YOU ARE AT:Wireless2013 Predictions: Mass market attacks become beachhead for targeted attacks

2013 Predictions: Mass market attacks become beachhead for targeted attacks

Editor’s Note: With 2013 now upon us, RCR Wireless News has gathered predictions from leading industry analysts and executives on what they expect to see in the new year.

If your organization has valuable data, assume someone is going to come after it in 2013 through mass market attacks that provide cover for targeted attacks.

Businesses today manage so many end points that at any given time tens to hundreds of them may be infected, typically with mass market malware. While not the ideal security situation, businesses nonetheless tend to tolerate this level of mass market malware infections. In 2013, this tolerance level will create a backdoor for covert targeted attacks.

The thriving underground economy connects cybercriminals that are running bots with motivated attackers that are willing to pay top dollar to use the system of infected computers. This allows cybercriminals that are targeting a specific company to rent out or buy outright infected machines within a target IP range. As the size of a company increases, the certainty that a cybercriminal can find an infected system to co-opt rises exponentially. In this way, what was an infection from a mass market attack can covertly become a targeted attack.

Facilitating this shift will be the addition of intelligence gathering tools to standard Trojans that actively explore a hard drive rather than wait for a user to go to financial site.

Mobile ‘mischiefware’ gives way to mobile malware

With more businesses allowing employees to access the corporate network from mobile devices, expect these devices to become high value targets in 2013. Today, the smartphone penetration game is characterized by “mischiefware,” such as sending texts or in-app purchases within rogue applications, that operates within the parameters of an app and does not break the phone’s security model. In 2013, expect to see malware that doesn’t show up as an app on the smartphone, but instead exploits the security of the device itself to identify valuable information and send it to a server. Hand-in-hand with this new mobile malware threat, expect to see the first mobile botnet that can forward SMS messages to command and control servers.

Malnets: If it isn’t broken, don’t fix it

In 2013, expect that most malware will come from large malnets that operate “malware as a business model.” These infrastructures are highly efficient at launching attacks and highly effective at infecting users. As a result, malnet operators have built a thriving business. Their continued success at infecting computers indicates that they don’t need a revolutionary breakthrough to continue making money, just on-going evolutionary adjustments.

In 2013, expect them to refine their models and invest in the business to develop more sophisticated, believable attacks. By hiring translators and copy editors, malnet operators will be able to better create phishing e-mails that mimic the real page of a financial institution, for instance. They can also invest in more believable web sites facades and more comprehensive exploit kits that will make their attacks more believable, increasing the likelihood of their success.

The big data model comes to threat intelligence

Expect the security industry to adapt the big data model to understand more about potential vulnerabilities at a network and user level. Security and networking solutions all generate logs – significant amounts of information that tell you about user behaviors, traffic on the network and more. Mining this data to find discernible patterns in risky behavior, threats and anomalies on the network as well as correlations between behavior and risk will allow the industry to build new defenses that can help users make safer default choices.

Sharing generation becomes more private

The wide availability of information exposed users to very personal targeted attacks that reference family members, pets and other personal information in an attempt to gain access to confidential information. This ready availability of user information also allows cybercriminals to waterhole users by more easily identifying the online places they visit and laying booby traps. As a result of this greater risk, in 2013, users that have operated from a share everything model will begin to limit how much and what information they share and who they share it with.

Securing the business in 2013

The threat landscape will continue to evolve as cybercriminals adjust and refocus their attacks. In particular, as mass market and targeted threats converge, it will be important for businesses to take a holistic view of their security. No longer should mass market and targeted attacks be viewed as separate threats. They have now become one and the same.

To protect their data and users, businesses should focus their defenses on visibility for all traffic, including web, non-web and even SSL. Each defensive solution logs traffic. Reviewing those logs on a regular basis to identify anomalies is crucial to stopping attacks. Businesses also need to understand who is supposed to be using data and how it is supposed to be accessed.

In response to the shifting threat landscape, businesses will need to adjust their security approach to ensure they are not the victims in 2013.

ABOUT AUTHOR