Kaspersky Lab sees rise in ‘hacktivism,’ state-sponsored cyber attacks in 2013

MANILA, Philippines - Cyber-espionage, “hacktivism,” and nation-state cyber-attacks made it to the list of top predictions that will shape the digital security landscape for 2013, according to Kaspersky Lab, a leading developer of secure content and threat management solutions.

The report entitled “Kaspersky Security Bulletin 2012: Malware Evolution” also lists legal use of surveillance tools, attacks on cloud-based networks, cyber extortion on companies and individual Internet users, and mobile malware as among the top predictions for 2013.

Other top predictions include fake security certificates, deterioration of personal privacy, the development of more Mac OS malicious software, and cybercriminals’ growing use of software exploits.

Incidentally, some of the predictions for 2013 mentioned in the report are also rooted on incidences in 2012, including an escalation of serious types of cybercrimes such as targeted attacks on companies, “hacktivism,” attacks on cloud-based infrastructure, deterioration of digital privacy, issues with online trust and digital authorities, attacks on Mac OS X malware and mobile malware, and ransomware and crypto-extortion.              

However, a more pressing concern is the rise of cyber-attacks authorized by nation-states. Costin Raiu, Kaspersky Lab director of Global Research & Analysis Team (GReAT), said this could be an era of cold “cyber-war.”

“Looking ahead, we can expect more countries to develop cyber weapons — designed to steal information or sabotage systems — not least because the entry-level for developing such weapons is much lower than is the case with real-world weapons. The targets for such cyber-attacks could include energy supply and transportation control facilities, financial and telecommunications systems and other ‘critical infrastructure’ facilities,” warned Raiu.

Governments, pressured by the growing threat of cyber-attacks against their infrastructure, are also compelled to use technology for monitoring suspected cybercriminals, a serious security breach that could put law enforcement to question.

“Clearly, the use of legal surveillance tools has wider implications for privacy and civil liberties. And as law enforcement agencies, and governments, try to get one step ahead of the criminals, it’s likely that the use of such tools — and the debate surrounding their use — will continue,” Raiu said.

Vulnerabilities in the past

Raiu stressed that 2012 was already a year for cyber-activism or “hacktivism” and cyber-espionage against global private industries and governments. These events were continuation from the same incidences from previous years, though these were in much wider scale and had more serious effects.

“The powerful actors from 2011 remained the same: hacktivist groups, IT security companies, nation states fighting each other through cyber-espionage, major software and gaming developers such as Adobe, Microsoft, Oracle or Sony, law enforcement agencies and traditional cybercriminals, Google, via the Android operating system, and Apple, thanks to its Mac OS X platform,” Raiu said.

Key predictions for 2013

A more comprehensive forecast of Kaspersky Lab for 2013 are as follows:

• Targeted attacks and cyber-espionage. While the threat landscape is still dominated by random, speculative attacks designed to steal personal information from anyone unlucky enough to fall victim to them, targeted attacks have become an established feature in the last two years. Such attacks are specifically tailored to penetrate a particular organization and are often focused on gathering sensitive data that has a monetary value in the “dark market.”

• The onward march of “hacktivism.” Stealing money is not the only motive behind attacks. Sometimes the purpose of an attack is to make a political or social point. Society’s increasing reliance on the Internet makes organizations of all kinds potentially vulnerable to attacks of this sort, so “hacktivism” looks set to continue into 2013 and beyond.

• Nation-state-sponsored cyber-attacks. The world is now entering an era of cold “cyber-war,” where nations have the ability to fight each other unconstrained by the limitations of conventional real-world warfare. Looking ahead, people can expect more countries to develop cyber weapons.

• The use of legal surveillance tools. Efforts to keep pace with the advanced technologies being used by cybercriminals are driving law enforcement agencies in directions that have obvious implications for law enforcement itself. Clearly, the use of legal surveillance tools has wider implications for privacy and civil liberties. And as law enforcement agencies, and governments, try to get one step ahead of the criminals, it’s likely that the use of such tools will continue.

• Cloudy with a chance of malware. It’s clear that the use of cloud services will grow in the coming years. But as the use of the cloud grows, so too will the number of security threats that target it. In particular, the wide use of mobile devices, while offering huge benefits to a business, also increases the risk.

• Dude, where’s my privacy? The erosion or loss of privacy has become a hotly debated issue in IT security. Every time people sign up for an online account, they are required to disclose information about themselves and companies around the world actively gather information about their customers. The value of personal data — to cybercriminals and legitimate businesses — will only grow in the future, and with it the potential threat to our privacy increases.

• Who do you trust? People are all predisposed to trust websites with a security certificate issued by a bona fide certificate authority (CA), or an application with a valid digital certificate. Unfortunately, not only have cybercriminals been able to issue fake certificates for their malware, they have also been able to successfully breach the systems of various CAs and use stolen certificates to sign their code. The use of fake, and stolen, certificates is set to continue in the future.

• Cyber extortion. This year there have been growing numbers of ransomware Trojans designed to extort money from their victims, either by encrypting data on the disk or by blocking access to the system. These have now become a worldwide phenomenon, although sometimes with slightly different modus operandi. Such attacks are easy to develop and, as with phishing attacks, there seem to be no shortage of potential victims. As a result, we’re likely to see their continued growth in the future.

• Mac OS malware. Despite well-entrenched perceptions, Macs are not immune to malware, which has been growing steadily over the last two years. There have also been targeted attacks on specific groups, or individuals, known to use Macs. The threat to Macs is real and is likely keep growing.

• Mobile malware. Mobile malware has exploded in the last 18 months. The lion’s share of it targets Android-based devices — more than 90 percent is aimed at this operating system. There is also a high probability that the first mass worm for Android will appear, capable of spreading itself via text messages and sending out links to itself at some online app store. There will also likely be more mobile botnets.

• Vulnerabilities and exploits. Java vulnerabilities currently account for more than 50 percent of attacks, while Adobe Reader accounts for a further 25 percent. Java is not only installed on many computers, but updates are installed on demand, not automatically. For this reason, cybercriminals will continue to exploit Java in the year ahead. It’s likely that Adobe Reader will also continue to be used by cybercriminals.