British defence company BAE Detica is predicting a “gearing up” of cyber attack capabilities across an increasing number of nation states in 2013, one of five cyber security trends that experts at the defence company identified in a recent report.
It predicts that an increasing number of nation states will have a credible level of cyber attack capability which may be an extension of regular military activities through to to hired hackers, networks of privateers and new cyber units. The report states that 2013 will reveal more nations involved in cyber warfare activities in addition to those nations already widely suspected.
2013 will also see the further maturing of a cyber attack industry, with clients paying cyber criminals for access to a company’s secrets, rather than paying simply for the technology. Just as cyber crime has fostered the growth of so-called online “crime as a service” operations, BAE Detica predicts a growth in off the shelf cyber attack services.
“We anticipate that a whole effective and efficient service industry will grow in this area offering tailored attack and information exfiltration services to those that wish to make use of them. Services will be engaged anonymously to order and the cyber goods delivered to the client’s door, without the need to employ the technology themselves.” the report says.
The report also predicts increased attacks against the supply chain and enterprise partners as businesses harden their own defences.
“One method of entry is by exploiting trusted relationships with third-party organizations such as partners and suppliers. We have noticed an increase in this style of attack in recent months from sophisticated actors, and predict this trend will continue in 2013.” it says
The growth in cyber attack activity means that businesses will move to “adaptive security architectures”- defence structures that can lock down affected systems without crippling the wider business.
The report says that a so-called ‘paranoia dial’ needs to be built into their systems that allows them to turn the dial up in circumstances of high threat to reduce attack surfaces and move to more secure but limited configurations.
Finally, the report predicts that more and more attacks will be mobile enabled, with instances of attacks on mobile devices increasing rapidly regions which are hotbeds of other malicious cyber activity, such as Eastern Europe and the Far East.
“However, recent proof of concept attacks such as those against the Samsung Galaxy could quickly be turned into ‘in-the-wild’ attacks by incorporation into one of many cyber crime exploit kits. These exploit kits are becoming increasingly cross-platform and the leap to mobile devices could cause an avalanche of attacks in 2013.” the report says.