(Page 2 of 2)
"Nation-states and armies will be more frequent actors and victims of cyberthreats. Patriot groups self-organized into cyberarmies have had little impact up until this point, but their actions will improve in sophistication and aggressiveness," the report said. "In 2013, many more of the world's military units will be on the front line of social networks communicating more frequently. State-related threats will increase and make the headlines, while suspicions about government-sponsored attacks will grow."
McAfee also noted how cybercriminals are notorious for going onto public forums to make business deals with other criminals to offer not only software , but also hacking as a service. As the number of invitation-only criminal forums requiring registration fees is increasing to make forums more secure and anonymous, the firm predicts these offers will be easier to find on the Internet in 2013.
"Citadel will become the Trojan of choice among cybercriminals -- with the recent release of Citadel Rain, the Trojan can now dynamically retrieve configuration files, enabling a fraudster to send a targeted payload to a single victim or a selection of victims," the report said. "Detection will become more difficult as the footprint on the endpoint is minimal until the attack actually occurs."
Posted: 2013-01-14 @ 12:41am PT
Great article! There isn't a security threat that you can think of that some security company's marketing literature doesn't promise a solution for. But despite the zeal of marketers and the production of many great security solutions, there are still many threats to enterprise IT that simply cannot be offset, mitigated or prevented by a single technology solution. There also is a lot of misinformation out there that makes for uninformed security professionals and software developers. It's not uncommon to hear things like "well, I run a web vulnerability scanning tool that catches the majority of vulnerabilities", or "my Web Application Firewall mitigates any security holes in my applications" or "the frameworks we use prevent developers from writing insecure code." I cringe when I hear this because I know from experience that tools, frameworks and technologies can only automate, protect, and sandbox your software applications so much. Here's a great article on what tools, technologies and best practices can and cannot protect against: http://blog.securityinnovation.com/blog/2012/12/securing-application-it-systems-what-tools-technologies-and-best-practices-can-and-cannot-protect-ag.html. Hope you find it useful!