15 Nov 2012
In a recently published 2013 cyber-threat forecast, the Georgia Tech Information Security Center warns that serious threats in terms of mobile, search poisoning, supply chains and cloud capabilities could be coming next year.
The report warns that cloud computing power could be used maliciously by attackers, the same way legitimate companies run their business. Giving hackers the ability to control a large network of bots poses serious security concerns if cloud providers slack in patching known vulnerabilities.
"If I'm a bad guy, and I have a zero-day exploit and the cloud provider is not up on their toes in terms of patching, the ability to exploit such a big capacity means I can do all sorts of things," said Microsoft’s Yousef Khalidi.
Products manufactured by Chinese companies were also deemed potentially dangerous as ZTE and Huawei were investigated for having built-in back doors into their products. With smartphone malware constantly on the rise, the same report concludes that OEM and carrier patching policy should be more aggressive to prevent widespread malware distribution.
The issue of search poisoning by hackers gaining control of a victim’s browsing history was also debated, as search engine optimization and hack attacks on legitimate websites could cause massive financial damage to companies and irk users.
"If you compromise a computer, the victim can always switch to a clean machine and your attack is over," said Professor Wenke Lee. "If you compromise a user's search history and hence his online profile, the victim gets the malicious search results no matter where he logs in from."