Question

Make recommendations for the optimal computer operating system to address the emerging issue.

Answer 1

The security threat landscape changes constantly, with malicious hackers developing new ways to compromise your systems as older vulnerabilities are discovered and patched. So it's important to be aware of the threats to enterprise security that are coming over the horizon and heading this way.

It's a question the Georgia Institute of Technology addresses in its Emerging Cyber Threat Report 2013, in which researchers identify at least six threats that all security professionals should know about.

Using DRM-like Tech to Hide Viruses

Some music and ebooks files are protected by digital rights management (DRM) systems. These files are effectively locked to particular devices so that they can only be played on these devices and can't be copied and shared.

Malware can use the same technique. Essentially it locks itself to a particular system by encrypting portions of its binary using specific attributes of the infected system to generate a key. That means that once it has infected a system, the malware will only run on that machine and can't be copied and run on another.

The purpose of this is to make it much harder for anti-virus vendors to take a sample of the code from an infected machine and run it in their own systems - to analyze it and, ultimately, produce an anti-virus signature for it. Virus authors such as those behind the Gauss Trojan, which was discovered in August 2012, and the Flashback Trojan in 2011 have already used this self-defense technique, and it's one that's likely to become common in the future, the report suggests.

What you can do to mitigate the threat: Enterprises should deploy anti-virus products which offer effective alternatives to signature-based protection such as behavioral protection and file reputation based systems.

Targeting OS X

In the past most malware writers have targeted systems running Microsoft's Windows operating system. This has led many Mac users to believe falsely that OS X is a highly secure operating system that can't be compromised. As a result, most computers running the operating system have little or no anti-malware protection.

But the Flashback Trojan demonstrated that machines running Apple's OS X operating system are also now being targeted, and that they are vulnerable.

Aside from vulnerabilities in the operating system, which Apple is often slow to patch, malware writers are also exploiting vulnerabilities in software such Java, which run on these systems. Flashback infected over 600,000 systems running OS X. The report predicts that because most OS X systems have little or no protection and the user base is inexperienced with security, it will increasingly be targeted by attackers in the future.

What you can do to mitigate the threat: Devices running OS X should be protected by the same security measures as Windows machines. That means installing anti-virus software, and ensuring that the operating system and third-party software such as Java is updated with security patches as soon as they are available.

Malicious Hardware/Supply Chain Insecurities

The threat here is that networking hardware made by Chinese companies such as Huawei and ZTE, or counterfeit hardware made in China or elsewhere, may contain malicious hardware or firmware code which provides a backdoor into corporate systems. This has always been a possibility, but in October 2012 the House Select Committee on Intelligence explicitly recommended that private sector entities consider "the long-term security risks associated with doing business with either ZTE or Huawei for equipment or services."

What you can do to mitigate the threat: At the very least, limit networking hardware purchases to trusted vendors. Additional measures include carrying out network listening to detect hardware acting maliciously, and carrying out random tests on devices to look for indications that they contain extra components or malicious firmware. At the highest level, some companies may choose to assume that all hardware