by Matt Liebowitz
Spam will continue. Phishing will continue. Facebook scams will continue. These are just three of the countless tactics cybercriminals have always, and will always, employ to make a quick buck or get privileged access to a target’s computer.
But what trends are emerging that we don’t already know about? What kinds of cyberartillery will we have to defend against this year that we haven’t already seen?
In its 2012 Threat Predictions report, the security firm McAfee says cybercriminals are developing new weapons, and refining some old ones. Unfortunately, no matter how well the security world readies itself, it will always be one step behind the bad guys.
Hacktivists will organize
Cyberactivists — Anonymous, namely — have been incredibly active in recent years, launching coordinated denial-of-service attacks to bring down the websites of everyone from the Department of Justice and the FBI to the Westboro Baptist Church. But what if these “anonymous” collectives got stronger and more organized? And what if the online protestors teamed up with the people on the street? McAfee says that’s where hacktivism is heading in 2012.
“The ‘true’ Anonymous (that is, its historical wing) will reinvent themselves and their scene or die out,” McAfee wrote. “If the Anonymous circles of influences are unable to become organized — with clear calls for action and responsibility claims — all those labeling themselves as Anonymous will eventually run the risk of becoming marginalized.”
Taking a cue from the Occupy movements, the researchers believe online activists will better coordinate with physical demonstrators, and vice versa, leading to coordinated efforts online and on the streets.
“It is not hard to predict the evolution of the Occupy and other outraged groups to include more direct digital actions,” McAfee wrote. “As we posited in other predictions, the possibility of mating hacktivist goals with industrial controller or SCADA system availability is a very real possibility.”
McAfee researchers also said hacktivists will target high-ranking, public figures such as politicians and law enforcement officers more this year than in the past.
The rise and recognition of ‘cyberarmies’
Along with more organized online activists, McAfee believes so-called cyberarmies, networks of hackers that coalesce around religious or nationalist causes in countries such as Iran, Pakistan and China, will become more disruptive in 2012 and beyond.
Some of these hacking groups, the report said, will even engage in wars against one another, an outcome that could cause “unpredictable collateral damages (Palestinian versus Israeli, Indian versus Pakistani, North versus South Korean, etc).”
Cyberarmies, as opposed to hacktivists, often have the support of their governments. With this backing, it’s more than likely that they’ll not only continue to wreak havoc this year, but to act without the fear of being brought to justice.
The enemy within
The new year brings new software, new operating systems, and, of course, new threats. The highly anticipated release of Windows 8 this year will hopefully be a boon for the security world, but for all its touted advantages, it will force cybercriminals to adapt and evolve.
“With the upcoming release of Windows 8, Microsoft will include many new security features: secure password storage, secure boot functions, anti-malware defenses, and even enhanced reputation capabilities,” McAfee said. “Where will this new security architecture drive attackers? The answer is ‘down and out’: down into hardware and out of the operating system.”
Clever cybercrooks will devote more effort to using malware to attack computers’ BIOS (basic input/output system), which can cripple a computer and doesn’t require the attacker to interact with the operating system, no matter how secure it is.
Attackers, McAfee said, will also focus their efforts on exploiting embedded hardware, systems that “often reside within a complete device.” Traditionally used in the avionics, automotive and medical device industries, embedded hardware is finding its way into many consumer electronics, including GPS devices and routers, meaning cybercriminals are sure to follow.
“If attackers can insert code that alters the boot order or loading order of the operating system, they will gain greater control and can maintain long-term access to the system and its data,” the report says. “Controlling hardware is the promised land of sophisticated hackers.”