Prediction #2: Attackers will increasingly use apps, movies and music to install malware
As attackers shift their tactics, the relative prevalence of the categories of malware that Microsoft antimalware products and tools block and clean from systems all over the world change. For example, worms have come in and gone out of vogue with attackers over time as seen in the figure below. Over the past few years Trojans (and social engineering) have become the most prevalent category of threats. This is also true for mobile app marketplaces. I expect this trend to continue in 2013.
We recently warned software users that attackers were using software key generators to install malware on their systems. Given that several new operating systems and devices from various different vendors were recently released, I expect key generator downloads to surge in the coming year. After all, the first thing people do after getting a new device is install applications on it. As key generator downloads continue to increase, Trojans will flourish. My mantra always has been: if you don't trust the source of the software, don't trust the software. In 2013, this advice will be as relevant as it ever has been.
One similar trend we have seen growing for some time is the use of video and audio files to install malware. One Trojan downloader family in particular that uses this tactic, called ASX/Wimad, has crept into the top ten lists of threats in several locations around the world. I suspect this upward trend will continue in 2013 as attackers continue to take advantage of people's desire for free entertainment and software.
Finally, notice the relatively recent drop in adware in Figure 3. This drop doesn't mean that online advertising is going away anytime soon. The drop in adware is likely the result of online advertisers being more declarative and transparent about the value propositions of their products and services. As the advertising economy shifts to in-App advertising, the advertising ecosystem will change.
Prediction #3: Drive-by attacks and cross-site scripting attacks will be attacker favorites
The long term trends are very clear: attackers have been leveraging drive-by download attacks and cross-site scripting attacks more and more each year. Drive-by download attacks are being made easier to perpetrate by the broad availability of exploit kits, such as the Blacole exploit kit. Such kits allow attackers to focus on vulnerabilities in ubiquitous software that is infrequently updated or hard to keep up to date. I don't think I'm making a risky prediction that attackers will continue to use drive-by attacks and cross-site scripting as much, or even more in 2013, than they did in 2012.
Sign up for CIO Asia eNewsletters.