Expected Trends Include Android Malware Migrating to Industrial Control Systems, Cybercriminals Battling it Out in the Deep Web and More Attacks Targeting Windows XP
1. Android Malware Expands to Industrial Control Systems and Internet of Things
As sales of mobile phones likely plateau in the coming years, Android developers are being tasked to find untapped markets for the Google operating system. A few of these emerging markets include tablets, portable game consoles,wearable devices, home automation equipment and industrial control systems (ICS/SCADA). Next year, we predict we’ll see the first instances of malware on these new device types, specifically around embedded ICS/SCADA systems. While we don’t believe we’ll see a “mobile-Stuxnet” in 2014, we think cybercriminals will be attracted to platforms that go beyond common SMS fraud. This includes new home automation devices that have control over our electrical consumption, the temperature of our fridges, etc. and feature software with remote login control panels to show/confirm who may be at home at a given time. This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.
2. Increase in attacks targeting Windows XP
Microsoft will end support for Windows XP on April 8, 2014. This means that newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks. According to NetMarketShare, as of September 2013, Windows XP is still used on 31.42% of PCs in the world. According to Gartner, by the time April 8 rolls around, it is estimated that more than 15% of mid- to large-sized enterprises will still have Windows XP running on at least 10 percent of their PCs. Next year, we predict hackers, already in possession of zero day exploits, will wait until the 8th in order to sell them to the highest bidder. Because of their expected high price tag, these zero days will likely be used to launch targeted attacks against high-value businesses and individuals rather than deployed by common cybercriminals in order to propagate mass infections.
3. More Botnets Will Migrate From Traditional Command and Control (CnC) Servers to Peer-to-Peer (P2P) Networks
Traditional botnets use client-server (CS) mode to communicate with a CnC server. When a server is detected and taken down, the whole network collapses, making it difficult for bot herders to re-ignite compromised machines. P2P mode takes the servers out of the equation. Each PC in a P2P network could play a server or client role, thus making the botnet harder to dismantle. Major botnets that have migrated to this new model include ZeroAccess, Kelihos, Bublik and Zeus v3. Next year we predict that number to rise significantly.
4. Biometrics for authentication will increase
This year Apple made a bold move when it announced its new iPhone 5s would integrate fingerprint authentication into the device. Never mind that it was hacked a few days after the phone shipped. It got people talking about the importance of two-factor authentication in a world where the single factor password login is growing increasingly archaic. As a result of this renewed interest, we predict next year we’ll see additional mobile companies including a second factor of authentication into their devices. We’ll also see an increase in additional forms of authentication, such as tattoos and pills, iris scanning and facial recognition.
About FortiGuard Labs
FortiGuard Labs compiled threat statistics and trends for this threat period based on data collected from FortiGate® network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place.
FortiGuard Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers. FortiGuard Services are updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and zero-day protection from new and emerging threats. For customers with a subscription to FortiGuard, these updates are delivered to all FortiGate,FortiMail™ and FortiClient™ products.
Last year’s threat predictions can be found here. Ongoing research can be found in the FortiGuard Center or via FortiGuard Labs‘ RSS feed. Additional discussion on security technologies and threat analysis can be found at the FortiGuard Blog.