Next year, we'll need to be on the lookout for increases in mobile malware, randomware kits, large-scale political hacks and "hacking as a service," according to McAfee Labs.
The security firm's research report, released today, predicts that cybercriminals and hacktivists are going to refine and "evolve" techniques and tools used not only to steal from our wallets, but also to take advantage of our personal data. Along with a likely rise in cyberattacks that take advantage of the explosion in mobile technology, McAfee warns of threats based on politics and "extreme" causes.
Mobile worm infections could go on a shopping spree in 2013 -- once embedded in a smartphone or tablet after a dodgy download, they'll purchase malicious apps and do their stealing through near-field communications (NFC) technology, McAfee says. NFC and other "tap and pay" mechanisms could also make it easier for our phones to become infiltrated. McAfee suggests that "bump and infect" scenarios will become more common in order to steal money and that these kinds of malware will be most commonly found in densely populated areas including airports and malls.
In addition, mobile malware that prevents your smartphone or tablet from updating security software is expected to rise.
Build your own ransomware
McAfee predicts that ransomware "kits" designed around mobile technology will rise, allowing people without advanced programming skills to be able to more easily attempt to extort money out of the general public, especially through the Windows PC platform, which saw reported attacks triple in 2012. Ransomware differs from backdoors, keyloggers or Trojans as it "locks" a system, leaving users without the means to access their data or system. This is where the malicious software comes in; pay up or potentially lose your data.
"We have already seen Android and OS X as targets of ransomware," McAfee said in the report. "Now the first ransomware kits are being marketed in the underground. For the moment the kits attack only Windows systems, but this may change soon."
Attacks focused on new platforms
The report suggests that we will see a "rapid development" in ways to attack both Microsoft's new Windows 8 platform and HTML5, a standard for Web-based applications. Rootkits, the use of bootkit techniques and attacks which target master boot records, the BIOS and volume boot records are expected to diversify and evolve. Windows 8 platform is expected to be targeted through malware as well as phishing techniques. McAfee warns that platform upgrades will not necessarily protect your system, although it is deemed more secure that previous versions.
An increase in large-scale attacks
According to the firm, large scale attacks reminiscent of Stuxnet or Flame, designed to destroy infrastructure rather than based on purely financial gain, will firmly take hold in 2013. Used in order to cripple businesses, steal intellectual property and simply cause as much damage as possible, large-scale hacktivism can be devastating for businesses that are often vulnerable to the simplest methods, such as distributed denial-of-service (DDoS) attacks.
Snowshoes and spam
In addition to an increase in attacks based on botnets, "shoeshoe" spamming of legitimate products available online, made through numerous IP addresses, is expected to be a cyberattack trend in 2013. Well-known businesses can fall prey to shady marketing companies that promise e-mail address lists of potential customers, and blatant spamming still goes unchecked.
Hacking as a service
Hacking "as a service" is expected to rise, mainly due to the rise of invitation-only and fee-paying professional hacker forums available to only those who have guarantors to ensure their authenticity. Based on e-commerce shopping cart models, it is expected that anonymity will be maintained through anonymous payment methods including Liberty Reserve.
The decline of Anonymous, but a rise in extreme hacktivism
McAfee argues that a lack of structure and organization in the hacking collective referred to as Anonymous has impacted the idea's reputation. Misinformation, false claims and hacking for the simple joy of it may result in the collective's political claims taking a beating. As a result, success and fame will decline -- but higher-level professional hacking groups may take up the slack, and promote a rise in military, religious, political and "extreme" campaign attacks.