2012 WAS A BIG YEAR for the security industry, with the continued rise of hacktivist groups, a substantial growth of Advanced Persistent Threat (APT) incidents, and the dawn of cyber-warfare, not to mention the explosion of Android malware and attacks on Apple's Mac OS X platform.
Along with the escalation of hyper sophisticated threats like Flame and Gauss causing widespread panic, it's only understandable that we have also seen more aggressive actions from law enforcement agencies against traditional cybercriminals.
But what will 2013 hold for internet security? Will the threats that we've seen over the past year continue to get worse, or will we see a rise in a new type of vulnerability across the industry?
The INQUIRER has asked the major players in the security industry for their predictions and what we are likely to see in the year to come.
Targeted attacks and cyber espionage
Kasperksy's security forecast report names targeted attacks and cyber espionage at the top of its list of threats to look out for in 2013. Such attacks, which are tailored to penetrate a particular organisation, are getting more prevalent because they gather sensitive data that can then be sold, thus giving them monetary value.
"Targeted attacks on businesses have only become a prevalent threat within the last two years," said Kaspersky's security researcher David Emm. "Kaspersky Lab expects the amount of targeted attacks, with the purpose of cyber-espionage, to continue in 2013 and beyond, becoming the most significant threat for businesses."
Kaspersky warns that these attacks can often be highly sophisticated, but many start by "hacking the human" - that is, by tricking employees into disclosing information that can be used to gain access to corporate resources.
"The huge volume of information shared online and the growing use of social media in business has helped to fuel such attacks," Kaspersky's report notes. "And staff with public-facing roles can be particularly vulnerable."
Directly connected to targeted attacks is the threat of data breaches, something that Romanian security firm Bitdefender seems to think will be one of the major concerns internet users, especially businesses, should look out for in 2013.
"We expect to see a number of successful attacks against corporate data infrastructures, such as closed-source enterprise applications that will expose critical business data," the firm states in its most recent report.
Bitdefender said these attacks will be carried mostly via blended threats, such as spam mail bundled with zero-day exploits in client software, rather than direct attacks against database servers.
The firm's chief security researcher, Catalin Cosoi, told The INQUIRER that data breaches will be popular among hackers as they are "where the money is" and "usually, you need to create unique malware for that". Cosoi explained that being "unique" means it's harder to detect by anti-virus solutions.
Android malware and ransomware
Japanese-based Trend Micro stated in its most recent security report that "the most serious threat during 2013 may be malicious and high-risk Android apps". Trend predicts they will reach one million in 2013, up from 350,000 at the end of 2012.
These figures are hardly surprising given the exceptional rise of Android malware across the platform during the past year. For example, back in July, Trend found that malware samples found on Android devices had quadrupled since the first quarter of 2012, affirming that the growth of security threats facing Google's mobile operating system is not slowing down.