• United States



by Dominique Karg

Dabbling in the dark arts

Jan 25, 20134 mins
Data and Information SecurityMobile SecuritySecurity

AlienVault's Dominique Karg predicts the terrifying security predictions we'll face in 2013. (Yes, you read that correctly.)

With another New Year comes a “new” flurry of predictions across all industries. I say “new” because if we do some homework, we can see that many of these so-called “predictions” are actually spun off of technology trends over the past decade.

But no matter, humans are creatures of habit and thus we will perpetually create shiny new trends and predictions for consumers each year like clockwork. My take on the whole thing, as you have most likely already deduced, is that these pieces are actually not at all innovative, nor are they helpful. Many of them attempt to persuade readers to purchase a product — usually a vendor-specific one — to help users avoid said “threats” in the coming year.

Despite all of this, I have pulled together the predictions that will most likely be pushed upon the end user market as “terrifying threats” in 2013 — along with tips to battle each one with your own common sense.

Frequent unwelcomed guests

If you leave the front door to your house wide open, chances are someone is going to walk in. Well, the same goes for your hardware (and always has).

The top party crasher to look for in 2013 will continue to be mobile malware. One of the developing ways for distribution of this attack is through app stores. Due to vendor-exclusive control over each individual app store, not all of them can staff enough personnel to personally gut each application for the store’s own security standards. This means that the free, five-star app in the Apple apps store may contain malicious coding in the Google Play store, and so on.

Want to avoid letting this guest into your device? Read the reviews, pay attention to ratings and don’t store pertinent information on your device.

[Also read Bill Brenner’s Stop them before they predict again!]

The second unwelcomed guest to keep an eye out for is social media distributed attacks. The Skype-targeted attack Dorkbot opened eyes to this threat in 2012, when accounts were hacked to distribute a link that lead to ransomware.

How can end users avoid this type of attack in 2013?! Simple — stop clicking on spam-like links that your “friends” would not normally send out. Is the link from someone you barely know, or don’t know at all? Great, you’ve touched on another tip — stop following strangers on social networks just to boost your own numbers. One of them could be a cybercriminal in disguise, waiting for the right moment to wage war on your machine.

Modern ransom notes climb

It’s not rocket science, people. The economy is doing poorly, no matter where you turn. Cybercriminals have found success issuing spam links that lock a user’s system in exchange for ransom. Put two and two together, and you have it -ransomware. Criminals are always going to find a way to make money, especially during economic downturns.

Want to protect yourself? Easy! Stop clicking!

What’s that buzzing sound?

Is anyone else out there sick of seeing terms like “Advanced Persistent Threat” (APT), “hacktivism” and “BYOD”? So am I, but you can guess there’s another flurry of buzzwords just around the corner. Each year, a new “hot” buzzword gives everyone something to clamor about — vendors and journalists alike.

Let’s call it like it is, shall we? BYOD, we’re sick of you and you’ve been around since Y2K. APT, you sound really techy and important, but *most* of today’s mass cyberthreats are in fact advanced and persistent. Finally, hacktivism — you were created to justify a means to an end for hackers.

Marketers beware: We are onto you!

Government plays ball

Remember “Operation Olympic Games”, the birth of Stuxnet from the United States and Israeli governments? So do I — it happened in 2010, and still today we’re seeing “innovative” predictions about government-sponsored malware. Is it legal? Well, that’s something I’m not inclined to make a statement about, but this is certainly something that we should not be surprised to see more of in 2013. Not to worry — unless you are a nuclear plant in a targeted country, your machine is safe from these attacks.

Each year predictions are made, and warnings issued. Yet, we still find ourselves surprised when attacked and more unprepared than we thought we were. It’s time to apply the same logic we do in the real world when interacting virtually. In 2013 I urge everyone to think before they click and if something doesn’t appear to be legitimate it probably isn’t.

Dominique Karg is co-founder and Chief Hacking Officer at AlienVault.