CyberheistNews Vol 2, #54
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"]
[/caption]2013 Security Predictions"
Some of you may know that I wrote the WServerNews e-zine for 15 years,
and one of my traditions is to make predictions for the coming year in the
last issue of the year. We're going to continue that with CyberheistNews,
so here they are, and see you in 2013.
A big THANK YOU to you, our readers, for helping us continue to make
CyberheistNews the most fun security newsletter in the world.
Happy New Year!
In Memoriam of excellent science-fiction writer Ray Bradbury who passed
away in 2012: "People ask me to predict the future, when all I want to do
is prevent it. Better yet, build it. Predicting the future is much too
easy, anyway. You look at the people around you, the street you stand on,
the visible air you breathe, and predict more of the same. To hell with
more. I want better." Ray Bradbury
Here Are Your 13 Predictions For 2013
- First Quantity, Now Quality: In 2013, cybercrime will focus more on
quality than before. They will opt for increasingly smart malware,
and more focused attacks.
- BYOD Target Number One: As part of cybercrime's focused attacks, they
will be looking to infect the private mobile devices of employees who have
access to the company network. BYOD will be a bear for IT the coming year.
Toll fraud, malware that charges money to a users mobile phone bill will
be the leading monetization strategy for mobile malware writers.
- Advanced Persistent Threats (APT) usually coming from China, will expand
from enterprise to the civilian population, specifically celebrities,
politicians and business leaders. The APT goal will be to either create
or find offenses they can blackmail the victim with. Things like first
putting child pornography on someones phone, and then threatening
with revealing that information to police and press. Politicians and
CEOs need to be extra careful as surveillanceware (like FinFisher)
for espionage will increase.
- Malware for Apple Goes Global: It has been tested well enough now,
and will make headlines in 2013 as the vast majority of Apple users
are still not using any antivirus. They will regret that the coming
year.
- The old Windows-centric computing environment has literally gone out
the window, and people are now using various sizes of computing slabs
(phones, tablets) each with their own operating system, causing update
fatigue and many leaving all the defaults in place. Hackers rejoice
with a million Android-based malware variants, one of which will have
a critical bug and bricks phones.
- Just like the last 10 years, you will not see an omnibus cybersecurity
bill getting through Congress, but in 2013 President Obama will come
out with controversial Executive Orders that give DHS a much stronger
role in cybersecurity governance.
- South Carolina's tax IT system breach where 4 million taxpayers were
exposed, is making top officials in other local and state governments
very, very nervous. Expect a wave of fresh security awareness training
for all employees in those organizations.
- The United Nations-sanctioned International Telecommunication Union's
recent vote allows more regulatory power to authoritarian governments
around the world, which will disrupt the Web's very infrastructure. Syria
dropping off the Net recently is a good example.
- Cross-platform Botnets: If you look at mobile botnets like Zitmo, they
look a lot like the old PC-based botnets. Next year, we will see new
types of Denial of Service (DoS) attacks that will use both PC and
mobile devices at the same time, with both devices sharing the same
command and control server. At the same time, mobile spam will become
a major threat vector.
- The Password Is Dead. Next year you will see a wave of organizations
that deploy a form of two-factor authentication for both customers
and employees. It will be a Web-based login with a password together
with a secondary passkey that will be sent to a user's phone.
- 2013 will be the year that the enterprise will finally get the concept
of compute-on-demand and the cloud is actually ready for enterprise
workloads. While big companies move them there, they omit cloud security
best practices so there will be a massive cloud security breach.
- 2013 will be the year of mobile shopping, and most retail companies
will enable mobile commerce the next twelve months with mobile wallets.
Cyber criminals are rubbing their hands with anticipation, because now
some shoulder surfing and stealing someones smartphone is enough to
go for an illegal shopping spree.
- Hackers will pull off a massive Cyberheist in 2013 creating fake
bank transactions harming you with the very same protocols that were
designed to protect you.
Wild-ass Guesses Department
- A major brand of Internet-enabled TV's will be totally pnwed and
people's TV's will be spying on them in their living room.
- The expected iPhone 6 will have blistering fast A7 processor and a
brand new oblong home button that will check your fingerprint. In
2013 there will be an android-based bendable (flexible) phone.
- Russian Cyber Mafia will open shop in Nigeria. Lax local law and
law enforcement combined with a corrupt government is crime Nirvana.
- Facebook is going to acquire something BIG like Twitter. They need
to do something with all that money from the IPO.
- Apple will release a TV Set, technically it will be brilliant, but
commercially it will be a failure.
- Google will become an ISP after their successful fiber trial in
Kansas City. Unfortunately only select select U.S. cities will benefit.
- Because of a cyber attack that ruins its reputation, we will see
a global IT consumer brand go belly-up, someone big like Dropbox.
Quotes of the Week
"Let our New Year's resolution be this: we will be there for one another
as fellow members of humanity, in the finest sense of the word." - Goran Persson
"Your success and happiness lies in you. Resolve to keep happy, and
your joy and you shall form an invincible host against difficulties." - Helen Keller
"Celebrate what you want to see more of." - Tom Peters
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/cyberheist-news/
You can read this newsletter online at the KnowBe4 Blog:
http://blog.knowbe4.com/?p=4041
The Best ROI Bang For That Last Bit Of Budget!
If you have some budget left at the end of this year, and you want
to literally get the best bang for your budget bucks, spend it on Kevin
Mitnick Security Awareness Training for your employees. Having them
trained to not fall for hacker tricks, making them into a 'human firewall'
gives you two major benefits: 1) A much more secure network. 2) Less
support tickets requiring IT-hours. Best yet, Security Awareness Training
usually pays back for itself in just a few months.
Benefit now from some GREAT End-of-Year Offers! Click on the orange
Get A Quote Button Now:
http://www.knowbe4.com/products/kevin-mitnick-security-awareness-training/
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Car Safety - The Jeremy Foley 2012 Pikes Peak Story. Both drivers walked
away unscathed after their Mitsubishi Evo skidded off a cliff during
the "Pikes Peak International Hill Climb". WOW:
http://www.flixxy.com/car-safety-the-jeremy-foley-2012-pikes-peak-story.htm
Google's Zeitgeist 2012 shows you what was trending this last year in
the U.S, based on numbers, not on some pundit's opinions. Interesting:
http://www.google.com/zeitgeist/2012/#united-states/overall
And here it is in a video format: 1.2 trillion searches. What did the world
search for in 2012? A review of 2012 covering all the major events of the
year which were popular on Google:
http://www.flixxy.com/google-zeitgeist-2012-year-in-review.htm
A bit of snow is not going to stop the mighty Audi in Vidzeme, Latvia.
Wait for it
http://www.flixxy.com/audi-vs-snow-in-latvia.htm
NASA was so confident that the world would not end on December 21, 2012 that
they released a "told you so" video a week early:
http://www.flixxy.com/nasa-why-the-world-did-not-end-yesterday.htm
Popular Mechanics has a fun one: 110 Predictions For the Next 110 Years:
http://www.popularmechanics.com/technology/engineering/news/110-predictions-for-the-next-110-years
This is a very useful slide show. A walking tour: 33 questions to ask about
your company's security:
http://www.csoonline.com/slideshow/detail/78012/A-walking-tour--33-questions-to-ask-about-your-company-s-security
This 25-GPU cluster cracks every standard Windows password in <6>
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
