Four security trends defined 2012, will impact 2013

Mobile and Mac malware burbles noxiously, data breaches and data mining will cause more havoc with your privacy, and the Web will continue to suffer the ignominy of poorly-written, Swiss-cheesed code as security experts predict lessons from 2012 go unlearned in 2013.

The Internet is slowly changing, and security experts say that today’s security issues will continue to be major players in driving that change. Here are four trends that dominated headlines in 2012, and will continue to play a major role in 2013.

The Internet as governmental tool

The collective realization by governments around the world that the Internet is an excellent network for conducting surveillance, monitoring, espionage, and war, says Finnish computer security firm F-Secure’s Chief Technical Officer Mikko Hypponen, may not come to full fruition in 2013. But the foundation for that change is already underway.

“There will be more operations along the lines of Olympic Games, also from other sources than US and Israel. Later on, we might look back at these first 20 years of the Web as the Golden Days, when the net was still free,” he wrote in an e-mail to CNET. “Olympic Games” is the covert inter-government project that reportedly birthed Stuxnet, Duqu, and Flame.

Information security expert Chris Wysopal agreed that “cyber-warfare” is becoming commonplace. “When there’s a political or actual war event, we’re seeing cyber-attacks parallel that. It does seem to be more pronounced. It’s almost not newsworthy, as if we expect it to happen alongside a political event.”

Take that in for a moment. Government-sponsored, computer-based attacks, as “almost not newsworthy,” he said.

But just because these attacks are becoming more frequent doesn’t mean that they don’t stymie security researchers. Tomer Teller, a security evangelist and researcher at Check Point, said that he was surprised this year by the rise of “precision-targeted attacks.”

“We saw that with Gauss this year, from the Stuxnet family. It had an encrypted payload, and researchers couldn’t decrypt it,” Teller said.

Tim Rains, the director of Microsoft’s Trustworthy Computing division, pointed out that these governmental actions have consequences beyond the nuclear reactors of Iran and other industrial targets.

“Eighty-five percent of the exploits against operating systems tried to take advantage of one of the vulnerabilities that Stuxnet used. A very small fraction of malware uses “zero-days,” so we’re seeing commodity malware writers benefits from the research of professionals,” he said. “It was a trend in 2012, and we’ll continue to see that in the next year.”

More mobile devices, bigger targets

Experts have been talking up mobile security for several years now, and as mobile device proliferation continues, so will the security problems associated with them. Because the problems are mobile and always-connected in nature, the security challenges will become more complex in 2013, experts told me.

Lookout Mobile Security’s senior product manager, Derek Halliday, noted two interesting trends that his company saw in 2012. Lookout predicted and saw in 2012, “only a few dominant kinds of mobile malware,” he said.

Microsoft’s Rains agreed. “[The Looter exploit] is responsible for the second-most highest number of mobile threats we saw.”

Halliday added, “The other thing was how geographic specific these threats were. We were surprised by the stark contrast between the U.S. and say Russia or China. If you try to run a toll fraud application at scale in the U.S., you’ll encounter some problems — a double-opt in message, government intervention,” he said.

Another point Halliday made was that while Android 4.2 is the most secure yet, with numerous security improvements, operating system fragmentation will prevent it from reaching most people until late 2013.

On the other hand, said Wysopal, the impact of mobile malware is definitely growing. “In 2012, half a percent of all mobile users got hurt by mobile malware in the U.S. That’s a million people, not an insignificant number. It’s a trend that is happening slower than expected, but it’s not going to go away.”

The malware problem is likely to remain isolated from Apple’s iOS, according to Hypponen. “There’s still no iPhone malware. Five years after shipping one of the most popular systems, they have no malware problem at all. That’s a major accomplishment by Apple. Job well done.”

Read More