In-Depth
Top 3 Trends for Cybersecurity in 2013
As cyber criminals get smarter and mobile malware continues to proliferate along with fraudulent devices, how can security teams effectively prepare for the sophisticated threats ahead?
By Sean Bodmer
What should IT security professionals be watching out for this year? Here are the top three trends they should be paying attention to.
2013 Trend #1: A new emphasis on catching criminals
In 2012, Microsoft inadvertently informed the primary authors and operators of the Zeus and SpyEye crimeware platforms of an upcoming civil lawsuit. A subpoena of the defendants’ Gmail accounts prompted Google to notify the suspects about the lawsuit being issued on behalf of Microsoft and potentially law enforcement. This disclosure, ironically a result of Google’s privacy policy, included the level of attribution that had been collected over years by a working group and independent security researcher. A few months prior, the Koobface gang was outed, prompting criminals throughout the world to begin evaluating their operational security and asking themselves questions about the footprint of their digital identities. In doing so, they began to get smarter -- and harder to isolate.
In 2013, we foresee this trend continuing: international law enforcement agencies and world governments peel apart the Internet in attempts to identify criminals, including digital hacktivists, such as the Anonymous group. For example, if just a fraction of the sum of Anonymous members can be identified and tied to some of the more prevalent threats to e-commerce from 2012, it will only be a matter of time until it becomes easier to attribute specific illegal online activities to these criminals.
However, this will undoubtedly spur more services such as DoItQuick, which offer methods for criminals to expedite their campaigns. We can expect more sites such as CheapWindowsKeys to pop up as repositories for criminals to off-load stolen keys from the victims of their campaigns. Criminals will go to great lengths to ensure survivability of their criminal infrastructures, and the first step in their illegal enterprise is operational security to protect their true identities. Their goal is to withdraw into the depths of the Internet to become nothing more than a random IP or fully qualified domain name (FQDN).
The new challenges ahead will be to catch these criminals before they disappear and to stop them while they’re still on the host. It may also provide a fresh look at how we examine what is being taken and why. A deeper understanding of the threats that enter the enterprise could replace mere acceptance of bigger walls to guard over the network. There are actions enterprise leaders can take to maintain an in-depth unfettered purview of access into the criminal’s or crimeware’s actions in-progress. Before the who has the time to encrypt your information and make it vanish without a trace, you might even understand why.
2013 Trend #2: A new pestilence -- mobile malware -- will emerge
Over the past decade, mobile digital devices have grown to occupy much of our time and minds. Now a wave of new smartphones, tablets, and e-book devices are staking their own claim of mindshare and creating an optimal environment for cross-platform malware to take root in our collective lives. The growing strength of this new breed of malware will expose new sources of revenue to online criminals. These devices are running almost all of the same social and Web-based content that desktop devices have used for years. These newer, sleeker systems will only add to the onslaught of new vulnerabilities to these recently ported platforms. There will be crimeware threats for practically every mobile device or tablet OS platform and ported application.
In 2013, we’ll see even greater mobile malware development than we saw in 2012, thanks in part to the ever-growing financial opportunity represented by so many newly crafted accounts. Crimeware will continue to penetrate deeper into our lives due to a strengthening of the underground economy -- propelled in part by these new devices that have become the arm candy of executives and soccer moms around the world.
2013 Trend #3: IT will need to test anything plugging into the network
There has been no shortage of stories related to fake or infected-out-of-the-box digital equipment from around the world in 2012 due to the proliferation of popular mobile devices in the legitimate marketplace. Fraudulent devices and systems have plagued vendors and industry alike for more than a decade. However, the size of the epidemic is rapidly approaching critical mass. What does this mean for 2013?
There will be a growing need to test everything and anything that gets plugged into your network. In the coming year, there will be more rogue equipment roaming the wild than ever -- and more than a few of the campaigns associated with this fake or infected equipment will be highly targeted in nature. This will lead to a rapid spike in demand to test and to support forensic investigations to detect and analyze back-door devices. Such testing is possible for most small-to-midsize businesses but more cost prohibitive for larger organizations, where boundary-networking devices are harder or impossible to detect. As innovative companies such as Apple and Samsung continue to put new technology within consumer reach, they will also be putting more money than ever within the reach of online criminals.
Sean Bodmer is a security author and authority on the frontlines of cybersecurity. He brings a unique background and industry perspective to advanced threat detection and analysis to CounterTack, where he serves as chief researcher of counter-exploitation intelligence. You can contact the author at sbodmer@countertack.com.