2013: Mobile exploit kits, Apple App Store malware, cyberwar top the threatscape

“The past year illustrated how quickly the threat landscape continues to evolve, with attacks and exploits redefining the concepts of crime, business espionage and warfare,” said Charles Renert, vice president of Websense Security Labs. “The risk to organizations continues to be amplified by the frailty of human curiosity. It’s now expanding across diverse mobile platforms, evolving content management systems and an ever-increasing population of online users.”

Leading the firm’s predictions is an expectation that cross-platform threats will now involve mobile devices. “The coming year will bring exploit kits for mobile devices,” Websense noted. “When a smartphone visits a website, the malware will be able to identify the operating system and device (Android, iOS and Windows 8) and deliver specific malware to the smartphone or tablet.”

The top three mobile platforms cybercriminals will target the most are Windows 8, Android and iOS, with threats to Microsoft mobile devices seeing the highest rate of growth, it predicts.

“Cybercriminals are similar to legitimate application developers in that they focus on the most profitable platforms,” Websense said. “As development barriers are removed, mobile threats will be able to leverage a huge library of shared code. Attacks will also continue to increasingly use social engineering lures to capture user credentials on mobile devices.”

2013 will also see the rise of legitimate mobile apps stores hosting more malware as malicious apps will increasingly slip through validation processes. Websense predicts that hackers may even take on Apple’s rigid vetting process for applications, and that code writers will get savvy enough to evade Apple’s detection.

“And, we may even see an increase of good applications behaving badly, by collecting large amounts of data (that the user has approved),” it added. “This data will either be hacked from the developer’s systems or transmitted directly to cybercriminals to distribute malicious wares on a mass scale.”

This all will continue to pose risks to organizations enabling bring your own device (BYOD) policies. In addition, jail-broken/rooted devices and non-sanctioned app stores will pose significant risk to enterprises as more allow BYOD.

Another new threat will be the efforts of hackers to work their way around virtual environments and sandboxes. More organizations are utilizing virtual machine defenses to test for malware and threats. As a result, attackers are taking new steps to avoid detection by recognizing virtual machine environments. Some potential methods will attempt to identify a security sandbox, just as past attacks targeted specific AV engines and turned them off.

Threats will evolve to more frequently and more readily tell if they are in a sandbox environment, so they can hide until someone lets them into the network. Examples of this are already being seen, most notably Trojan Upclicker, which ties itself to mouse strokes to avoid detection and is deployed when a user left-clicks.

In terms of ongoing threats, Websense suspects that government-sponsored attacks will increase. “We will see new and smaller government cyber-warfare players, and a shift from military and national security objectives to economic, business and local civic targets,” it noted.

In the wake of several publicized cyber-warfare events, there are a number of contributing factors that will drive more countries toward these strategies and tactics. While the effort to become another nuclear superpower may be insurmountable, almost any country can draft the talent and resources to craft cyber-weapons. Countries and individual cybercriminals all have access to the blueprints for previous state-sponsored attacks like Stuxnet, Flame and Shamoon.

Meanwhile, there is no doubt hacktivists gained confidence and momentum in 2012. Driven by highly publicized hacktivist events in recent years, organizations have deployed increasingly better detection and prevention policies, solutions and strategies. Hacktivists will move to the next level by increasing their sophistication.

Also in 2012, vulnerabilities in Wordpress and other platforms have frequently been exploited with mass compromises. As other content management systems (CMS) and service platforms increase in popularity, the bad guys will routinely test the integrity of these systems in 2013. Attacks will continue to exploit legitimate web platforms, requiring CMS administrators to pay greater attention to updates, patches and other security measures. Cybercriminals compromise these platforms to host their malware, infect users and invade organizations to steal data.

And finally, Websense suspects that timed and targeted spear-phishing email attacks, along with an increase in malicious email attachments, are providing new opportunities for cybercrime. “Malicious email will make a comeback,” it said. “Domain generation algorithms will also bypass current security to increase the effectiveness of targeted attacks.”

All of this will drive businesses to up their game when it comes to prevention measures. “2013 will absolutely reinforce the fact that traditional security measures are no longer effective in thwarting advanced cyber-attacks,” said Renert. “Organizations and security providers need to evolve toward more proactive real-time defenses that stop advanced threats and data theft.”

What’s hot on Infosecurity Magazine?