Now that knowledge of targeted attacks, including APT activity, has become mainstream within the broader security community, I predict that 2013 will be a year in which our assumptions will be challenged. We have already seen how successful so-called “technically unsophisticated” attacks have been over the last few years, and I predict they will continue to be so as they are designed to exploit the human factor as much as, if not more, than technology.
In his 2013 predictions, our CTO Raimund Genes predicts that there will be increasing sophistication in malware attacks, not necessarily in the technical aspects of the malware itself but in the deployment of an attack. Moreover, he believes that such attacks will increasingly have a destructive capacity and that it will be challenging to determine attribution. Building on these points, I predict the following trends for 2013:
- There will be an increasing specificity in targeted attacks, especially as knowledge of some of the noisier APT campaigns is increasingly publicized. We will see an increase in localized attacks such as malware that will not execute unless certain conditions are met, such as language settings, or “watering hole” attacks that will only affect certain geographic regions or even only specific netblocks.