Seven 2013 Cybersecurity Predictions from Websense Security Labs

       Seven 2013 Cybersecurity Predictions from Websense Security Labs

Malicious mobile apps, government-sponsored attacks and sandbox avoidance

PR Newswire

SAN DIEGO, Nov. 13, 2012

SAN DIEGO, Nov. 13, 2012 /PRNewswire/ --From mass compromises of Wordpress to
a spear-phishing attack on the White House, there is no doubt cybercriminals
gained confidence and momentum in 2012. To help organizations prepare for next
year, the Websense^® Security Labs™ today announced seven predictions for the
2013 threat landscape. The full report can be found here, which includes
in-depth articles on mobile security, email security and Java exploits.
Highlights include:

1. Mobile devices will be the new target for cross-platform threats.

The top three mobile platforms cybercriminals will target are Windows 8,
Android and iOS. Web-based cross platform exploits will make it easier. In
2013, threats to Microsoft mobile devices will see the highest rate of growth.
Cybercriminals are similar to legitimate application developers in that they
focus on the most profitable platforms. As development barriers are removed,
mobile threats will be able to leverage a huge library of shared code. Attacks
will also continue to increasingly use social engineering lures to capture
user credentials on mobile devices. 

2. Cybercriminals will use bypass methods to avoid traditional sandbox

More organizations are utilizing virtual machine defenses to test for malware
and threats. As a result, attackers are taking new steps to avoid detection by
recognizing virtual machine environments. Some potential methods will attempt
to identify a security sandbox, just as past attacks targeted specific AV
engines and turned them off. These advanced attacks will remain hidden until
they are sure they aren't in a virtual security environment.

3. Legitimate mobile app stores will host more malware in 2013.

Malicious apps will increasingly slip through validation processes. They will
continue to pose risks to organizations enabling bring your own device (BYOD)
policies. In addition, jail-broken/rooted devices and non-sanctioned app
stores will pose significant risk to enterprises as more allow BYOD.

4. Government-sponsored attacks will increase as new players enter.

Expect more governments to enter the cyber-warfare arena. In the wake of
several publicized cyber-warfare events, there are a number of contributing
factors that will drive more countries toward these strategies and tactics.
While the effort to become another nuclear superpower may be insurmountable,
almost any country can draft the talent and resources to craft cyber-weapons.
Countries and individual cybercriminals all have access to the blueprints for
previous state-sponsored attacks like Stuxnet, Flame and Shamoon.

5. Expect hacktivists to move to the next level as simplistic opportunities

Driven by highly publicized hacktivist events in recent years, organizations
have deployed increasingly better detection and prevention policies, solutions
and strategies. Hacktivists will move to the next level by increasing their

6. Malicious emails are making a comeback.

Timed and targeted spear-phishing email attacks, along with an increase in
malicious email attachments, are providing new opportunities for cybercrime.
Malicious email will make a comeback. Domain generation algorithms will also
bypass current security to increase the effectiveness of targeted attacks.

7. Cybercriminals will follow the crowds to legitimate content management
systems and web platforms.

Vulnerabilities in Wordpress have frequently been exploited with mass
compromises. As other content management systems (CMS) and service platforms
increase in popularity, the bad guys will routinely test the integrity of
these systems. Attacks will continue to exploit legitimate web platforms,
requiring CMS administrators to pay greater attention to updates, patches, and
other security measures. Cybercriminals compromise these platforms to host
their malware, infect users and invade organizations to steal data.


"The past year illustrated how quickly the threat landscape continues to
evolve, with attacks and exploits redefining the concepts of crime, business
espionage and warfare. The risk to organizations continues to be amplified by
the frailty of human curiosity. It's now expanding across diverse mobile
platforms, evolving content management systems and an ever-increasing
population of online users.

2013 will absolutely reinforce the fact that traditional security measures are
no longer effective in thwarting advanced cyberattacks. Organizations and
security providers need to evolve toward more proactive real-time defenses
that stop advanced threats and data theft."

-Charles Renert, vice president of Websense Security Labs, Websense.

Websense Links

Read the 2013 Websense Security Labs predictions report.

Click to share the 2013 Websense Security Labs predictions on Facebook.

Click to share the 2013 Websense Security Labs predictions on Twitter.

Please click here for more information on the Websense^® TRITON™ solution.

About Websense, Inc.

Websense, Inc. (NASDAQ: WBSN), a global leader in unified web security, email
security, mobile security, and data loss prevention (DLP), delivers the best
content security for modern threats at the lowest total cost of ownership to
tens of thousands of enterprise, mid-market and small organizations around the
world. Distributed through a global network of channel partners and delivered
as appliance-based software or SaaS-based cloud services, Websense content
security solutions help organizations leverage social media and cloud-based
communication, while protecting from advanced persistent threats and modern
malware, preventing the loss of confidential information, and enforcing
internet use and security policies. Websense is headquartered in San Diego,
California with offices around the world. For more information, visit

Follow Websense on Twitter:
Join the discussion on Facebook:

Media Contact:
Patricia Hogan
Websense, Inc.
(858) 320-9393

SOURCE Websense, Inc.

Press spacebar to pause and continue. Press esc to stop.