Cyber Security in 2013

2012 has been a momentous year for cyber security. From the rise of state-sponsored cyber espionage to the explosion of malware on the Android platform, and the naming of Anonymous as one of Time's 100 most influential people of the year, the past 12 months has seen cyber security become a mainstream media staple.

While all-out cyber war is yet to break out, the discovery of Flame and the way it was able to mimic Microsoft's root certificates in order to spread around an infected network, marked a new high-water mark in terms of technical proficiency for malware.

While Flame, Gauss and Stuxnet may have not impacted the general PC user, cyber criminals are continuing to evolve their techniques as they seek to stay one step ahead of security companies. Targeted spearphishing attacks and ransomware came to the fore during 2012 as cyber crime continued to be a highly lucrative industry.

While Anonymous may not have carried out as many high-profile attacks as they did in 2011 but it did make the news last March when one of the group's most influential members, Hector Xavier Mensegur (aka Sabu), was revealed to be an FBI informant, helping the US authorities identify and arrest Anonymous members around the globe.

Anonymous continues to grow its numbers in areas like South America, the Middle East and Asia while it uses its unique set of talents to help people it believes are suffering at the hands of an oppressor.

With all this in mind, we asked some of the foremost names in the cyber-security industry to look forward to the next 12 months, and predict what we can expect and what areas are most at risk:

Mikko Hypponen, Chief Research Officer at F-Secure

2012 saw the world sit up and take notice of high-profile attacks on nation states using cyber weapons such as Stuxnet, Flame and Gauss. Hypponen believes 2013 will show the use of these sophisticated weapons is even more widespread:

"It's clear from past leaks about Stuxnet, Flame, and Gauss that the cyber arms race is well underway. While we may not always be aware of nation-states' covert cyber operations, we can expect that governments are more and more involved in such activity. In 2013, we'll most likely see more leaks that definitively demonstrate this, and from countries who haven't previously been seen as a source of attacks. As the arms race heats up, the odds of leaks increase."

Jeff Hudson, CEO of Venafi

While Flame and Stuxnet may not have done any damage to consumer or enterprise PCs, targeting specific networks in specific countries, Hudson believes it is unwise not to take note of the methods used in these attacks, as they are likely to be replicated by common criminals:

"Many pundits, leading media outlets and even some security experts are reporting that enterprises needn't be overly concerned about Flame and Stuxnet-style malware attacks, citing the fact that they were executed by well-funded espionage intelligence groups whose target was hostile nation states and not businesses.

"However, our view is that companies should be concerned, as unfortunately the tools and techniques for executing these types of attacks are now in the hands of common criminals and rogue entities. In the coming year, these types of attacks are likely to increase especially against enterprise organisations, and are likely to result in significant and costly public breaches and unplanned outages. Therefore, companies should protect themselves against the likes of Flame and Stuxnet-style malware attacks."

Rik Ferguson, Director of Security Research & Communications at Trend Micro

Ferguson believes Stuxnet and Flame may not have represented the biggest threat of 2012, but they do show a "alarming" trend as we head into 2013:

 "There have certainly been some headline grabbing events this year, notably Flame, Gauss and their ilk. However, although each of these in isolation certainly couldn't be classified the biggest threat of 2012, the direction and momentum they represent is certainly alarming.

 "2012 will certainly go down as the year when we had proof positive that nations and governments are alive to the military possibilities afforded by digital covert operations and arguably they have already been used to breach the Geneva Conventions and International Humanitarian Law, that's a big deal, the implications of which I believe will only become clear with hindsight."

Sean Sullivan, Security Advisor at F-Secure

The Android operating system has solidified in a way that previous mobile operating systems haven't, extending from phones to tablets to TVs to specialised versions of tablets. The more ubiquitous it becomes, "the easier to build malware on top of it and the more opportunities for criminals to innovate businesswise," Sullivan says. He adds that mobile malware will become more commoditised, with cybercriminals building toolkits that can be purchased and used by other criminals without real hacking skills. In other words, malware as a service for Android.

And it's not just Android which is under threat. 2012 saw the emergence of the Flashback Trojan, which had infected up to 600,000 Apple computers, and 2013 could see the problem expand, according to Sullivan:

"The author of the Flashback Trojan is still at large and is rumoured to be working on something else. And while there have been smart security changes to the Mac OS, there's a segment of the Mac-using population who are basically oblivious to the threats facing Macs, making them vulnerable to a new malware outbreak."

Rohyt Belani, CEO of PhishMe

Belani believes 2013 will be the year when we will see the rise of mobile malware designed to take advantage of the Bring Your Own Device (BYOD) phenomenon we saw in 2012:

"If 2012 was the year of BYOD, 2013 will be the year of mobile malware designed to take advantage of it. We have seen a growth in consumer apps that violate privacy, for example by tracking your GPS data, but in 2013 we will see criminals targeting mobile device users, specifically with the intention of getting inside their corporate email system.

"For example, if a user receives an email (or SMS) that appears to be from a friend, suggesting that they check out a wonderful new app, then they can easily be tricked into clicking a link they shouldn't. Just that one click could install malware on the device, which accesses your corporate email account and sends out emails to your colleagues, perhaps directing them to another link to download more malware onto your corporate network. If users have devices that they use for both personal and corporate purposes, they must be security aware."

Brian Spector, CEO of Certivox

Spector believes 2013 will see a change in direction for cyber-criminals' focus, as more websites abandon the traditional username/password combination, having been shown this year to be vulnerable:

"I think we're going to see hackers shift their attention to authentication, as more and more websites abandon username and password because of known vulnerabilities. This will be a really interesting development, because it will expose the security weaknesses around certain types of 'lite" authentication - one-time SMS messages and the like, for example.

However, Spector believes 2013 won't see any slowdown in the number of attacks being carried out online:

"What we are definitely NOT going to see is any kind of slowdown in the amount of information being hacked online and then sold or traded on. This is still very much a growth industry, with recent figures from Experian showing huge increases - 200 percent - in the amount of data stolen in 2012 compared to two years earlier in 2010. In 2013, more than ever before, users are going to be looking for simple but effective ways of sending messages and files that are protected from prying eyes."

Amichai Shulman, CTO of Imperva

Shulman sees some black clouds on the horizon as cyber criminals look to harness the power of cloud computing to attack enterprises and individual websites:

"Cloud computing, and in particular, internet as a service, or IAAS, has become an important piece of modern commercial IT. Amazon EC2, for example, allows versatility and elasticity for organizations (big and small) allowing them to sustain a direct correlation between their business activity volume and IT costs. The same holds true for the hacking community.

"In 2013 we expect to see a growing use of IAAS by attackers for different activities. There are a number of aspects that make cloud computing an appealing offering for attackers, and especially those that are profit driven:

  •  Elasticity - the ability to quickly get hold of a lot of computing resources without too many prerequisites.
  •  Cost - the ability to closely tie up spending with specific attack campaign and the potential gain.
  •  Resilience - the use of commercial cloud computing platforms reduces the ability of defenders to black list attackers and adds much valued latency to the process of server takedown.

Cloud computing will also become a more attractive option for cyber criminals looking to carry out distributed denial of service (DDoS) attacks:

"For DDoS attacks, such cloud offerings become very compelling. Using a stolen credit card number to pay for the cloud service, an attacker can mount a large scale attack from the cloud. The attack can then be carried out for a long enough time period before a preventative action against the attacking servers can be taken."