantages; organizations can lower hardware and operating costs, support Bring Your Own Device (BYOD) initiatives, and bolster security. Since all data is stored in a central location-rather than on endpoint devices-VDI reduces physical data theft risks.
Sign up for Computerworld eNewsletters.