"One limitation for many malware authors seeking profit from mobile devices is that more users transact business on desktop PCs than on tablets or phones," McAfee Labs says. "But this trend may not last; the convenience of portable browsers will likely lead more people to do their business on the go. Attackers have already developed ransomware for mobile devices. What if the ransom demand included threats to distribute recorded calls and pictures taken with the phone? We anticipate considerably more activity in this area during 2013."
AlienVault, provider of a unified security management solution, agrees, "We will see new ransomware tactics in 2013 as a result of the poor economy and the success of this type of attack (reportedly, cybercriminals raked in $5 million using ransomware tactics in 2012)."
Windows Still a Target
On the Windows front, Trend Micro reports that Windows 8 will offer consumers key security improvements-especially the Secure Boot and Early Launch Anti-Malware (ELAM) features—. However, enterprises are unlikely to see these benefits in the coming year. Analysts from research firm Gartner believe most enterprises won't begin to roll out Windows 8 in large numbers until 2014 at the earliest.
McAfee suggests that attackers targeting Windows of all varieties will expand their use of sophisticated and devastating below-the-kernel attacks.
"The evolution of computer security software and other defenses on client endpoints is driving threats into different areas of the operating system stack, especially for covert and persistent attackers," McAfee Labs says.
"The frequency of threats attacking Microsoft Windows below the kernel are increasing. Some of the critical assets targeted include the BIOS, master boot record (MBR), volume boot record (VBR), GUID Partition Table (GPT) and NTLoader," McAfee Labs says. "Although the volume of these threats is unlikely to approach that of simpler attacks on Windows and applications, the impact of these complex attacks can be far more devastating. We expect to see more threats in this area during 2013."
HTML5 Creates a Greater Attack Surface
This year will see continuing adoption of HTML5. McAfee notes that it provides language improvements, capabilities to remove the need for plug-ins, new layout rendering options and powerful APIs that support local data storage, device access, 2D/3D rendering, web-socket communication and more. While HTML5 offers a number of security improvements-McAfee believes there will be a reduction in exploits focused on plug-ins as browsers provide that functionality through their new media capabilities and APIs-it also suggests the additional functionality will create a larger attack surface.