Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Georgia Tech Researchers Examine 2013 Threat Landscape

Researchers from the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI), released their 2013 cyber-threat forecast on Wednesday. The report examines what they think will be the most serious issues online in the next twelve months.

The face of cybersecurity has changed over the last year, the report says, as attackers have aligned with national agendas, and taken aim at businesses and governments alike.

Researchers from the Georgia Tech Information Security Center (GTISC) and the Georgia Tech Research Institute (GTRI), released their 2013 cyber-threat forecast on Wednesday. The report examines what they think will be the most serious issues online in the next twelve months.

The face of cybersecurity has changed over the last year, the report says, as attackers have aligned with national agendas, and taken aim at businesses and governments alike.

Georgia Tech Threat Report“If we are going to prevent motivated adversaries from attacking our systems, stealing our data and harming our critical infrastructure, the broader community of security researchers—including academia, the private sector, and government—must work together to understand emerging threats and to develop proactive security solutions to safeguard the Internet and physical infrastructure that relies on it,” noted the report’s introduction, which was presented during the annual Georgia Tech Cyber Security Summit on Wednesday.

BlackHat SEO

The first topic mentioned in the report is BlackHat SEO, or search engine poisoning. However, it Georgia Tech says that criminals are likely to move beyond vanilla SEO poisoning attempts. Instead, they’re likely to focus on reputation by compromising legitimate websites, with a solid reputation, which has been seen several times this year – in the form of malicious advertisements on some well-known domains.

“A more common attack in the future will use cross-site scripting to inject links from legitimate sites to malicious destinations, without the need for total compromise. Manipulating a victim’s search history may be next. Using cross-site request forgery, researchers have been able to enumerate and even modify a user’s search history,” the researchers predict.

Supply Chain Nightmares

Another prediction centers on the supply chain, especially relevant due to the headlines recently focused on China and telecom giants Huawei and ZTE Corp. The fear that their equipment would offer access to the Chinese government is a major worry in Washington, as law makers go back and forth on the issue with everyone from the Defense Department, to the telecom firms themselves.

“I would say that we are in trouble. This is a problem that is extremely expensive and difficult to solve. ‘Solve’ may not even be the right word,” said Andrew Howard, research scientist with the Georgia Tech Research Institute.

Yet, progress remains slow in addressing supply chain problems, because of the size of the problem itself and the lack of any easy solutions, according to Howard. “It is going to take a bad event to have the momentum necessary to fully tackle the problem,” he said.

BYOD – Not as bad as one would think, but something to watch…

Mobile security will still be a hot topic in 2013, according to the report, as there is plenty of surfaces to attack, and criminals are still getting privacy-undermining applications and malicious applications onto devices – despite the focus on preventing such things. Yet, the prediction is that well-vetted app stores (Google Play and iTunes) will maintain a solid line of defense against malicious apps.

“We expect novel attacks and new ways to monetize mobile devices to emerge,” the researchers wrote.

One of the reasons for this, and the reason that many attacks have succeeded, is the infrequent patching done by mobile carriers and manufacturers. The wide gap in Android versions alone in the U.S. market makes mobile users a prime target. And still, it’s not as bad as the headlines would have you think.

“The exponential growth of malicious Android apps has not translated to increased risks for most users,” the report noted. “By analyzing three weeks of DNS traffic from a large cellular provider, GTISC researchers have found that only a very small number of devices—about 0.002%—are showing signs of infection in the United States. The research also showed that the detections of malicious applications occur well after their peak activity, suggesting that reactive security measures—such as removing the program from storefronts and publishing antivirus signatures—had little initial impact. Nonetheless, such measures likely prevent the software from spreading widely.”

Fluffy, data filled, malicious clouds

According to the research, data stored in the cloud will have better overall security, but failures will be severe. This will lead to companies demanding stronger guarantees of security before they move more data into the cloud, translating to the resolution of issues surrounding responsibility and liabilities between organizations and their service providers. In addition, authorization will remain the weakest point for securing stored data.

Other cloud-based predictions focus on criminals using virtualized infrastructures for quick-to-create botnets.

“The ability to stand up virtualized computers, if successfully exploited by attackers, can be used to quickly create botnets. Just as large collections of data in the cloud become a siren call to attackers, the ability to create vast computing resources will continue to convince cybercriminals to look for ways to co-opt the infrastructure to their own ends,” said Yousef Khalidi, a distinguished engineer with Microsoft’s Windows Azure group, in an interview for the report.

The prediction report covers additional topics, including healthcare and counter offensives against malware, and is an insightful read.

“Our adversaries, whether motivated by monetary gain, political/social ideology or otherwise, know no boundaries, making cyber security a global issue,” said Bo Rotoloni, director of GTRI’s Cyber Technology and Information Security Laboratory (CTISL).

“Our best defense on the growing cyber warfront is found in cooperative education and awareness, best-of-breed tools and robust policy developed collaboratively by industry, academia and government,” Rotoloni concluded.

The full report is available here in PDF format.

Related Reading: Georgia Tech’s ‘Titan’ Malware Intelligence System Offers Threat Sharing, Collaboration Tools

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.