Fortinet: Top 6 threat predictions for 2013

Network security firm Fortinet has revealed FortiGuard Labs' 2013 threat predictions, highlighting six threats to watch out for next year.

Fortinet's top six security predictions for 2013 are:

1. APTs target individuals through mobile platforms

Advanced persistent threats or APTs are defined by their ability to use sophisticated technology and multiple methods and vectors to reach specific targets to obtain sensitive or classified information. The most recent examples include Stuxnet, Flame and Gauss.

Fortinet predicts that in 2013, APTs will be targeted at the civilian population, which includes CEOs, celebrities and political figures. However, verifying this prediction will be difficult because after attackers get the information they're looking for, they can quietly remove the malware from a target device before the victim realises that an attack has even occurred.

What's more, individuals who do discover they have been victims of an APT will likely not report the attack to the media. Because these attacks will first affect individuals and not directly critical infrastructure, governments or public companies, some types of information being targeted will be different. Attackers will look for information they can leverage for criminal activities such as blackmail; threatening to leak information unless payment is received.

2. Two-factor authentication replaces single password sign on security model

The password-only security model is dead, said Fortinet. Here's why: Easily downloadable tools today can be used to crack a simple four- or five-character password in only a few minutes. Moreover, using new cloud-based password cracking tools, attackers can attempt 300 million different passwords in only 20 minutes at a cost of less than US$20. Criminals can now easily compromise even a strong alphanumeric password with special characters during a typical lunch hour. Stored credentials encrypted in databases (often breached through Web portals and SQL injection), along with wireless security (such as WPA2) will be popular cracking targets using such cloud services.

Next year, we are likely to see an increase in businesses implementing some form of two-factor authentication for their employees and customers, Fortinet's report says. This will consist of a Web-based login that will require a user password along with a secondary password that will either arrive through a user's mobile device or a standalone security token. While it is true the recently discovered botnet Zitmo cracked two-factor authentication on Android devices and RSA's SecurID security token (hacked in 2011), this type of one-two punch is still the most effective method for securing online activities.

3. Exploits to target machine-to-machine (M2M) communications

Machine-to-machine (M2M) communication refers to technologies that allow both wireless and wired systems to communicate with other devices of the same ability. It could be a refrigerator that communicates with a home server to notify a resident that it's time to buy milk and eggs, it could be an airport camera that takes a photo of a person's face and cross-references the image with a database of known terrorists, or it could be a medical device that regulates oxygen to an accident victim and then alerts hospital staff when that person's heart rate drops below a certain threshold.

While the practical technological possibilities of M2M are inspiring as it has the potential to remove human error from so many situations, there are still too many questions surrounding how to best secure it, says Fortinet's report. Next year will see the first instance of M2M hacking that has not been exploited historically, most likely in a platform related to national security such as a weapons development facility. According to the report, this will likely happen by poisoning information streams that transverse the M2M channel--making one machine mishandle the poisoned information, creating a vulnerability and thus allowing an attacker access at this vulnerable point.

4. Exploits circumvent the sandbox

Sandboxing is a practice often employed by security technology to separate running programs and applications so that malicious code cannot transfer from one process (i.e. a document reader) to another (i.e. the operating system). Several vendors including Adobe and Apple have taken this approach and more are likely to follow.

As this technology gets put in place, attackers are naturally going to try to circumvent it. FortiGuard Labs has already seen a few exploits that can break out of virtual machine (VM) and sandboxed environments, such as the Adobe Reader X vulnerability. The most recent sandboxing exploits have either remained in stealth mode (suggesting that the malware code is still currently under development and test) or have actively attempted to circumvent both technologies. Expect to see innovative exploit code that is designed to circumvent sandbox environments specifically used by security appliances and mobile devices, says the report.

5. Cross-platform botnets

In 2012, FortiGuard Labs analysed mobile botnets such as Zitmo and found they have many of the same features and functionality of traditional PC botnets. In 2013, the team predicts that thanks to this feature parity between platforms, we are likely to see new forms of Denial of Service (DoS) attacks that will leverage both PC and mobile devices simultaneously. For example, an infected mobile device and PC will share the same command and control (C&C) server and attack protocol, and act on command at the same time, thus enhancing a botnet empire. What would once be two separate botnets running on the PC and a mobile operating system such as Android will now become one monolithic botnet operating over multiple types of endpoints.

6. Mobile malware growth closes in on laptop and desktop PCs

Malware is being written today for both mobile devices and notebook/laptop PCs. Historically, however, the majority of development efforts have been directed at PCs simply for the fact that there are so many of them in circulation, and PCs have been around a much longer time.

For perspective, FortiGuard Labs researchers currently monitor approximately 50,000 mobile malware samples, as opposed to the millions they are monitoring for the PC. The researchers have already observed a significant increase in mobile malware volume and believe that this skewing is about to change even more dramatically starting next year. This is due to the fact that there are currently more mobile phones on the market than laptop or desktop PCs, and users are abandoning these traditional platforms in favor of newer, smaller tablet devices.

While FortiGuard Labs researchers believe it will still take several more years before the number of malware samples equals what they see on PCs, the team believes accelerated malware growth on mobile devices will happen because malware creators know that securing mobile devices today is currently more complicated than securing traditional PCs.

Join the CSO newsletter!

Error: Please check your email address.

Tags Fortinetsecurity

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by T.C. Seow

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place