They say there is no rest for either the weary or the wicked. When it comes to IT security, it looks like 2013 will be no exception.
The researchers at McAfee Labs have compiled a list of security threats that IT organizations are likely to encounter in the coming year. They include:
- Mobile worms that buy malicious apps and steal via tap-and-pay near field communications
- Malware that blocks security updates to mobile phones
- Mobile phone ransomware “kits” that allow criminals without programming skills to extort payments
- Covert and persistent attacks deep within and beneath Windows
- Rapid development of ways to attack Windows 8 and HTML5
- Large-scale attacks like Stuxnet that attempt to destroy infrastructure
- A further narrowing of Zeus-like targeted attacks using the Citadel Trojan
- Malware that renews a connection even after a botnet has been taken down
- The “snowshoe” spamming of legitimate products from many IP addresses, spreading out the sources and keeping the unwelcome messages flowing
- SMS spam from infected phones.
- “Hacking as a Service”: Anonymous sellers and buyers in underground forums exchange malware kits and development services for money
- The decline of online hacktivists Anonymous, to be replaced by more politically committed or extremist groups
- Nation states and armies will be more frequent sources and victims of cyberthreats
The majority of these threats are aimed at mobile computing devices that are becoming more prevalent in the enterprise with each passing day. According to Ryan Sherstobitoff, a threats researcher for McAfee Labs, IT security in 2013 will come down to being forewarned is to be forearmed. In fact, the coming year will basically be a security arms race. Perpetrators of malware are getting more sophisticated by the day. The only way to counter those efforts is to invest in security intelligence services that identify threats in enough time for IT organizations to deploy updates and patches that remediate vulnerabilities.
Obviously, there is no such thing as perfect security. But in an age where security threats are multiplying, IT security in the years ahead will basically be defined by external vigilance. Essentially, Sherstobitoff says that means we’re engaged in a security arms race where IT organizations need to always be one or two steps ahead of cybercriminals, hacktivists and cyber espionage agents. Ultimately, that means enlisting security intelligence services from vendors such as McAfee to not only identify those threats early on, but also make sure that the number of surfaces in the enterprise that can be compromised at any given moment is kept to the absolute minimum.