Defensive Security Podcast Episode 3

2013 security predictions

I have collected security predictions from many IT security vendors

While there are many, many unrelated predictions, and some that are self-serving, some trends emerge:

Changes to the tactics used by attackers:

  • Focus on web browser attacks
  • Social engineering
  • Drive by web attacks
  • Malicious emails

…are all inter-related.  The consensus seems to be that these attacks will continue to increase in sophistication.

Cyber War

  • More nation’s becoming involved
  • Increase sophistication
  • Becoming more pervasive
  • Discovery of additional state-sponsored attacks

Unintended consequences of cyber war

  • Criminals adapting techniques learned from state-sponsored attacks
  • Malware customized to target specific victim(s)

Mobile threats

  • Mobile spyware
  • Continued significant growth of mobile malware
  • Legitimate app stores hosting malware
  • Commoditization of mobile malware
  • Major threat will continue to be lost & stolen devices

 Evolution of malware:

  • Sandbox attacks and evasion
  • Cross platform malware
  • New rootkits
  • Ransomware


  • Authentication related problems continue to be a major problem
  • Widespread adoption of 2 factor for authentication

 Embedded devices become attack targets

  • TVs
  • HVAC systems
  • Security systems


  • Differing opinions on whether meaningful cyber legislation passes
  • Increasing pressure on governments to facilitate collaboration across organizations and industries to enable better defenses


  • “Easy” targets dry up
  • Hacktivist’s techniques mature
  • Adopt a more structured process – attack first, take credit later.  I disagree
  • Also, the hacktivist attackers will up their games with dramatically larger DDOS attacks and a move to data destruction, rather simply disruption. (Note: this one, to me, feels like the people latching on to the claims about project Blitzkrieg.)


  • Move from disruptive attacks to destructive attacks
  • Prediction for the first “cyber death”

 My predictions

  • Hacktivists realize their real power is in the threat of attack, not the attack itself and act accordingly
  • Financial fraud-driven malware based on high profile government malware
  • Marketplaces for buying & selling access to infected systems in specific organizations
  • Password reuse becomes a major problem for consumers


Leave a Reply