The Complex

The cyber threats to watch in 2013

Happy almost 2013. IT security firm McAfee has just released a report on what it thinks will be the biggest trends in cyber for the new year. The report list several broad trends that we'll mention here, as well as a number of specific threats to operating systems such as Windows 8, OS X, and mobile software like Google's Android OS.

Perhaps most important from a national security standpoint is McAfee's prediction -- echoing that of the Pentagon -- that destructive cyberattacks along the lines of Stuxnet will increase in 2013.

Keep in mind that in 2012, we saw the U.S. government acknowledge that U.S. energy companies have been penetrated by hackers who may be trying to access the software that controls things like power turbines -- a possible precursor to a destructive attack against the U.S. power system. We also saw the Shamoon virus destroy 30,000 computers belonging to Saudi Arabia's Aramco oil company, an episode that Defense Secretary Leon Panetta called one of the most destructive cyber attacks to date. Whether released by nations or hacktivist groups, attacks seeking to destroy the victim's networks and physical infrastructure will grow, McAfee predicts.

"Destructive payloads in malware have become rare because attackers prefer to take control of their victims' computers for financial gain or to steal intellectual property. Recently, however, we have seen several attacks-some apparently targeted, others implemented as worms-in which the only goal was to cause as much damage as possible. We expect this malicious behavior to grow in 2013." the report reads. "The worrying fact is that companies appear to be rather vulnerable to such attacks. As with distributed denial of service (DDoS) attacks, the technical bar for the hackers to hurdle is rather low. If attackers can install destructive malware on a large number of machines, then the result can be devastating."

Who is going to be behind these attacks? Militaries will play an increasingly public role. 
"State-related threats will increase and make the headlines," the report warns. "Suspicions about government-sponsored attacks will grow. Using zero-day vulnerabilities and sophistical malware, some of these attacks may be considered advanced persistent threats [meaning they will use ever-evolving techniques to constantly nibble at public and private networks], while others will involve conventional malware."

Oh, and don't forget the possibility of terrorists trying to do a combination physical and cyber attack. "If a group can remotely disrupt a critical infrastructure, such as a defense or communications system, a conventional attack could more easily cause more damage," according to the report. "We have no evidence that such a terrorist event will occur in 2013, but today our fears of one are not just fantasy."

McAfee also foresees the rise of more ideologically driven hacker collectives. Some may coalesce to help overthrow Middle East dictators by providing dissidents with secure communications software, while other sometimes independent "patriotic" or ideological groups may execute cyberattacks against countries or organizations they disagree with.

"Patriot groups self-organized into cyberarmies and spreading their extremist views will flourish," states McAfee. "Up to now their efforts have had little impact (generally defacement of websites or DDoS for a very short period), but their actions will improve in sophistication and aggressiveness. They will fight among themselves, certainly, but their favorite targets will be our democratic societies each time we denounce the extremist governments they support."

All of these groups will be aided by the rise of what one DoD cyber official told Killer Apps worries him the most: the ever-expanding black market for malware and hackers for hire, or hacking as a service (HAAS), as McAfee puts it, in a play on the term for the software as a service (SAAS) business model. McAfee worries that the hacker black market is evolving from groups of loosely organized forums (basically online hacker bazaars) filled with hackers of all skill levels toward cadres of professionally organized hackers running online businesses providing all sorts of malware to customers.

"Online sales sites modeled on legal trade activities will grow in 2013," according to McAfee. "On these sites, buyers can make their choices at the click of a mouse, use an anonymous online payment method (such as Liberty Reserve), and receive their purchases without any negotiations or direct contact with the seller. More secure and anonymous, these offers will be easier to find on the Internet. They will also be more diversified. We have already started to see high-level audit services and offers for project development for cybercriminals."

The report goes on to list a number of specific bugs and software programs that will likely be major areas of malicious cyber activity in 2013. Click here to read it.

Wikimedia Commons

National Security

Pic of the day: X-47B aboard the Truman at sunset

We know we've been writing a ton about the Navy's X-47B lately, but we couldn't resist posting this as a midweek photo.

It's a great sunset shot that Northrop Grumman sent out to announce that it's stealth UAV has just finished a series of tests certifying that it can safely taxi on a crowded carrier flight deck. The deck handling tests are a precursor to what will the X-47B's history-making first flight off the ship, slated for 2013.

As we reported last week, a Northrop built X-47B is aboard the USS Harry S. Truman as it sails in the Atlantic Ocean off the Virginia Capes The drone taxied around the Truman's flight deck controlled by a crewman wearing a remote control system strapped to his arm.

X-47B is meant to prove that the sea service can operate an unmanned, stealthy jet capable of doing everything from reconnaissance and strike missions to air-to-air refueling operations. If all goes well, the X-47B will pave the way for a new fleet of navy combat jets, now called Unmanned Carrier Launched Airborne Surveillance and Strike, sometime around 2020.

Here's what Northrop has to say about the completion of the deck handling tests that tool place between Nov. 27 and Dec. 17:

"The X-47B deck trials proved convincingly that the design and operation of the aircraft are fully compatible with the rhythm and operational requirements of the carrier flight deck," said Mike Mackey, [X-47B] program director for Northrop Grumman Aerospace Systems. "They provided a major boost to the team's confidence as we move steadily toward our first carrier landings next year."

Mackey said the testing included taxiing the X-47B on the flight deck, maneuvering the aircraft up to the ship's catapults using the Northrop Grumman-designed Control Display Unit; taxiing the aircraft over the ship's arresting cables and conducting fueling operations. The team also moved the aircraft up and down the ship's elevators between the flight deck and the hangar bay.

"We proved that the X-47B air system is mature and can perform flawlessly in the most hostile electromagnetic environment on earth, a Nimitz class Navy aircraft carrier," added Mackey.

Northrop Grumman