FortiGuard Labs’ five security predictions for 2014
By Digital News Asia December 5, 2013
- As developers look at new markets, Android malware will hit industrial (Scada) systems
- With WinXP support ending April 8, expect zero-day attacks against high value businesses
FortiGuard Labs compiled threat statistics and trends for this threat period based on data collected from FortiGate network security appliances and intelligence systems in production worldwide.
Customers who use Fortinet's FortiGuard Services should be protected against the vulnerabilities outlined in this report as long as the appropriate configuration parameters are in place, the company claimed.
The predictions for 2014 are:
1) Android malware expands to industrial control systems and Internet of Things
As sales of mobile phones likely plateau in the coming years, Android developers are being tasked to find untapped markets for the Google operating system. A few of these emerging markets include tablets, portable game consoles, wearable devices, home automation equipment and industrial control systems/ Supervisory Control and Data Acquisition (ICS/Scada).
Next year, we predict we’ll see the first instances of malware on these new device types, specifically around embedded ICS/ Scada systems.
While we don't believe we'll see a ‘mobile-Stuxnet’ in 2014, we think cybercriminals will be attracted to platforms that go beyond common SMS fraud. This includes new home automation devices that have control over our electrical consumption, the temperature of our fridges, etc., and feature software with remote login control panels to show/confirm who may be at home at a given time.
This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.
2) The battle for the deep Web
While the US Federal Bureau of Investigation will broaden its scope of targets in the coming year, we believe the agency will also continue to make inroads into the Tor dark net and questionable file- sharing services such as Mega Upload.
Knowing the cat and mouse games black and white hats have been playing since the dawn of the first computer viruses, we predict the increased scrutiny of these ‘anonymous’ services will lead to new and, dare we say, improved versions that will be even harder to infiltrate, compromise and/ or take down.
We’ve already seen the MegaUpload takedown birth Mega, a fundamentally more robust platform. Expect to see similar renewed development vigour around Silk Road in the coming year.
3) Network security vendors forced to become more transparent
In September, the US Federal Trade Commission severely penalised a company that marketed video monitoring technology to consumers for suggesting in its literature that their product was ‘secure’ when evidence clearly showed it was not.
This was the agency’s first action against a marketer of an everyday product with interconnectivity to the Internet and other mobile devices, and the company was required to make a number of conciliatory measures.
Next year, we predict we’ll see this level of increased scrutiny and accountability at the network security vendor level. Customers are no longer going to accept the "proprietary security-hardened OS" marketing spin. They will demand proof, and when they are subject to undue risk, they will demand accountability.
This will be in the form of greater transparency around supply chain management, patch management and Secure Development Lifecycle (SDL) practices.
4) Increase in attacks targeting Windows XP
Microsoft will end support for Windows XP on April 8, 2014. This means that newly discovered vulnerabilities will not be patched, leaving systems around the world vulnerable to attacks.
According to NetMarketShare, as of September 2013, Windows XP is still used on 31.42% of PCs in the world. According to Gartner, by the time April 8 rolls around, it is estimated that more than 15% of mid- to large-sized enterprises will still have Windows XP running on at least 10% of their PCs.
Next year, we predict hackers, already in possession of zero day exploits, will wait until April 8 in order to sell them to the highest bidder. Because of their expected high price tag, these zero days will likely be used to launch targeted attacks against high-value businesses and individuals rather than deployed by common cybercriminals in order to propagate mass infections.
5) Biometrics for authentication will increase
This year Apple made a bold move when it announced its new iPhone 5s would integrate fingerprint authentication into the device. Never mind that it was hacked a few days after the phone shipped. It got people talking about the importance two-factor authentication in a world where the single factor password login is growing increasingly archaic.
As a result of this renewed interest, we predict next year we’ll see additional mobile companies including a second factor of authentication into their devices. We’ll also see an increase in additional forms of authentication, such as tattoos and pills, iris scanning and facial recognition.
‘Hackers’ – tech reality finally catches up with Hollywood?
The end of passwords, and other IT predictions
With the world safe, here are predictions for 2013
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.
Author Name :
By commenting below, you agree to abide by our ground rules.