Number one on Kaspersky’s list is the rise of hacktivism, with Anonymous, LulzSec and TeaMp0isoN becoming security household names. The HBGary Federal hack by Anonymous is high on its list of events. Other ‘events’ include the Comodo and DigiNotar incidents (leading to the production of fraudulent digital certificates); the Sony Playstation hack where, says the report, “Three days later, reports appeared that seemed to indicate that 2.2 million credit card numbers were being offered for sale on hacker forums;” and the CarrierIQ incident. This last incident, notes Kaspersky, “shows that we are totally unaware of what exactly is running on our mobile devices, or the level of control which the mobile operator has over your hardware.”
The evolution of the advanced persistent threat is noted, with “incidents such as operations Night Dragon, Lurid and Shady Rat.” Although, says Kaspersky, security people don’t like the term ‘APT’, the “attacks confirm the emergence of powerful nation-state actors and the establishment of cyber-espionage as common practice.” Duqu gets a special mention: “This Trojan is actually a sophisticated attack toolkit, which can be used to breach a system and then systematically siphon information out of it.”
Other events or processes noted by Kaspersky include the ‘fightback’, noting that the “ZeuS gang arrests, the DNSChanger gang takedown, and the Rustock, Coreflood and Kelihos/Hilux botnet takedowns were just a few examples.” But the fightback also illustrates “the vast limitations of today’s legal system when it comes to fighting cybercrime in an effective manner.”
And, of course, the rise of Android malware and the emergence of Mac malware.
From these events of last year, Kaspersky makes a number of forecasts for the next. While avoiding the specific words ‘cyberwar’ and ‘cyberwarfare’, this is nevertheless what Kaspersky describes. “It is safe to say,” it notes, “that the main cyber conflicts in 2012 will revolve around traditional confrontations: the US and Israel versus Iran, and the US and Western Europe versus China.”
Kaspersky also believes that the range of companies attacked and the geographic distribution of attacks will both expand. “In 2012 companies in the natural resource extraction, energy, transport, food and pharmaceutical industries will be affected, as well as Internet services and information security companies.” And the geographic range will spread “beyond Western Europe and the US to affect countries in Eastern Europe, the Middle East and South-East Asia.”
In summary, Kaspersky predicts that new attack vectors will emerge; more malware will be uploaded to mobile app stores (especially for Android); mobile drive-by attacks will appear; online banking will be increasingly attacked (“South-East Asia, China and East Africa are particularly at risk”); and hacktivism will both continue, and begin to be used by ‘traditional’ criminals to disguise their own motives.