New year, new fear
Will this be a year of renewed focus on what has previously been one of the juiciest segments for resellers?
IT security vendors are predicting an unpleasant new year - even for a time when the cybercrime wave has risen annually for more years than many resellers care to remember.
Kevin Haley, director of security response at Symantec, says organisations will have to watch out for more targeted attacks that are simply nasty. For example, instead of stealing information, they aim to destroy systems, perhaps by wiping out the hard drive.
"We first saw it with Shamoon and most recently with Batchwiper," Haley wrote in a January blog. "It can be argued that this is nothing more than cyber-sabotage - and that Stuxnet started it. But Stuxnet had a very specific goal in mind."
Symantec's top threats for this year also include cyber-espionage, mobile adware, and an increase in risk and temptation as social networks increasingly monetise their offerings. Then there's ransomware, which intimidates and threatens users, and Symantec believes it is already being used by at least 16 organised gangs.
Other scams such as fake antivirus and variations on the classic Nigerian 419 "letter" scam also appear to be on the increase.
"They pretend to know who you are by guessing your location based on your IP address. They try to intimidate you by turning on your webcam, pretending to be recording you. You are accused of having child pornography on your computer," opined Haley.
EMC's RSA Security division notes that taking account of the risks posed by industry metamorphosis towards big data analytics, as well as social media, mobility, and cloud, will be key to effective security strategies this year. Organisations - with the channel's help - will need to boost their skills and develop strategies that will take in the supply chain as well as court middle management. This will mean more focus on the need for continuous monitoring and multi-year plans that take big data risk into account.
Eddie Schwartz, chief information security officer at RSA, says the industry must finally move away from reliance on reactive perimeter and signature-based approaches. Instead, the most important business assets must be prioritised and protected, whether they are on the mobile device, in the datacentre or in the cloud.
"To succeed, security leaders must invest in intelligence-driven strategies that harness the power of big data analytics and agile decision support," Schwartz says.
Blogger Paolo Passeri, who writes commentary on IT security issues for his Hackmageddon website, has analysed the 2013 predictions of seven leading vendors - Fortinet, Kaspersky, McAfee, Sophos, Symantec, Trend Micro and Websense - to draw conclusions about the likely direction of the market in the coming year.
He discovered that most, if not all, vendors in the space are going through "deep transformation" to focus more broadly as the market evolves, and they are emphasising the mobile security opportunity this year, particularly when it comes to the rise of smartphone malware - generally Google Android related, although Apple's iOS is far from immune.
Passeri found that politically motivated attacks - excluding hacktivism, which he defined differently - and ransomware would be the number two and number three antagonists for organisations grappling with an ever-evolving and increasingly diverse threat landscape this year. Cross-platform malware and cybercrime that specifically targets cloud-based infrastructure took the fourth and fifth spots in his vendor prediction sample.
Global mobile threat
The mobile phone malware threat is very real and not just more fear, uncertainty and doubt, according to Kaspersky Lab. It found last year that the number of malicious apps targeting Android nearly trebled in Q2 of 2012 alone. That represents 14,900 new pieces of malware, according to the Russian vendor.
Eighteen per cent of those found could turn smartphones into zombie devices as part of a botnet attack. Two per cent were spy programs that hunt out and steal valuable data. Forty-nine per cent were multifunctional - capable of stealing personal data from smartphones as well as able to download additional modules from external servers without authorisation.
Twenty-five per cent were SMS trojans that steal money by sending texts to premium-rate numbers (see chart, p14).
"A couple of years ago, these programmes could be found only in the countries of the former USSR, South-East Asia and China. Today, they are spreading around the world: in Q2 2012, Kaspersky Lab protected users in 47 countries against SMS threats," it wrote.
Trend Micro would appear to agree: its security predictions for 2013 leaned heavily on the increasing threats posed to business by the so-called digital lifestyle and cloud computing, with the most serious threat expected to be "malicious and high-risk Android apps".
Trend says 350,000 malicious Android apps were discovered by the end of 2012, and the number is tipped to reach one million this year. Threats could appear in unexpected places, furthermore, as more devices go digital and are connected to the internet.
Raimund Genes, chief technology officer at Trend Micro, said people will have a harder time managing device security from now on. "Different platforms, OSes and security models will make it more difficult to protect ourselves," he says. "The good news is that the timing is perfect for security defenders to set new standards and deliver new solutions that will have a disturbing impact on the underground economy."
Security evolution
Eset also released a full forecast - and once again, it stresses the need to pay more attention to the mobile malware threat. Cloud storage will be increasingly at risk, as more users turn to mobile devices to store, for example, photos and other rich media.
For this vendor, this particular tune has been played for far longer than a year - and, yes, we've heard it all before, much longer ago than that - but now things really are becoming more serious, it suggests. And the number of users who become comfortable with the idea of using their mobile phone to access banking applications in 2013 may increase to 530 million - up from 300 million in 2011.
"It [2013] will definitely see major growth of mobile malware and its variants, increased malware propagation via websites, continuing rise of botnets and attacks on the cloud resulting in information leaks," the vendor writes. "During 2012 it was possible to observe how malicious programs designed for Android consolidated their position as a fundamental objective for cybercriminals."
What of Sophos? Mid-December saw the UK security specialist release a post-mortem analysis of 2012. Sophos says 80 per cent of attacks in 2012 were redirects from legitimate websites, marking renewed popularity for a more "traditional" form of attack. Twenty-seven per cent of all cyber-crime found last year was linked to the Blackhole exploit kit.
"Legitimate websites continue to be a popular target for cybercriminals, as once they are compromised, they will infect unsuspecting web users," Sophos wrote in its 2013 Threat Report.
Websites hosted in Indonesia, China, Thailand, the Philippines and Malaysia were deemed the most risky here, while those from the UK, Norway, Sweden, Japan and Switzerland were believed by the vendor to be the safest.
Sophos says more malware testing platforms will be available, some with money-back guarantees, that make it more likely malware will enter the enterprise network unnoticed. More malware will be irreversible, in the sense that damage done cannot be repaired.
As more devices connect to the network and must be managed, it becomes more likely that administrators will miss some in their quest to protect an increasingly diverse, yet integrated, computing and networking environment. This will likely lead to more "basic" web server errors and SQL injection hacks. IT staff will need to pay close attention to behavioural mechanisms as well as system hardening and back-up processes.
Gerhard Eschelbeck, chief technology officer at Sophos, claims it is all simply built on what came before. "As users demand more and better ways to do their jobs, IT continues to evolve, bringing forth a new set of operating systems and other advancements, replete with different security models and attack vectors, making it crucial for security technology to evolve," he says.