Network security firm Fortinet has revealed FortiGuard Labs' 2013 threat predictions, highlighting six threats to watch out for next year.
Fortinet's top six security predictions for 2013 are:
1. APTs target individuals through mobile platforms
Advanced persistent threats or APTs are defined by their ability to use sophisticated technology and multiple methods and vectors to reach specific targets to obtain sensitive or classified information. The most recent examples include Stuxnet, Flame and Gauss.
Fortinet predicts that in 2013, APTs will be targeted at the civilian population, which includes CEOs, celebrities and political figures. However, verifying this prediction will be difficult because after attackers get the information they're looking for, they can quietly remove the malware from a target device before the victim realises that an attack has even occurred.
What's more, individuals who do discover they have been victims of an APT will likely not report the attack to the media. Because these attacks will first affect individuals and not directly critical infrastructure, governments or public companies, some types of information being targeted will be different. Attackers will look for information they can leverage for criminal activities such as blackmail; threatening to leak information unless payment is received.
2. Two-factor authentication replaces single password sign on security model
The password-only security model is dead, said Fortinet. Here's why: Easily downloadable tools today can be used to crack a simple four- or five-character password in only a few minutes. Moreover, using new cloud-based password cracking tools, attackers can attempt 300 million different passwords in only 20 minutes at a cost of less than US$20. Criminals can now easily compromise even a strong alphanumeric password with special characters during a typical lunch hour. Stored credentials encrypted in databases (often breached through Web portals and SQL injection), along with wireless security (such as WPA2) will be popular cracking targets using such cloud services.
Next year, we are likely to see an increase in businesses implementing some form of two-factor authentication for their employees and customers, Fortinet's report says. This will consist of a Web-based login that will require a user password along with a secondary password that will either arrive through a user's mobile device or a standalone security token. While it is true the recently discovered botnet Zitmo cracked two-factor authentication on Android devices and RSA's SecurID security token (hacked in 2011), this type of one-two punch is still the most effective method for securing online activities.
3. Exploits to target machine-to-machine (M2M) communications
Machine-to-machine (M2M) communication refers to technologies that allow both wireless and wired systems to communicate with other devices of the same ability. It could be a refrigerator that communicates with a home server to notify a resident that it's time to buy milk and eggs, it could be an airport camera that takes a photo of a person's face and cross-references the image with a database of known terrorists, or it could be a medical device that regulates oxygen to an accident victim and then alerts hospital staff when that person's heart rate drops below a certain threshold.
Sign up for MIS Asia eNewsletters.