Will hacktivism take a back seat to hacking-as-a-service in 2013? Well, according to the latest McAfee’s annual Threat Predictions report it’s a distinct possibility.
The McAfee report, which is produced by McAfee Labs, predicts the Anonymous hacktivist movement will slow down in 2013 because of too many uncoordinated and unclear operations and false claims. McAfee Labs tracked Anonymous through 2012 and found that certain levels of technical sophistication were stagnated and the group’s tactics are better understood by its potential victims, and as such, the groups level of success will decline.
Related Stories: Security vendor predicts rapid evolution of Cyberthreats in 2013
What a cyber Pearl Harbor might look like
Phyllis Schneck, vice president and chief technology officer, global public sector at McAfee, cautioned that hacktivist attacks won’t end completely but instead there is a much bigger problem of vulnerability that the security community and channel partners should pay more attention too. “Bad guys can get in and they are doing it at a high speed. That has to stop,” she said.Schneck and McAfee have embarked on a course of action to share intelligence with channel partners, governments, businesses of all sizes and even competitors.
McAfee’s current focus is on the security ecosystem and the company’s goal is to protect everything in and around the network, mobile phone or any other wired device. She described the initiative as a weather satellite that monitors the area and what’s around the area; keeping you informed at every point.
“Also when you protect something you learn from that and we want to share it with the world. This creates a feedback loop so as it protects, it detects and then informs everyone,” Schneck added.
While hacktivism may be on the decline, the report found that hacking-as-a-service will be on the rise in 2013.
The report said business deals by cybercrooks on public forums not only offer software, but also hacking-as-a-service. As the number of invitation-only criminal forums requiring registration fees is increasing to make forums more secure and anonymous, these offers will be easier to find on the Internet in 2013.
For example, Citadel will become the Trojan of choice among cybercriminals McAfee believes given the recent release of Citadel Rain, the Trojan can now dynamically retrieve configuration files, enabling a fraudster to send a targeted payload to a single victim or a selection of victims. Detection will become more difficult as the footprint on the endpoint is minimal until the attack actually occurs.Schneck said that the cybercriminal underground has been harvesting personal information, banking information and other types of databases looking for value for the past 15 years. “This operation is alive and well and these groups form partnerships when the meet in prisons from Russia to Romania and they have trusted partnerships,” Schneck said.
Another thing these cybercrooks have is no legal boundaries and in some cases are government funded.
“The law is not there to stop it and that’s a problem the good guys have. We have to be faster and hacking-as-a-service is expanding around the world. They have set up and are readily available. Today, you can go to the Internet and launch a botnet, set off a phishing attack or spam,” she added.
There is some progress, according to Schneck. In the past two years, the FBI and global law enforcement arrested 400 cybercrooks. “The profit model has been limited and wearing an orange jumpsuit does not lead to a promising future,” she said.