1. APTs Target Individuals through Mobile Platforms
2. Two Factor Authentication Replaces Single Password Sign on Security Model
3. Exploits to Target Machine-to-Machine (M2M) Communications
4. Exploits Circumvent the Sandbox
5. Cross Platform Botnets Mobile Malware Growth Closes in on Laptop and Desktop PCs
1. Targeted attacks and cyber-espionage
2. The onward march of ‘hacktivism’
3. Nation-state-sponsored cyber-attacks
4. The use of legal surveillance tools
5. Cloudy with a chance of malware
6. Dude, where’s my privacy?!
7. Who do you trust?
8. Cyber extortion
9. Mac OS malware
10. Mobile malware
11. Vulnerabilities and exploits
1. Targeted attacks
2. Signed malware
3. Big business at risk
4. Non-Windows attacks
5. Ransomware
6. Impact of changing regulations
7. Need for incident response
8. Security Process Automation
9. Connected devices
10. Bring Your Own Application (BYOA)
1. Basic web server mistakes
2. More “irreversible” malware
3. Attack toolkits with premium features
4. Better exploit mitigation
5. Integration, privacy and security challenges
1. Cyber conflict becomes the norm
2. Ransomware is the new scareware
3. Madware adds to the insanity
4. Monetization of social networks introduces new dangers
5. As users shift to mobile and cloud, so will attackers
1. The volume of malicious and high-risk Android apps will hit 1 million in 2013
2. Windows 8 offers improved security—but only to consumers
3. Cybercriminals will heavily abuse legitimate cloud services
4. As digital technology plays a larger role in our lives, security threats will appear in unexpected places
5. Consumers will use multiple computing platforms and devices. Securing these will be complex and difficult
6. Politically motivated electronic-based attacks will become more destructive
7. Cloud storage or not, data breaches will remain a threat in 2013
8. Efforts to address global cybercrime will take two or more years to reach full implementation
9. Conventional malware threats will only gradually evolve, with few, if any, new threats. Attacks will become more sophisticated in terms of deployment
10. Africa will become a new safe harbor for cybercriminals
1. CROSS-PLATFORM THREATS: Mobile devices will be the new target for cross-platform threats
2. MALWARE IN APP STORES: Legitimate mobile app stores will host more malware in 2013
3. GOVERNMENT-SPONSORED ATTACKS: Government-sponsored attacks will increase as new players enter
4. BYPASS OF SANDBOX DETECTION: Cybercriminals will use bypass methods to avoid traditional sandbox detection
5. NEXT LEVEL HACKTIVISTS: Expect hacktivists to move to the next level as simplistic opportunities dwindle
6. MALICIOUS EMAILS: Malicious emails are making a comeback
7. CMS ATTACKS: Cybercriminals will follow the crowds to legitimate content management systems and web platforms
1. Malware Enters the Matrix through a Virtual Door
2. It’s Your Browser - Not Your System - that Malware Is After
3. Strike Back Gets a Lot of Lip Service, but Does Little Good
4. We’ll Pay for Our Lack of IPv6 Expertise
5. Android Pick Pockets Try to Empty Mobile Wallets
6. An Exploit Sold on the “Vulnerability Market” Becomes the Next APT
7. Important Cyber Security-related Legislation Becomes Law
8. A Cyber Attack Results in a Human Death
1. Criminals will benefit from unintended consequences of espionage
2. Attackers will increasingly use apps, movies and music to install malware
3. Drive-by attacks and cross-site scripting attacks will be attacker favorites
4. Software updating gets easier and exploiting vulnerabilities gets harder
5. Rootkits will evolve in 2013
1. Targeted Attacks Grow More Damaging and Complex
2. Illicit Social Media Scams Escalate
3. Mobile Malware Menaces Users and Organizations
4. Third-Party Software Exploits Gain Traction
5. Exploit Kits and Malware Reuse Proliferate
1. Government Malware Goes Commercial
2. Black Clouds on the Horizon
3. APT Targets the Little Guy
4. Security in Numbers
5. Hacktivism Gets Process Driven
1. Authentication related failures [stolen/weak passwords]
2. Web application exploits
3. Social engineering attacks
4. Targeted espionage & hactivism attacks
5. Lost or stolen devices are the primary mobile threat
1. Mild – Mobile device management application providers will see consolidation
2. Mild – Traditional security tool vendors will get on the “big data” bus and figure out how to leverage the large amounts of security data being collected
3. Medium – Organizations will begin spending more money on detective security controls and less on preventive security controls
4. Medium – Increased scrutiny of mobile application providers use of private information
5. Medium – Embedded devices (thermostats, security systems, garage door openers, etc) become a significant target for attackers
6. Bold – Microsoft gets into the bug bounty game
7. Bold – Privatized malware specifically tuned to target an attacker’s victim
1. The hackers will likely get even more sophisticated
2. Our attack surfaces will continue to expand and any remaining semblance of a perimeter will continue to wither away
3. These changes will occur whether security teams are ready or not
4. And, national governments will continue to diddle or, should I say, fiddle (while Rome burns), failing to legislate on rules of evidence, information sharing and the reforming of privacy laws
5. It is highly likely that a rogue nation state, hacktivists or even terrorists will move beyond intrusion and espionage to attempt meaningful disruption and, eventually, even destruction of critical infrastructure
6. Responsible people in organizations from all verticals, industries and governments will move to that newer intelligence-based security model and pressure governments to act on our collective behalf
7. I also predict a significant uptake in investment for cloud-oriented security services to mitigate the effects of that serious shortage in cyber security skills
8. Big Data analytics will be used to enable an intelligence-based security model
1. State-sponsored espionage and sabotage of computer networks
2. Monster DDoS attacks
3. The loss of visibility and control created by IT consumerization and the cloud
4. The password debacle
5. Insider threats
1. The end of the Internet as we know it? (The ITU is working on a new regulations treaty for the Internet)
2. Leaks will reveal more government-sponsored espionage tools
3. Commoditization of mobile malware will increase
4. Another malware outbreak will hit Macs
5. Smart TVs will become a hacker target
6. Mobile spy software will go mainstream
7. Free tablets will be offered to prime content customers
1. Business/Information Risk Protection is not Just a Technology Issue: Spending on new technology alone is not enough to protect a firm’s information and business
2. Data Disruption Attacks May Become Data Destruction Attacks: The potential of threat actors actually destroying data is a major concern among risk and security professionals
3. Nation States and Threat Actors Are Becoming More Sophisticated: We now have to face more sophisticated threat actors such as smaller nation states and terrorist elements obtaining similar capabilities
4. Legislation Could Push Industry Standards Around Cyber Risks: Banks already share information, but they will need to do more in light of possible legislation to set standards for cyber protection
5. Predictive Threat Intelligence Analytics Will Create a More Effective Risk Management Capability: Financial services firms must begin to employ a more predictive threat intelligence capability to determine who might be trying to attack them and how
6. Vendor Risk Management Is Becoming an Increasingly Important Concern Among Firms: Most firms buy much of their information technology and services from suppliers
7. Cyber Risk Continues to be a Board-Level Issue: Information, legal documents, communications with clients and employees are all becoming more and more electronic every day to include an even greater usage of mobile technologies and social media
8. Firms Must Continue to Embrace and Adapt to the New “Boundless Network”: Cloud, social and mobile technologies, including “Bring Your Own Device” (BYOD), are simply too cost efficient and effective for institutions to ignore them
9. Identity and Access Management Is Becoming a Key Security Control Area: The days of focusing solely on perimeter defense have long since past
10. The Financial Services Industry Will Rely More Heavily on Cyber Benchmarking: The FS industry is investing more and more in protecting its information assets and wisely spending these scarce dollars is becoming increasing important, not only from an effectiveness standpoint, but to also be able to articulate to business leaders, the value of such an investment
1. Information Manipulation
2. Insecurity of the Supply Chain
3. Mobile Security Reanalyzed
4. Cloud Security Enters Its Teenage Years
'IT 와 Social 이야기 > Security' 카테고리의 다른 글
| 보안 취약점 관리 사이클 Vulnerability Management Life Cycle Diagrams (0) | 2012.12.31 |
|---|---|
| [US-CERT] 12월 17일까지 공개된 보안 취약점 요약 Vulnerability Symmary (0) | 2012.12.30 |
| 보안 전문업체가 바라보는 2013년 보안 전망 Browsing Security Predictions for 2013 (0) | 2012.12.27 |
| [한국DB진흥원] 2013년 데이터베이스 무상 보안 테스팅 및 컨설팅 지원 사업 안내 (0) | 2012.12.06 |
| [Application Security] Protecting Against the Top 10 Database Vulnerabilities (0) | 2012.11.28 |
