Earlier this week, Sophos released the latest edition of its Security Threat Report, summing up the biggest threats seen during 2012, along with five trends that are likely to factor into IT security in the coming year.
Regarding the malware rides we experienced in 2012 and the thrills we can expect in 2013, there will be cross-over, for sure: Blackhole was huge in 2012, and it’s not going away, barring the law nailing the person/s running it, the report notes.
Between October 2011 and March 2012, out of all threats detected by SophosLabs, nearly 30% either came from Blackhole directly or were redirects to Blackhole kits from compromised legitimate sites, as Naked Security’s coverage of Blackhole exploits attests.
This adroit exploit kit rapidly mutates to thwart security efforts against it, while its software-as-a-service business model is, as the report notes, something for business school grads to drool over.
The professionalization of crimeware such as Blackhole marks a major shift as we head into the new year.
SophosLabs is seeing the ready availability of professionalized, commercialized testing platforms – some that offer money-back guarantees – as laying the foundation for future attacks that give criminals long-term, high-impact access to businesses’ data.
This professionalized, consistent poking at businesses’ defences will likely turn our attention to layered security and detection across the entire threat lifecycle in the coming year, the report says, as opposed to just focusing on the point of initial entry.
Here are five more trends that SophosLabs anticipates will shape the IT security landscape next year:
Basic web server mistakes. SQL injection attacks increased in 2012, with large volumes of user names and passwords getting hacked out of web servers and databases. Targets have been both big and small enterprises, motivated by both political and financial ends.
Some of the big ones:
- In May, the website for Wurm Online, a massively multiplayer online game, was shuttered due to an SQL injection while the site was being updated.
- In July, criminals stole 450,000 logins, stored in plain text by Yahoo Voices, using a “union-based SQL injection technique”.
Given the uptick in these credential-based extractions, the report says, “IT professionals will need to pay equal attention to protecting both their computers as well as their web server environment.”
More “irreversible” malware. Ransomware, which encrypts data and holds it for ransom, increased in 2012, and SophosLabs expects to see more in 2013.
The most recent high profile example was in November, when Hacked Go Daddy sites were infecting users.
Unfortunately, the damage can be impossible to repair, the report says:
"The availability of public key cryptography and clever command and control mechanisms has made it exceptionally hard, if not impossible, to reverse the damage."
In 2013, SophosLabs expects to see more such attacks, which should focus IT professionals’ attention on behavioral protection mechanisms, as well as system hardening and backup/restore procedures.
Attack toolkits with premium features. Cybercriminals are investing big in toolkits like the Blackhole exploit kit. That investment has resulted in features such as scriptable web services, APIs, malware quality assurance platforms, anti-forensics, slick reporting interfaces, and self-protection mechanisms.
In 2013, look for continued evolution as such kits pick up premium features that appear to make it a snap to access ever-more comprehensive, high-quality, malicious code.
Better exploit mitigation. On the plus side, as vulnerabilities increased in 2012 they’ve become harder to exploit, as operating systems modernized and hardened.
The report also credits ready availability of Data Execution Protection (DEP), address space layout randomization (ASLR), sandboxing, more restricted mobile platforms and new trusted boot mechanisms (among others) for making it tougher to exploit the growing number of vulnerabilities.
Cause for celebration? Well, the report says, we’ll probably see crooks just shift over to social engineering to get what they want, from wherever they can get it:
"While we're not expecting exploits to simply disappear, we could see this decrease in vulnerability exploits offset by a sharp rise in social engineering attacks across a wide array of platforms."
Integration, privacy and security challenges. Mobile devices and applications like social media became more integrated in 2012.
Combine that new coziness with new integrated technologies, such as near field communication (NFC) as well as increasingly clever uses of GPS to pinpoint us in real life, and what you get are new chances for cybercriminals to prey on our security and/or privacy.
It’s true for mobile devices, of course, but it doesn’t disappear for computing in general, the report says.
In 2013, watch for new attacks built on top of such technologies.
This is just a taste of what’s in the report. Download the full Sophos Security Threat Report – it’s free, and no registration is required – to learn more.
Beyond that, you can hear more about what 2013 will bring if you sign up for a web seminar about the report that will be held on Tuesday December 11th 2012, at 2pm ET / 11am PT.
SophosLabs expert Richard Wang will be at the web seminar, describing what the coming year might bring, as well as taking a look back over the last year and how attackers extended their reach to new platforms like cloud services and mobile devices, adopted malware toolkits to build smarter attacks, and targeted badly configured websites.
GPS and Assembler code images from Shutterstock.
8 comments on “What computer security threats can we expect to see in 2013?”
We've also heard a lot about the possibility of targeted attacks on US infrastructure, including the mildly alarmist NY Times article today by US Senators Lieberman and Collins (below). While certainly a possibility, what's the realistic likelihood of such an assault?
Very informative post with possible cyber trends to be aware of for 2013. It is also very important to educate electronic users about the trends and threats of a data breach. This type of attack has rapidly grown throughout 2012 and I don't think that it is going to go away anytime soon…..
Your security threat report is hard to read on my laptop. It has a font that is colored light blue. I have to strain my eyes so much to read it, that I give up. This has happend a couple of times now. I think you should use a darker font .
Its almost all just black font on white background, might be time for a new laptop
Have you heard of "a lovely bookmarklet?" It's great at instantly stripping out annoying color schemes on web pages. And, of course, I'm sure the powers that be at Sophos will take your feedback into account, so thanks for reporting on the color issue.
I think one of the things that can be expected is a Windows 8 virus taking control of icons and shortcuts of Metro – wouldn't surprise me if it's been done already.
We may be approaching this from totally the wrong direction.
Holistic fault finding suggests that the way to "kill" this "problem" would be to deprive them of their life force, ie their funding.
Point of interest: Top banks and banking groups in Europe, made a net profit (incl. full-year 2011 results) of €57.899Bn.
Now THAT is where the problem lies.
"Banking" makes extremely good money out of "rinsing" the funds from fraud, embezzlement, blackmail, tax fraud, insurance scams (including their own PPI scam) and all forms of Cybercrime.
If you start tracking the payments, to the funding, to the backers, via the banking system, almost all Cybercrime would disappear over-night.
But perhaps that is not in certain parties interests?
Say we totally reveal the contents of the entire "private" banking world?
Who knows what dirtly little secrets and surprisingly familiar names will slither out of the Banking Zombie corpse?
Just a thought!
Hell, yea. I'd read it!