As the year draws to a close it’s time for us to take a step back, absorb the lessons of 2012, and look at what 2013 and beyond will bring for users, the security industry, and even cybercriminals. Here are some of my predictions:
The volume of malicious and high-risk Android apps will hit 1 million in 2013.
As Android grows, so does the threat of malicious and high risk apps for its users. In 2013, we will be able to detect a million Android apps – a threefold increase from the 350,000 projected to be found by the end of 2012. Android may well be on its way to dominating the mobile space the way Windows dominated the desktop/laptop arena, but this very popularity lures in attackers and cybercriminals.
This growth is likely to result in an arms race between attackers and Android security providers, similar to the one that occurred more than a decade ago in the Windows ecosystem. However, these steps will not decrease the platform’s appeal to criminals.
Consumers will use multiple computing platforms and devices. Securing these will be complex and difficult.
The Windows-centric computing environment of the past has been replaced with a diverse, multi-screen environment thanks to tablets and smartphones. Each operating system brings its own unique usage model and interface. Because of this, it becomes a challenge for users to secure each and every device they own.
It’s quite possible that many users will simply give up and leave the defaults are in place. However, these may not be the most secure or private settings.
Conventional malware threats will only gradually evolve, with few, if any, new threats. Attacks will become more sophisticated in terms of deployment.
Malware authors already have a wide variety of tools at their disposal to carry out their objectives. Because of these, I expect conventional malware to evolve relatively slowly. Developments here will largely revolve around refinements to existing tools, or as a response to moves by security vendors. (A good example of the latter case in 2012 was the release of Blackhole Exploit Kit 2.0, a direct response to successful efforts to block attacks that used the previous 1.x version.)
What will change is how the attacks are conducted. What we will see is an increase in the sophistication, skill, and cunning in how victims are made to click on links, open e-mails, and download attachments.
Africa will become a new safe harbor for cybercriminals.
Africa is already home to the infamous 419 scam. As cybercriminals elsewhere feel the heat from law enforcement in their home countries, they are likely to set up shop in Africa.
There are two factors that will drive this development. First of all, the continent’s Internet infrastructure is gradually improving. Secondly, local law enforcement of anti-cybercrime laws is still weak. This combination could make cybercrime a “growth industry” in Africa.
These are just some of my predictions for 2013 and beyond. The rest of my predictions can be found in our full predictions document titled Security Threats to Business, the Digital Lifestyle, and the Cloud, which you can read by clicking the cover below.