FortiGuard Labs, part of the high-end network security firm Fortinet, released earlier today their threat projections for 2013, giving network security personnel a big sheaf of metaphorical wanted posters in terms of developments in the network security space to watch out for. There were six specific trends to watch for in the network security space, and they promised big changes in the field as a whole, with even M2M seeing threats emerge.
First, FortiGuard Labs talked about Advanced Persistent Threats (APTs) role in network security, and how they not only use technology to the fullest to attack other technology, but do so by way of multiple different methods and approaches, making them extremely dangerous. There have already been some big-name APTs making appearances, like Gauss, Flame, and the Iranian bane known as Stuxnet, and 2013 promises to see them on the increase.
Next came a projected move to two-factor authentication models over the current standard of single password sign-on. When password crackers are easily available, and cloud-based technology can lead to 300 million different passwords tried in just 20 minutes (available for under $20, no less), the old standard of one password to protect systems is under fire. But with two-factor authentication, an extra layer of protection is established that's not only much harder to crack, but also rapidly changing thanks to a secondary password issued only when the first is delivered.
Then FortiGuard Labs addressed exploits that would go after machine to machine (M2M) communications. While there are many opportunities to advance technology through M2M communications, there is much less consensus on just how to protect this new communications system. With little in the way of protection consensus, it leaves open a field of possibility for attack, especially in which attackers can poison an information stream, leading to a chain reaction of sorts in which machines downstream of the poisoned point can open up a vulnerability based on the wrong information received from upstream.
The sandbox played a role in the next major threat, as security technologies have discovered a way to move programs to a sort of neutral territory where they can't transfer information from one point to another. New exploits are geared toward breaking out of the sandbox, from where, formerly, they could do no damage. This is expected to get much worse in 2013, and leave the sandbox a tool of questionable effectiveness.
Another major concern in 2013 will be the rise of cross-platform botnets, which incorporate not only PCs, but also mobile hardware like smartphones and tablets. The growing popularity of these devices makes them excellent targets for botnet creators, and opens up a possibility for new, more powerful direct denial of service attacks. Previously, a botnet was commonly found running on PC alone, or on mobile devices alone like the recently-emerged Zitmo botnet, but with this new variety, the same botnet may be found across multiple types of device.
Finally, FortiGuard Labs expects a rise in mobile malware growth, and expects it to rise with the popularity of mobile devices as a whole, while PC malware may prove on the decline as more users turn to mobile devices for their computing needs.
The future looks dangerous for communications as a whole, even M2M communications, but with due vigilance and careful planning, the risks can be mitigated and the potential advantages fully realized.
Edited by Brooke Neuman