Rather than looking back over the past year, organizations and individuals need to start assessing cyber security threats that lie ahead in the New Year. While there is always the chance for a new threat or risk to be unearthed this year, often the risks of the New Year are predicable from the trends of attacks from the previous year. However, other factors need to be considered as well, including new technologies, new software and applications, mobility, etc. Here are my predictions of the areas to watch for new security threats. When it comes to cyber security, we have a lot to look out for, take precautions against and be paranoid about.
The start of a new year is always a popular time to assess one's life and resolve to make changes. However, I would also like to start a trend for both organizations and individuals of assessing the threats that lie ahead in the new year. While there is always the chance for a new threat or risk to be unearthed this year, as has occurred numerous times, often the risks of the New Year are predicable from the trends of attacks from the previous year. However, other factors need to be considered as well, including new technologies, new software and applications, mobility, etc. Here are my predictions of the areas to watch for new security threats.
1. Attacks Against New Platforms
In 2012, we witnessed the release of several new platforms or operating systems including Windows 8, Windows RT, Windows Phone 8, Android 4+, Mac OS X Mountain Lion, and iOS 6. In fact, there were hundreds of updates to a wide number of platforms ranging from set-top boxes to wireless access points, Internet appliances, smart cars, vending machines, thermostats, point-of-sales devices, GPS systems, smart homes. Unfortunately, new does not always mean more secure. All too often, security is the least important element of a new product release (or revision) and thus code is rarely subjected to sufficient scrutiny to weed out even a moderate level of flaws, mistakes, errors, and oversights.
Hackers, both white hat and black hat varieties, can run automated tools, known as fuzzy scanners, to potentially uncover the dark secrets that lurk within new (and old) code. Fuzzy testing subjects a target to a barrage of input constructions in an attempt to discover a specific input set that triggers an abnormal response. If such an input set is discovered, it often reveals coding issues than can be exploited for malicious purposes. A skilled programmer can often craft new exploit code in a matter of hours once a new flaw is revealed.
New software, new operating systems, new applications, and even new updates to all of these can introduce new flaws that are just waiting to be discovered. If discovered by a security professional, then these flaws are often addressed during subsequent patch releases. If discovered by a malicious hacker, a new zero day attack is born, potentially to be used for months or years before becoming widely known. New products are very attractive for their new feature sets and capabilities, but I would not be so quick to rush to a new product due to the potential security risks.
2. Retrofitting of Previous Malware
The next area that I predict with grow significantly in 2013 is that of attacks that are copycats, retrofits, or re-engineering of exploits uncovered in the last few years. Some examples of serious concern are stuxnut, skywiper/flamer, dnschanger, conficker, flashback, citadel, and scrinject.b. These malware examples from 2011 and 2012, along with dozens of others that did not make the headlines, demonstrated new capabilities, infection vectors, camouflage technique, and coding practices for malware authors/designers. We have already seen attempts to create new malware based on stuxnet. In fact, stuxnet itself is a redesigned version of skywiper/ flamer.
When a malicious hacker seeks to craft new malware exploits, they often borrow from other known sources (malware they are already aware of or have prior experience with). The maker ethos is not just limited to 3-D printing and etsy crafts, as even malicious hackers often reuse, revise, and recycle existing malware that exhibits features or capabilities they wish to steal. Beware of the descendants of previous year's malware parents.
Related to reuse malware is a growing threat known as ransomware. Ransomware is malicious code that often encrypts drive contents of a victim's computer; then extorts money for the release of the hostage data. The number of ransomware attacks more than tripled in 2012, according to McAfee. There are also a growing number of ransomware construction kits that allow non-programming hackers to craft new ransom extortion attack tools.
4. Hackers for Hire
Hackers for hire, or hacking as a service, is sure to rise in 2013. A not-so-underground black market for attack tools, exploit code, and hacking skills has flourished in recent years. Products and services ranging from stolen credit card numbers, fake identities, zero-day exploits, mercenary hacking skills are up for sale. And often at prices that are either surprisingly low or high. Stolen credit cards and identities are often worth only a few bucks while undisclosed zero-day attacks against popular operating systems and applications can draw hundreds of thousands of dollars. As the skills and products of hacking continue to draw attention and money, more and more hackers with advanced skills will take on hit-man-like contracts to either focus or attack on a particular organization or a specific product.