"The frequency of threats attacking Microsoft Windows below the kernel are increasing. Some of the critical assets targeted include the BIOS, master boot record (MBR), volume boot record (VBR), GUID Partition Table (GPT) and NTLoader," McAfee Labs says. "Although the volume of these threats is unlikely to approach that of simpler attacks on Windows and applications, the impact of these complex attacks can be far more devastating. We expect to see more threats in this area during 2013."
HTML5 creates a greater attack surface
This year will see continuing adoption of HTML5. McAfee notes that it provides language improvements, capabilities to remove the need for plug-ins, new layout rendering options and powerful APIs that support local data storage, device access, 2D/3D rendering, web-socket communication and more. While HTML5 offers a number of security improvements-McAfee believes there will be a reduction in exploits focused on plug-ins as browsers provide that functionality through their new media capabilities and APIs-it also suggests the additional functionality will create a larger attack surface.
"One of the primary separations between a native application and an HTML application has been the ability of the former to perform arbitrary network connections on the client," McAfee Labs says. "HTML5 increases the attack surface for every user, as its features do not require extensive policy or access controls. Thus they allow a page served from the Internet to exploit WebSocket functionality and poke around the user's local network."
"In the past," McAfee reports, "this opportunity for attackers was limited because any malicious use was thwarted by the same-origin policy, which has been a cornerstone of security in HTML-based products. With HTML5, however, Cross Origin Resource Sharing will let scripts from one domain make network requests, post data, and access data from the target domain, thereby allowing HTML pages to perform reconnaissance and limited operations on the user's network."
Experts also expect a rise in destructive attacks in 2013 by hacktivists and state actors.
"In 2013, we will see further destructive attacks (cyber sabotage and cyber weaponry) on utilities and critical infrastructure systems," says Harry Sverdlove, CTO of security firm Bit9. "We saw Shamoon wipe out the systems of a major oil company in the Middle East, and that company's cyber security was no more lax than comparable companies in the United States or Europe. We know the bad guys have the ability to disrupt these systems, all they need is motive."
LogRythm's Goldhammer agrees: "We should also expect to see an increase in nation state attacks and hacktivism. It might be hard for some people to believe that we'll see an increase in 2013 after so many well-documented and publicized attacks, but I expect we'll see hacktivists take much more aggressive measures."
While earlier attacks may have just embarrassed a country or company via website defacement or exposing their databases publicly, Goldhammer says he expects that to change: "I can see splinter cells of hackers take more aggressive means to cripple networks or corrupt data, or use ransom tactics, in order to financially punish or tactically weaken. In 2012, more and more evidence shows nation states using malware or using exploits to gain information or to attack infrastructure. In 2013, I expect to see headlines talking about a growing number of nation states building exploits against each other, both for data retrieval, data corruption and damage to infrastructure."
McAfee and Trend Micro both concur.