Spam in 2013: Buckle Up for a Rough Year

1372674595_0The Mayan apocalypse has passed without so much as a sneeze from the Mayan gods, and if you’ve breathed a sigh of relief and moved on to kicking the snot out of digitized zombies in Call of Duty: Black Ops II and settled in for a quiet New Year, you may want to take this moment to gasp in horror. Okay, it may not be all that bad, but you may want to get your game on so you can kick the snot out of a bevy of spam-related threats in 2013. The annual report from security firm Sophos doesn’t give us a lot of comfort that spam will go away any time soon. In fact, 2012 had its share of nastiness, and nastiness, it seems, is the trend that will continue on into the fledgling year. The firm’s Security Threat Report 2013 has some invaluable reading for anyone in the business of protecting networks from the specter of douchiness that is the spammer community.

What 2012 Looked Like

Some of the higher points of the report include a look at 2012, which forms the basis for what we can expect in 2013. Sophos takes a look at the new platforms and changing threats for the IT world, with a focus on the increased threat of Facebook and other social media platforms, and an increased interest in cloud computing that has also seen its share of concerns.

The report also keys-in on Blackhole, whose version 2.0 receives some respect, for lack of a better word, for the level of sophistication that the new exploit kit contains. Between October 2011 and March 2012, almost 30% of the detected threats came from Blackhole or compromised sites, and Sophos predicts that Blackhole 2.0 will be a pain in our proverbial butts for years to come.

Java also got its own hall of shame award for the way in which it continued to be a source of vulnerabilities. The report calls into scrutiny the number of plugins that encouraged “many organizations to get rid of Java in the browser if possible.” And while Oracle worked hard to plug  the holes, they appeared far quicker than Oracle had fingers.

The report gives ‘love’ to Android, too, telling us something else we already knew: Android is ripe for the picking as a vehicle for botnets, malware, spam, and anything else the spambags can think to throw at us. “ It also discusses how the diversification of platforms has changed our world, and how we no longer live in the simpler times that saw us protecting Windows-only systems, including Mac OSX, which had long been thought of by Apple fanboys as an impenetrable fortress of aestheticism.

What 2013 will look like

In the year ahead, we can expect a continuation in the attacks, like SQL injections, designed to grab large numbers of credentials. Sophos cautions that in 2012, “IT professionals will need to pay equal attention to protecting both their computers as well as their web server environment.”

Sophos also saw an increase in the burgeoning use of ‘irreversible’ malware attacks, which hold data for ransom, and which are virtually impossible to reverse. In 2012, Sophos predicts there will be, “more attacks which…will place a greater focus on behavioral protection mechanisms as well as system hardening and backup/restore procedures.”

Attack toolkits, like the previously mentioned Blackhole, offer tools that make it easier for wannabe hackers and harder for law enforcement and security firms. Sophos predicts that, “in the coming year we will likely see a continued evolution in the maturation of these kits replete with premium features that appear to make access to high quality malicious code even simpler and [more] comprehensive.”

It’s not all bad news, but it’s not good, either. Sophos does envision a reduction in the amount of outright exploits. “The ready availability of DEP, ASLR, sandboxing, more restricted mobile platforms and new trusted boot mechanisms (among others) made exploitation more challenging.” But the report cautions that a reduction may be offset by a “sharp rise in social engineering attacks across a wide array of platforms.”

Finally, there’s a new wrinkle that may just find its way into our nightmares in 2013. The report points out that with the integration of devices and applications, along with new technologies like near field communication (NFC) being integrated into these platforms, it could present opportunities for cyber crooks to compromise our security or privacy. “This trend is identifiable not just for mobile devices, but computing in general. In the coming year watch for new examples of attacks built on these technologies.”

Good luck in 2013.

Leave a Reply