QUOTE: A dramatic shift in the modus operandi of cybercriminals will occur in 2013. I predict five major shifts in attack vectors:
- Man-in-the-browser attacks will flourish as automated transfer system attacks become mainstream due to the advent of mobile banking. Inserting nano-ware into the browser allows for criminals to bypass two factor authentication and thus insert themselves into the encrypted channel. This was seen with the Automatic Transfer System module for Zeus and SpyEye.
- Watering hole attacks will grow in popularity as polluting trusted websites is a far better targeted attack methodology than targeting individual users.
- Mobile malware will metastasize and become more insidious and automated to include proximity attack capabilities.
- Cross platform attacks like Jacksbot will become mainstream.
- Hypervisor attacks on cloud infrastructures will begin in earnest, in order to move closer to data.
As the modus operandi of cybercriminals evolves, so must our defense in depth strategy. Cybersecurity investments must shift towards continuous monitoring and advanced threat protection if we are to civilize cyberspace and sustain Web 3.0. If we build it they will come, but they will not all be righteous. To find out more about our 2013 predictions, check our predictions document titled Security Threats to Business, the Digital Lifestyle, and the Cloud.