Dabbling in the dark arts

With another New Year comes a "new" flurry of predictions across all industries. I say "new" because if we do some homework, we can see that many of these so-called "predictions" are actually spun off of technology trends over the past decade.

But no matter, humans are creatures of habit and thus we will perpetually create shiny new trends and predictions for consumers each year like clockwork. My take on the whole thing, as you have most likely already deduced, is that these pieces are actually not at all innovative, nor are they helpful. Many of them attempt to persuade readers to purchase a product -- usually a vendor-specific one -- to help users avoid said "threats" in the coming year.

Despite all of this, I have pulled together the predictions that will most likely be pushed upon the end user market as "terrifying threats" in 2013 -- along with tips to battle each one with your own common sense.

Frequent unwelcomed guests

If you leave the front door to your house wide open, chances are someone is going to walk in. Well, the same goes for your hardware (and always has).

The top party crasher to look for in 2013 will continue to be mobile malware. One of the developing ways for distribution of this attack is through app stores. Due to vendor-exclusive control over each individual app store, not all of them can staff enough personnel to personally gut each application for the store's own security standards. This means that the free, five-star app in the Apple apps store may contain malicious coding in the Google Play store, and so on.

Want to avoid letting this guest into your device? Read the reviews, pay attention to ratings and don't store pertinent information on your device.

[Also read Bill Brenner's Stop them before they predict again!]

The second unwelcomed guest to keep an eye out for is social media distributed attacks. The Skype-targeted attack Dorkbot opened eyes to this threat in 2012, when accounts were hacked to distribute a link that lead to ransomware.

How can end users avoid this type of attack in 2013?! Simple -- stop clicking on spam-like links that your "friends" would not normally send out. Is the link from someone you barely know, or don't know at all? Great, you've touched on another tip -- stop following strangers on social networks just to boost your own numbers. One of them could be a cybercriminal in disguise, waiting for the right moment to wage war on your machine.

Modern ransom notes climb

It's not rocket science, people. The economy is doing poorly, no matter where you turn. Cybercriminals have found success issuing spam links that lock a user's system in exchange for ransom. Put two and two together, and you have it -ransomware. Criminals are always going to find a way to make money, especially during economic downturns.

Want to protect yourself? Easy! Stop clicking!

What's that buzzing sound?

Is anyone else out there sick of seeing terms like "Advanced Persistent Threat" (APT), "hacktivism" and "BYOD"? So am I, but you can guess there's another flurry of buzzwords just around the corner. Each year, a new "hot" buzzword gives everyone something to clamor about -- vendors and journalists alike.

Let's call it like it is, shall we? BYOD, we're sick of you and you've been around since Y2K. APT, you sound really techy and important, but *most* of today's mass cyberthreats are in fact advanced and persistent. Finally, hacktivism -- you were created to justify a means to an end for hackers.

Marketers beware: We are onto you!

Government plays ball

Remember "Operation Olympic Games", the birth of Stuxnet from the United States and Israeli governments? So do I -- it happened in 2010, and still today we're seeing "innovative" predictions about government-sponsored malware. Is it legal? Well, that's something I'm not inclined to make a statement about, but this is certainly something that we should not be surprised to see more of in 2013. Not to worry -- unless you are a nuclear plant in a targeted country, your machine is safe from these attacks.

Each year predictions are made, and warnings issued. Yet, we still find ourselves surprised when attacked and more unprepared than we thought we were. It's time to apply the same logic we do in the real world when interacting virtually. In 2013 I urge everyone to think before they click and if something doesn't appear to be legitimate it probably isn't.

Dominique Karg is co-founder and Chief Hacking Officer at AlienVault.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about AppleAPTBillGoogleSkype

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Dominique Karg

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place