Security Experts:

Georgia Tech Researchers Examine 2013 Threat Landscape

Researchers from the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI), released their 2013 cyber-threat forecast on Wednesday. The report examines what they think will be the most serious issues online in the next twelve months.

The face of cybersecurity has changed over the last year, the report says, as attackers have aligned with national agendas, and taken aim at businesses and governments alike.

Georgia Tech Threat Report“If we are going to prevent motivated adversaries from attacking our systems, stealing our data and harming our critical infrastructure, the broader community of security researchers—including academia, the private sector, and government—must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it,” noted the report’s introduction, which was presented during the annual Georgia Tech Cyber Security Summit on Wednesday.

BlackHat SEO

The first topic mentioned in the report is BlackHat SEO, or search engine poisoning. However, it Georgia Tech says that criminals are likely to move beyond vanilla SEO poisoning attempts. Instead, they’re likely to focus on reputation by compromising legitimate websites, with a solid reputation, which has been seen several times this year – in the form of malicious advertisements on some well-known domains.

“A more common attack in the future will use cross-site scripting to inject links from legitimate sites to malicious destinations, without the need for total compromise. Manipulating a victim’s search history may be next. Using cross-site request forgery, researchers have been able to enumerate and even modify a user’s search history,” the researchers predict.

Supply Chain Nightmares

Another prediction centers on the supply chain, especially relevant due to the headlines recently focused on China and telecom giants Huawei and ZTE Corp. The fear that their equipment would offer access to the Chinese government is a major worry in Washington, as law makers go back and forth on the issue with everyone from the Defense Department, to the telecom firms themselves.

“I would say that we are in trouble. This is a problem that is extremely expensive and difficult to solve. ‘Solve’ may not even be the right word,” said Andrew Howard, research scientist with the Georgia Tech Research Institute.

Yet, progress remains slow in addressing supply chain problems, because of the size of the problem itself and the lack of any easy solutions, according to Howard. “It is going to take a bad event to have the momentum necessary to fully tackle the problem,” he said.

BYOD – Not as bad as one would think, but something to watch...

Mobile security will still be a hot topic in 2013, according to the report, as there is plenty of surfaces to attack, and criminals are still getting privacy-undermining applications and malicious applications onto devices – despite the focus on preventing such things. Yet, the prediction is that well-vetted app stores (Google Play and iTunes) will maintain a solid line of defense against malicious apps.

“We expect novel attacks and new ways to monetize mobile devices to emerge,” the researchers wrote.

One of the reasons for this, and the reason that many attacks have succeeded, is the infrequent patching done by mobile carriers and manufacturers. The wide gap in Android versions alone in the U.S. market makes mobile users a prime target. And still, it’s not as bad as the headlines would have you think.

“The exponential growth of malicious Android apps has not translated to increased risks for most users," the report noted. "By analyzing three weeks of DNS traffic from a large cellular provider, GTISC researchers have found that only a very small number of devices—about 0.002%—are showing signs of infection in the United States. The research also showed that the detections of malicious applications occur well after their peak activity, suggesting that reactive security measures—such as removing the program from storefronts and publishing antivirus signatures—had little initial impact. Nonetheless, such measures likely prevent the software from spreading widely.”

Fluffy, data filled, malicious clouds

According to the research, data stored in the cloud will have better overall security, but failures will be severe. This will lead to companies demanding stronger guarantees of security before they move more data into the cloud, translating to the resolution of issues surrounding responsibility and liabilities between organizations and their service providers. In addition, authorization will remain the weakest point for securing stored data.

Other cloud-based predictions focus on criminals using virtualized infrastructures for quick-to-create botnets.

“The ability to stand up virtualized computers, if successfully exploited by attackers, can be used to quickly create botnets. Just as large collections of data in the cloud become a siren call to attackers, the ability to create vast computing resources will continue to convince cybercriminals to look for ways to co-opt the infrastructure to their own ends,” said Yousef Khalidi, a distinguished engineer with Microsoft’s Windows Azure group, in an interview for the report.

The prediction report covers additional topics, including healthcare and counter offensives against malware, and is an insightful read.

"Our adversaries, whether motivated by monetary gain, political/social ideology or otherwise, know no boundaries, making cyber security a global issue,” said Bo Rotoloni, director of GTRI’s Cyber Technology and Information Security Laboratory (CTISL).

“Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government,” Rotoloni concluded.

The full report is available here in PDF format.

Related Reading: Georgia Tech's 'Titan' Malware Intelligence System Offers Threat Sharing, Collaboration Tools

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.