Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Security Newswire

McAfee Predicts Rapid Evolution of Cyberthreats in New Year

December 27, 2012

McAfee released its annual 2013 Threat Predictions report, highlighting the top threats McAfee Labs foresees for 2013. The McAfee Labs team analyzed data on malware, vulnerabilities and online threats in 2012 to predict which trends will increase in 2013. In the coming year, McAfee Labs expects that threats to mobile devices will become even more of a focus of cybercriminals, the influence of the hacktivist group “Anonymous” will decline, and large-scale attacks that attempt to destroy infrastructure will increase.

“Cybercriminals and hacktivists will strengthen and evolve the techniques and tools they use to assault our privacy, bank accounts, mobile devices, businesses, organizations and homes,” said Vincent Weafer, senior vice president of McAfee Labs. “Our 2013 Threat Predictions provides the general public, governments and businesses not only with the top risks in the year to come to be aware of, but also the preventative measures that should be taken to avoid those risks from occurring. Only by understanding and preparing for threats, can we empower people to secure their information.”

McAfee Labs foresees the following trends for 2013:

Rapid Evolution and Growth in Mobile Malware

In 2012 McAfee Labs saw the number of mobile threats increase dramatically as ransomware expanded into mobile devices. The development and deployment of increasingly sophisticated ransomware technologies that will “lock up” a phone or tablet, and threaten to keep it that way until a ransom is paid, will be a prominent trend in 2013. The harsh reality of these schemes is that users have no way of knowing if their device will be unlocked even if they do meet the perpetrator’s demands. Since attackers hijack the users’ ability to access data, victims will be faced with either losing their data or paying a ransom in the hope of regaining access.

A new mobile worm will go on a major shopping spree in 2013. The Android/Marketpay.A Trojan horse program buys apps without user permission. In 2013 cyber-crooks will take this malware’s app-buying payload and add it to a mobile worm so attackers won’t need victims to install a piece of malware. In addition, mobile phones with NFC-enabled “digital wallets” are an easy target for cyber-thieves. Attackers will create mobile worms with NFC capabilities to steal money via the “bump and infect” method, most commonly used in areas with dense populations like airports and malls.

Hacktivism - The decline of Anonymous

Due to many uncoordinated and unclear operations and false claims, the Anonymous hacktivist movement will slow down in 2013. Anonymous’ level of technical sophistication has stagnated and its tactics are better understood by its potential victims, and as such, the group’s level of success will decline. While hacktivist attacks won’t end in 2013, if ever, they are expected to decline in number and sophistication.

Nation states and armies will be more frequent actors and victims of cyberthreats. Patriot groups self-organized into cyberarmies have had little impact up until this point, but their actions will improve in sophistication and aggressiveness. In 2013, many more of the world’s military units will be on the front line of social networks communicating more frequently. State-related threats will increase and make the headlines while suspicions about government-sponsored attacks will grow.

Crimeware and Hacking as a Service Expand

Cybercriminals are notorious for going onto public forums to make business deals with other criminals in to offer not only software, but also hacking as a service. As the number of invitation-only criminal forums requiring registration fees is increasing to make forums more secure and anonymous, these offers will be easier to find on the Internet in 2013.

Citadel will become the Trojan of choice among cybercriminals- with the recent release of Citadel Rain, the Trojan can now dynamically retrieve configuration files, enabling a fraudster to send a targeted payload to a single victim or a selection of victims. Detection will become more difficult as the footprint on the endpoint is minimal until the attack actually occurs.

Big-Scale Attacks Increase

Recently, McAfee Labs has seen several attacks in which the only goal was to cause as much damage as possible- a behavior that is expected to grow exponentially in 2013. If attackers can install destructive malware on a large number of machines, the result can be devastating. To keep the business running, production networks and SCADA industrial control systems should remain completely separate from the normal network, to prevent it from getting hit in the first place.

For a full copy of the 2013 Threat Predictions report from McAfee Labs, with additional threats, visit: http://www.mcafee.com/us/resources/reports/rp-threat-predictions-2013.pdf

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.