Automated toolkits with business models that include rental agreements and constant updates will gain considerable improvements in 2012, with many attack kits being primed with new features that enable even the least tech-savvy cybercriminals to hone malware in 2012 for highly targeted attacks.
Andrew Brandt, director of Threat Research at Solera
Financial malware designed to target and infiltrate bank accounts could be recoded for targeted non-financial attacks, according to Boston-based security vendor Trusteer. The Zeus and SpyEye codebases, which are now publicly available, can be manipulated to pull off more sophisticated targeted attacks against enterprises. “Over the next twelve months perimeters will face an onslaught from various sources, viruses going financial, APT-style technologies in Zeus code derivatives manipulated by new coders and in other commercially available malware kits,” Trusteer CTO Amit Klein noted in the company’s list of predictions.
Solera’s Brandt also points to vulnerable WordPress.org blog plug-ins as a major contributor to the problem. Malware writers upload their code to the vulnerable webpages, enabling them to serve up keyloggers to blog visitors. “Most of the code we’ve seen uploaded to legit sites redirects the browser into the maw of one or another exploit kits,” Brandt wrote.
Hardware security weaknesses
Meanwhile, security giant McAfee, which was acquired in 2010 by chipmaker Intel, is predicting a spike in attacks that leverage embedded hardware or use a computer’s master boot record and BIOS layers, to bypass traditional security technologies. “We expect to see more effort put into hardware and firmware exploits and their related real-world attacks throughout 2012 and beyond,” according to McAfee.
Embedded systems that run GPS routers, ATM machines, medical devices and other systems can be rooted and are at risk to falling under the control of sophisticated cybercriminals, according to McAfee’s “2012 Threats Predictions” (.pdf) report.
“Controlling hardware is the promised land of sophisticated attackers,” according to the report. “If attackers can insert code that alters the boot order or loading order of the operating system, they will gain greater control and can maintain long-term access to the system and its data.”
McAfee’s prediction is somewhat buoyed by Columbia University researchers who demonstrated how HP printer vulnerabilities could be used by cybercriminals to gain access to corporate networks.
Michael Sutton, vice president of security research at SaaS-based email and Web gateway security vendor Zscaler Inc. said the focus on hardware-based threats may force hardware vendors to increase their focus on security and take vulnerability disclosure more seriously. Sutton’s presentation at Black Hat 2011 focused on weaknesses in embedded Web servers.
“Security in the hardware space is at least ten years behind security in the software industry,” Sutton wrote in Zscaler’s ThreatLabZ blog. “Hardware vendors will get a wake-up call as researchers shift their efforts to hardware and party like it’s 1999.”