13 Dec 2013
1. Android malware expands to industrial control systems and the IoT
As sales of mobile phones likely plateau in the coming years, Android developers are being tasked to find untapped markets for the Google operating system. A few of these emerging markets include tablets, portable game consoles, wearable devices, home automation equipment and industrial control systems (ICS/SCADA).
Next year, we predict we’ll see the first instances of malware on these new device types, specifically around embedded ICS/SCADA systems. While we don't believe we'll see a "mobile-Stuxnet" in 2014, we think cybercriminals will be attracted to platforms that go beyond common SMS fraud.
This includes new home automation devices that have control over our electrical consumption, the temperature of our fridges, etc. and feature software with remote login control panels to show/confirm who may be at home at a given time. This is bound to give cybercriminals new and nefarious ideas around how and when to rob someone’s home.
2. New exploits target off-net devices to penetrate corporate resources
The increased maturity of desktop exploit and advanced mitigation tools in the enterprise, such as malware sandboxing and next-generation antivirus, makes penetrating corporate networks a substantive challenge. The increased difficulty hackers are having penetrating today’s enterprise firewalls, will force them to take more creative approaches into networks or devices that are traditionally not hardened compared to the corporate network. These soft targets can include home routers, smart televisions, home automation and/or set top box connections. We predict we’ll see the first generic exploitation frameworks and mass malware agents for these types of home devices later next year.
3. More botnets will cross breed with other botnets
Historically, botnets worked alone. In rare instances, when a botnet such as TDSL infected a computer, the first thing it did was to look for traces of other botnets running on the same PC and remove them, thus preventing the compromised computer from becoming too unstable. In time, rather than compete against other botnets, the trend we’re seeing is botnets actually joining forces with other botnets in order to better grow their bases of infected users. This year we’re seeing an uptick in this type of activity, with the Andromeda, Bublik, Dorkbot, Fareit, and ZeroAccess botnets doing just that.