From mass Wordpress compromises to a spear-phishing attack on the White House, there is no doubt cybercriminals gained confidence and momentum in 2012.
Websense® Security Labs™ looked at recent security and attack trends to come up with hypotheses of the anticipated evolution of threats in 2013.
Forecasting threats is a challenging task, especially when trying to nail-down the trends and waves of the quickly shifting threat landscape. But, we have a solid track record of seeing into the murky future of the security world. If the Mayan Calendar end doesn't trigger an apocalypse at the end of this year, here's my take on what trends we expect to see emerge and continue in 2013 (you can access the full report here):
1. More cross-platform threats attacking mobile in 2013
Cross-platform threats have increasingly become the norm in the desktop/laptop realm. This expertise will lend itself to attacking these top three mobile platforms: Android, iOS and Windows 8. Cybercriminals operate toward similar objectives as legitimate application developers and focus on the most profitable platforms. As development barriers are removed, mobile threats will be able to leverage a huge library of shared code.
To draw a parallel to past cross-platform threats, Blackhole has emerged as the premiere exploit kit in the web world. It packages many different exploits together that can determine the operating system of a visitor and deliver the appropriate malware or lure specific to the device. The likelihood of a packaged, multi-platform exploit kit targeting mobile devices is high, only this may be farther off than 2013.
In the meantime, attackers will continue to increasingly use social engineering lures to capture user credentials on mobile devices, a tactic where platform exploitation is nonessential.
2. Legitimate mobile app stores will host more malware in 2013, but legitimate apps behaving badly may become more of a concern.
The success of the mobile app sales model has encouraged developers to create more mobile apps for the market. As a result, we will see an increased volume of malware hosted in legitimate mobile app stores. In addition, jail-broken devices and non-sanctioned app stores will pose significant risk in the enterprise as more organizations allow BYOD.
So this isn't just the non-sanctioned and open stores we are talking about. We believe there is an increasing likelihood that the bad guys will get a sophisticated piece of malware hidden in an application that will sneak by even vetted, legitimate app stores.
Another challenge is going to be the targeting of legitimate application developers by hackers to steal the vast amount of user data these applications collect (with a user's tacit, but often uninformed permission). The bad guys will increasingly look to compromise developer's systems to gain access to any data they find profitable.
3. Governments currently involved in cyber-warfare will likely increase their efforts in 2013.
Government-sponsored attacks will increase. In the wake of several public cyber-warfare events, there are a number of contributing factors that will drive more countries toward these strategies and tactics. A reason for this is that these attacks, when successful, work phenomenally well to achieve the attacker's objectives. We are also likely to see new and smaller government cyber-warfare players.
4. Increased awareness will result in fewer hacktivism incidents.
Increased awareness, and the resulting improvements in defensive measures, will result in fewer successful hacktivism incidents, but the sophistication levels of attacks will increase. This is specifically related to data stealing attacks. That said, distributed denial of service (DDoS) attacks will continue to be a weapon in the average hacktivist's arsenal.
5. Cybercriminals will become more 'virtually aware' and find modern bypass methods to avoid detection.
As networks and security vendors both apply virtual machines for applications, servers and sandboxing, threats are preparing for a customized response. Threats will evolve to more frequently and more readily tell if they are in a sandbox environment so they "play nice" until someone lets them into your network. We've already seen this with Flame, but also in more common web attacks where payloads are delivered upon the first, but not secondary visits to a malicious site.
6. Email attacks will evolve to new levels.
Old school techniques will make a comeback while other email threats will evolve to new levels. Malicious email attachments will make a comeback as malcode authors create polymorphic threats they know antivirus will be unable to stop. Domain generation algorithms and other emerging techniques will bypass current security, use different evasion tactics and increase the targeting of professionals.
7. Attacks will continue to exploit legitimate web platforms.
Having owned WordPress, attackers are moving to conquer Joomla, Drupal and phpWind. Vulnerabilities in WordPress have been exploited with mass compromises frequently. Now, because other content management systems (CMS) and service platforms are growing in use and popularity, the bad guys will routinely test the integrity of these systems. This will be increasingly likely as we see hackers become more regionally focused. As certain platforms gain users in emerging markets, the bad guys will be drawn to these targets.
The full report also includes in-depth articles on mobile security, email security and Java exploits. You can access the full report at http://www.websense.com/2013predictions.