Hackers, hacktivists and cyber-warriors all hit the headlines in 2013, and will undoubtedly do so again in 2014. Here's an analysis of what the experts at seven security vendors think will happen in the coming year.
One of the many signs that the year is drawing to a close is the appearance of predictions for the coming 12 months by security vendors and analysts. In a year that saw major stories such as the Snowden revelations and Adobe's massive data breach, the current state of organisations' cyberdefences, and experts' views on what they're likely to face in the future, are more pertinent than ever.
The current state of organisations' cyberdefences is the subject of a recent study by risk analysis firm BitSight, which evaluated security ratings for over 70 Fortune 200 companies in four industries — finance, retail, energy and technology. BitSight's ratings are based on 'big data' analysis of observed security incidents, including communication with known command-and-control servers, spam propagation and malware distribution. The study's headline findings are summarised in this chart:
Average security ratings for Fortune 200 companies in four industry sectors — Finance, Retail, Energy and Technology. (Source: BitSight Technologies)
The finance industry's leadership in security effectiveness reflects its position as a major target for cybercriminals, but the technology sector's consistently low ranking is something of a surprise — although it's amply demonstrated by the aforementioned Adobe breach. Also noticeable is an across-the-board dip in security effectiveness in April/May 2013, which BitSight attributes to a significant increase in new attacks at that time. So much for last year: but how is the arms race between the black hats and the white hats likely to develop in 2014?
2014 cybersecurity predictions
We've collated the 2014 cybersecurity predictions from seven vendors — FireEye, Fortinet, Lancope, Neohapsis, Symantec, Websense and Zscaler. Here's what the crystal-ball-gazers are saying in these organisations:
Sophisticated threat actors will continue to hide behind traditional mass-market crimeware tools to make identification and attribution hard for network defenders
More attack binaries will use stolen or valid code signatures
Mobile malware will further complicate the threat landscape
Java zero-day exploits may be less prevalent
Browser-based vulnerabilities may be more common
Malware authors will adopt stealthier techniques for command-and-control (CnC) communications
Watering-hole attacks and social media targeting will increasingly supplant spear-phishing emails
More malware will fill the supply chain. Expect more malicious code in BIOS and firmware updates
New heap-spray techniques will emerge because of Adobe Flash's 'click to play' mitigation (requiring user interaction to execute potentially malicious Flash content)
Attackers will find more ways to defeat automated (sandbox) analysis systems, such as triggering on reboots, mouse clicks, applications closing and so on
More crimeware will destroy the operating systems (OSs) of targeted systems as a last step of an attack
More 'digital quartermasters' behind targeted attack campaigns. In other words, Sunshop DQ is only the beginning
With increasing collaboration between targeted organizations around the globe, we will see cybercrime gangs identified and shut down, thanks to clues that tie separate attacks to common campaigns and threat actors
Cybercrime gets personal
We expect the time to detect advanced malware to increase
In order to extract some pattern from the 50-plus predictions listed above, we assigned them to various categories and graphed their frequency:
Predictions from seven security vendors (FireEye, Fortinet, Lancope, Neohapsis, Symantec, Websense and Zscaler), categorised and graphed by frequency.
Image: Charles McLellan/ZDNet
Top of the list, with seven related predictions, is one of 2013's favourite buzz-phrases: the Internet of Things, or IoT. If 2013 was the year that the idea of the IoT (and many practical applications) went mainstream, then 2014 is likely to be the year when the security implications of equipping all manner of 'things' — from domestic refrigerators to key components of critical national infrastructure — with sensors and internet connections begin to hit home.
The next most populous categories, each with five predictions, are 'cyberdefence evasion' and 'network architecture', which take us into the heart of the arms race between the bad guys and the good guys. New cyberdefence evasion techniques flagged up by the experts include the use of stolen or valid code signatures to hide malware, and the development of ways to defeat automated 'sandbox' malware analysis systems. Meanwhile, network architecture-related predictions for 2014 include attacks on organisations' cloud-based data and the use of software-defined networking (SDN) to deliver "an adaptive perimeter or intelligence-based enclaves that are dynamic and both serving to the business needs as well as defensive against advanced threats" (Lancope).
The next four categories each have four predictions, and cover the use of crimeware toolkits such as Blackhole and its successors, more co-operation and collaboration among targeted organisations and cyberdefence agencies, the rise of mobile malware (particularly for the Android OS) and attacks based on social engineering or the use of social media.
Looking down the list of predictions, it's quite clear that today's threat landscape is becoming more of a threat vista, encompassing an increasing range of potential vulnerabilities and demanding an appropriately sophisticated response by those charged with cyberdefence — whether at the family, organisation or national level. The days of setting and forgetting a firewall and some antivirus software are well and truly over.