Solera Networks Foresees Top Threats for 2012, Recommends Security Resolutions for Increased Online Safety in the New Year

Salt Lake City, UT – January 11, 2012 – Solera Networks, the leading Network Security Analytics platform provider, today announced security predictions for 2012: rampant spam-driven attacks; multiple manifestations of classic social engineering scams; the high probability of attacks against industrial automation; and significant increases in malware. Based on activity levels observed in the second half of 2011, the growing pace, volume and sophistication of attacks suggest consumers, small businesses and corporations will need to grow increasingly vigilant over the next year. The company also provided five simple activities that, when added to a list of New Year’s resolutions, should prove helpful in protecting Internet users from these threats.

Solera Networks Research Lab’s top five threats for 2012:

  • Increasing attacks staged through legitimate but compromised sites

From tiny collectives to large organizations, the continued existence of unpatched, vulnerable Web sites are poised to become a substantial problem in the near future. The number of these vulnerable Web sites combined with an abundance of keylogger malware available today suggests a rapidly increasing number of sites will be used to redirect unsuspecting victims to exploit kits.

  • Scripted exploits targeting vulnerable browser plug-ins

Currently, there is no surefire method for preventing accidental infection of a Windows PC by exploit-kitted Web pages, and in 2012 the number of those infections will grow every day. Heavily-obfuscated Javascript can take control of a PC within minutes and then gain quick access to the user’s passwords. One preventative measure is to use the Firefox browser with NoScript installed. Otherwise, reduce your attack surface: Update Flash, Acrobat, Office, and other vulnerable applications immediately (and regularly), and disable Javascript within your PDF reader application.

  • Malicious Spam Increases

Malicious spam in 2012 will follow the patterns set in late 2011. Every available delivery method – email, social networks, and IM, as zipped malware attached to the messages, or links to malicious pages – and any other conceivable form is up for grabs: shipping confirmations, missed deliveries, credit warnings and statements, utility bills, complaints to the Better Business Bureau, online order confirmations, bank statements, electronic funds transfer notices and “friend notification” emails from social networking sites. These new and innovative social engineering tactics will ensnare unsuspecting victims with increasingly sophisticated malware.

  • SCADA systems remain a key target

SCADA systems don’t just control plutonium enrichment centrifuges. They control things as mundane as the hot water boilers in large steam heating systems, the electrical systems of large office buildings, and the telephone switches in hospitals and universities. Many Internet-connected SCADA systems have been left wide open to the world. If the operators of these systems don’t take immediate action to lock down the public Web interface to their SCADA-controlled devices, it could be only a matter of time before someone decides to cause deliberate harm, shutting off a critical system in a time of need.

  • Continued increase of malicious smart phone applications

The volume of copycat Android malware is increasing rapidly. Today, threats include everything from local scam artists to entire markets hosted on overseas sites. Users will need to exercise extreme caution installing anything onto their smart phones or tablets, especially if they have unlocked or otherwise altered the devices.

Solera Networks Research Lab’s recommended resolutions for 2012:

Solera Networks Research Labs recommends implementing a list of New Year’s internet-related resolutions to protect consumers and businesses. Solera Networks recommends the following security-themed New Year’s resolutions for 2012:

  • Change your passwords more frequently

Every site or service you use needs to have its own unique password, and each password should meet stringent security standards, including minimum length and a diversity of character types. While the idea of changing them so frequently may seem daunting, it must be done. Fortunately, a number of different technologies and applications can be used to assist in managing these passwords. If available on your laptop, a biometric finger scanner can simplify the process, as can commercially available password management software.

  • Perform frequent backups

Backups are both a security resolution and a security blanket resolution. Select a large, external hard drive and back up all of your data regularly. Make 2012 the year of 52 weekly backups, with more frequent backups of the most important application data such as email.

  • Remove bloatware from any computing device as soon as possible

Whether it’s a phone, a computer, or any other device, if it’s loaded with applications that engage in any unwanted or undesirable behavior, remove them. It has become essential that consumers assert their right to total control over any technological device they use, and remove software that proves burdensome, irritating, or intrusive – whether it came pre-installed or not.

  • Fortify the computing environment

Dig deeply into the settings within both applications and the operating system of your computer with the goal of ensuring that you have done everything possible to lock down the devices. Don’t forget to include the smaller issues like disabling links in Outlook, as well as the major exposure points, like uninstalling vulnerable applications or disabling exploitable browser plugins. Focus on thoroughness as well as execution.

  • Prepare for swift response

Even if you hold to the resolutions above, new and unknown threats will find their way into your network. Network secruity professionals need to prepare for the unknown and plan for swift incident response. In 2012, resolve to go beyond just reviewing your log files and start recording traffic for key network segments. When something bad happens, you’ll be glad you have a full record of the event in order to uncover the full source and scope of any malicious activity.

Customer Quotes

“There are experts who have tested, used and proven the effectiveness of the open source tools, not to mention the fact that they work seamlessly with Solera Networks”

University CSO,
Major Eastern US University

“The speed with which we respond to events now will more than pay for the cost of this device.”

Team Leader
 Communication Team,
Major Cloud-based Software Provider

“We were interested in the device because it has deep packet capture and playback capabilities and fits so seamlessly with our analysis tools.”

Information Security Engineer,
Global Health Product Manufacturer

“There are experts who have tested, used and proven the effectiveness of the open source tools, not to mention the fact that they work seamlessly with Solera Networks.”

University CSO,
Major Eastern US University

“We more than paid for the Appliance in the first week of use”

Senior Design Engineer,
Global Aerospace and Transportation Manufacturer

“Using the Solera Networks Appliance has saved our company well over 7 figures”

CSO,
Fortune 100 Financial Management and Equity Firm

“…It gives us the ability to look at the past in the minutest detail.”

Security Analyst,
Major US University

“This is the most valuable tool we have seen for network forensics. …We have an ‘all-seeing-eye’ into our network. We know what has happened and what is happening.”

Security Analyst,
Major US University