More attacks and more malware, plus greater threats against platforms such as Mac and mobile devices are some of the security forecast for 2013 . Privacy concerns will rise, the cloud will continue to add a new twist to the whole electronic security game, and troublemakers will look to make a buck from momentary lapses of judgement that could leave your entire digital life destroyed regardless of how tech-savvy you are.
Whether you’re paying credit card bills on an Android or running the IT network for a great company, here is what Kaspersky Lab says you can expect baring down on you next year.
Top 10 Security Issues in 2013
Here’s what Kaspersky says you need to watch out for.
1. Targeted attacks and cyber-espionage
Kaspersky says targeted attacks, specifically tailored to penetrate a particular organization and often focused on gathering sensitive data that has a monetary value in the ‘dark market’ have become an established feature in the last two years.
Many attacks start by ‘hacking the human’ i.e. tricking employees into disclosing information that can be used to gain access to corporate resources.
2. Hacktivism continues
Sometimes the purpose of an attack is to make a political or social point. There were plenty of attacks like this in 2012, including Anonymous’s attack on the Westboro Baptist Church. Our increasing reliance on the Internet makes all types of organizations more vulnerable to these attacks, so expect them to continue into 2013 and beyond.
Last year’s attacks included the DDoS attacks launched by Anonymous on government websites in Poland, following the government’s announcement that it would support ACTA (the Anti-Counterfeiting Trade Agreement); the hacking of the official Formula 1 website in protest against the treatment of anti-government protesters in Bahrain; the hacking of various oil companies in protest against drilling in the Arctic; the attack on Saudi Aramco; and the hacking of the French Euromillions website in a protest against gambling. Society’s increasing reliance on the Internet makes organizations of all kinds potentially vulnerable to attacks of this sort, so ‘hacktivism’ looks set to continue into 2013 and beyond.
3. Nation-state-sponsored cyber-attacks
Stuxnet pioneered highly sophisticated malware for targeted attacks on key production facilities. While these kinds of attacks aren’t common, they aren’t isolated incidents either. Kaspersky says we are now entering an era of cold cyber-war. Expect more countries to develop cyber weapons designed to steal information or sabotage systems.
Copy-cat attacks by non-nation-states may also emerge with an increased risk of damage beyond the intended victim of the attack. Potential targets could include energy supply and transportation control facilities, financial and telecommunications systems and other infrastructure deemed critical.
4. More legal surveillance tools
The increase in and growing sophistication of cyber crime has led to law enforcement upping its game as well with new technology to monitor the activities of those suspected of criminal activities.
The use of such legal surveillance tools has led to concerns about privacy and civil liberties. Kaspersky says we can expect this arms race and political debate to continue.
5. Clouds and malware
Cloud computing, for all its benefits, offers a potential single-point-of-failure to cyber criminals Clouds hold large quantities of personal data in one place that can be stolen in one fell swoop if the provider should fall victim to a successful attack.
Plus, cybercriminals can use cloud services to host and spread malware – typically through stolen accounts. And when data stored in the cloud is accessed from a non-cloud device criminals get access to everything. The use of mobile devices just increases the risk. And Kaspersky points out that when the same device is used for both personal and business tasks, the risk increases still further.
6. Privacy threatened
The erosion of privacy has become a hotly-debated issue in IT security. While the Internet lets us bank, shop and socialize online, we routinely disclose information about ourselves, and companies around the world actively gather information about us. That puts both personal data at risk and raises bigger questions about the proper use of aggregated data companies use for promotional purposes.
The value of personal data to both cyber criminals and legitimate businesses will only grow in the future, and with it the potential threat to our privacy, Kaspersky notes.
7. Fake security certificates
We’re all predisposed to trust websites with a security certificate issued by a real Certificate Authority (CA), or an application with a valid digital certificate.
But cyber criminals have been able to issue fake certificates for their malware using so-called self-signed certificates, and they have also been able to successfully breach the systems of various CAs and use stolen certificates to sign their code. The use of fake, and stolen, certificates is set to continue in the future.
8. Ransomware spreading globally
In 2012 Kaspersky noted the growth of ransomware or Trojans designed to extort money from their victims, by either encrypting data on the disk or by blocking access to the system.
These attacks had been confined largely to Russia and other former Soviet countries until recently. Kaspersky says we’re likely to see their continued growth in the future.
9. Mac OS malware
Macs are not immune to malware. But while Mac-based malware remains a small threat, it has been growing steadily over the last two years.
Attacks on the Mac OS has been growing steadily over the last two years; and it would be naive of anyone using a Mac to imagine that they could not become the victim of cyber crime. It’s not only generalized attacks – such as the 700,000-strong Flashfake botnet – that pose a threat; we have also seen targeted attacks on specific groups, or individuals, known to use Macs. The threat to Macs is real and is likely keep growing.
10. Mobile malware
Kaspersky puts it this way: “Mobile malware has exploded in the last 18 months.” About 90 percent of it is targeted at Android-based devices. Cyber criminals like it because it’s widely used, easy to develop for, and those who use the system are able to download programs (including malicious programs) from wherever they choose. So expect the Android malware to keep on coming in 2013.
Kaspersky says that so far most malware has been designed to get access to the device, but in the future, we are more likely to see the use of vulnerabilities that target the operating system and the development of ‘drive-by downloads’. There is also a high probability that the first mass worm for Android will appear, capable of spreading itself via text messages and sending out links to itself at some online app store.
By contrast, iOS is a closed, restricted file system, allowing the download and use of apps from just a single source, the App Store. iOS remains at much lower risk.
11. Vulnerabilities and exploits
Expect cyber criminals to continue to install malware on victims’ computers by exploiting un-patched vulnerabilities in applications. Java vulnerabilities currently account for more than 50 percent of attacks, while Adobe Reader accounts for 25 percent.
Cyber criminals typically focus their attention on applications that are widely used and are likely to be un-patched for the longest time.