Attacks on public infrastructure, mobile ransomware and IPv6 exploits are among the topics that will be discussed in 2013, according to Fortinet, a Sunnyvale, Calif.-based security vendor.
As 2012 runs its final weeks, security experts of all description are busy preparing their predictions for the coming year. Fortinet is in the process of developing their list as well, but the company agreed to discuss their initial thoughts with CRN during the Fortinet Global Partner conference, which has been under way this week in the Caribbean.
"SCADA [supervisory control and data acquisition] infrastructure has become the low-hanging fruit," said Derek Manky, Fortinet's chief security strategist, referring to the control systems that support a wide variety of public infrastructure, including the water supply and energy grid. "These systems are widely known to be vulnerable, and many of them were designed at a time when such attacks had not yet become a concern. These systems have become connected to public networks in order to simplify their operation, but that also poses a risk. I think we are likely to see attempts to crass passwords, and perhaps even attempts to crash specific systems."
Manky also expects to see increased attacks against mobile devices, with remote code executions and advanced persistent threats against the devices become increasingly popular in the criminal community. "We're seeing an increased ability to penetrate these devices," he said. "So I think we will see a number of threats aimed at government officials, CEOs and celebrities."
In addition, Manky expects to see drive-by attacks, which have become commonplace against computers, to extend towards smart phones. "Tricking people into downloading malware onto their phones will likely be the next big thing," he said. "Much of the code is available. The botnets are available. It's just a matter of time."
Look for two-factor authentication to gain popularity as low-cost, high-powered cloud computing builds the opportunity to more easily crack even complex passwords. "And two-factor authentication should be done using separate devices, not just your phone," Manky added. "Remember, those phones are becoming increasingly vulnerable."
The arrival of IPv6 has additional security ramifications of its own. The multitude of new IP addresses, delivered via Version 6, also translates to opportunities for criminals, according to Manky. "The criminals will mask the identities of their malicious servers by rapidly rotating IP addresses before they can be tracked and shut down," he predicted. "This is a function known as Fast Flux, and I fully expect they will use it to their advantage.
Fortinet expects to further evaluate all these concepts and build a top 10 list of predictions within the next few weeks.
PUBLISHED NOV. 8, 2012