As we near the end of 2013, it’s a perfect time to reflect on recent security events, the state of the industry and provide a glimpse into the future on how we anticipate the threat landscape to evolve in 2014.

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #1: Cybersecurity Regulatory Efforts Will Spark Greater Need for Harmonization
By Paul Nicholas, Senior Director, Global Security Strategy, Trustworthy Computing
The US Government will release its Cybersecurity Framework and this will begin a more detailed conversation between what can be accomplished by leveraging voluntary efforts, standards and tailored regulatory actions. Similarly, the directive on Network and Information Security (NIS) discussions in the European Union (EU) will continue to evolve and examine how to improve security, including raising more detailed discussions of incident reporting. The US and EU efforts will not happen in isolation.  It will be important to ensure that we do not end up with hundreds of different approaches to cybersecurity. This type of approach would begin to erode the base of the global ICT industry. In 2014, I predict that policy makers, private sector companies and vendors of all sizes will begin to see the imperative for harmonization and begin to align risk-based approaches to managing cybersecurity.

______________________________________________________________________________________________________________________________________________________

PREDICTION #2: Service-Impacting Interruptions for Online Services Will Persist
By David Bills, Chief Reliability Strategist, Trustworthy Computing
Online services across the industry and around the world have experienced service disruptions during the past year. I expect this trend to continue. Cloud service providers adopting contemporary resilience-enhancing engineering practices like failure mode & effects analysis and programmatic fault injection can help to reduce this trend. The adoption of practices such as these will help to effectively address the persistent reliability-related device failures, imperfections in software being triggered by environmental change and mistakes made by human beings while administering those services.

Learn more about how Microsoft thinks about reliability and what we’re doing to improve the reliability of our online services here.

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #3: We Will See an Increase in Cybercrime Activity Related to the World Cup
By Tim Rains, Director Trustworthy Computing
I recently wrote a series of articles on the threat landscape in South America. This series included an article on Brazil called The Threat Landscape in South America: Examining Brazil’s Dramatic Improvement. Brazil has had one of the most active threat landscapes in the world for many years. But recently, the region has made excellent progress fighting the online banking fraud that has plagued the region for many years. That said, criminals typically follow the money and in 2014 the economy in Brazil is expected to heat up. I was just in Sao Paulo and saw firsthand the excitement and infrastructure build up for the 2014 World Cup that is being hosted in Brazil in June and July. The excitement around this event is amazing.

As with any large sporting event, cybercriminals will also be looking for illegal ways to make money and take advantage of the excitement surrounding the World Cup. Given ticket sales for the event started long ago, I’m sure attackers have already been trying to identify ways to swindle money. But I expect to see an uptick in current levels of spam and phishing attacks that use the World Cup context as bait. Attackers use spam and phishing sites to try to steal recipients’ personal information (for purposes of identity theft and bank fraud), as well as infect their systems with malware (for many purposes like click fraud, spam campaigns, botnets, etc.). Spam messages associated with advance-fee fraud (so-called 419 scams) have been on the increase over the past 18 months, going from 9.1% of messages blocked by the Exchange Online Protection feature to protect customers in the first half of 2012 to 14.3% in the second half of 2012 to 15.5% of messages blocked in the first half of 2013. Advance-fee fraud is a common confidence trick in which the sender of a message purports to have a claim on a large sum of money or needs financial help because of some hardship. The sender asks the prospective victim for a temporary loan to get access to their claim or to help them overcome the harsh circumstances in which they find themselves. Of course these 419 scams won’t be limited to Brazil as football/soccer is the world’s most popular sport. I expect to see attackers cast a broad net using different languages in order to ensnare as many victims as possible in Latin America and Europe, as well as other parts of the world. 

Football/soccer fans around the world should use a healthy dose of skepticism when deciding whether to open unsolicited email and attachments. They should also pay close attention to the websites they visit and personal information they provide to such sites. 

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #4: Rise of Regional Cloud Services
By Jeff Jones, Director, Trustworthy Computing
In the wake of heightened concerns about unauthorized access to data, we will see the emergence and broad promotion of regional Cloud service offerings. The increased sensitivity to both legal data access and intelligence monitoring will be seen as a market opportunity that will be actioned in two ways – startups and existing providers. Regional start-ups will see a new opportunity to compete against global providers, while existing providers will develop and offer services delivered from regionally-based data centers in an effort to allay concerns and provide increased customer choice.  We also anticipate continued levels of interest in the efforts of technology company support of principles to reform government surveillance practices, such as those discussed here.

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #5: Dev-Ops Security Integration Fast Becoming Critical
By Mike Reavey, General Manager, Operational Security Assurance, Trustworthy Computing
As more and more organizations across the industry embrace secure development tools, like Microsoft’s Security Development Lifecycle (SDL), and operations teams mature their processes to become more security-centric with methodologies such as Operational Security Assurance (OSA) for online services, attackers will be left trying to exploit the seams between development and operations. This is one of the lessons Microsoft learned years ago with the malware known as Flame; this was a case where software developers’ assumptions about the perpetual state of operations led to a vulnerability that attackers could take advantage in a seam between development and operations.  For attackers, finding a gap between an assumption made by a developer and an assumption made by an operations team will be much easier due to the paradox of defense – they only need to find one gap while defenders need to identify them all.  As we see attackers attempt to exploit these gaps more frequently, we’ll see the industry continue to improve rigor around identifying and eliminating these gaps both in design and in continual service improvement.

We’ll see operational security champions build tighter connections with their developer counterparts. Threat modeling will grow to a broader, more systems-based approach. And methodologies will become more repeatable and rigorous, borrowing from tried-and-true processes in development such as application threat modeling, and growing similar muscle in operations using continuous monitoring and operational reviews. While attackers are already trying to exploit these gaps, many of the pieces for the defenses’ playbook exist, and we’ll see them come together to increase the challenge for attackers.

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #6: Cybercrime that Leverages Unsupported Software will Increase
By Tim Rains, Director Trustworthy Computing
This topic has been discussed before, but it’s worth mentioning again here. The most effective way to protect systems in the current environment, where drive-by download attacks are so popular with attackers, is to keep all software installed on them up-to-date with security updates. But on April 8 2014, support will end for Windows XP. This means Windows XP users will no longer receive security updates, non-security hotfixes or free/paid assisted support options and online technical content updates. This venerable platform, built last century, will not be able to keep pace with attackers, and more Windows XP-based systems will get compromised. The best way to stay ahead of attackers in 2014 and beyond is to migrate from Windows XP to a modern operating system that can provide increased and ongoing protections like Windows 7 or Windows 8, before April 2014.

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #7: Increase in Social Engineering
By Chris Betz, Senior Director, Microsoft Security Response Center
As enterprises move off of legacy systems, or restrict those systems to non-internet-facing roles, we will see cyber criminals and some advanced actors increase use of social engineering and weak passwords to access systems.   Social engineering and weak passwords have been part of the malicious actors’ kit for many years, and are some of the oldest hacking techniques still in use.  For the past several years, vulnerabilities in unpatched and older applications, such as those targeted through web-based attacks, are the most common way that malicious actors compromise systems.  Increasingly, enterprises and individual users are setting aside older systems and software for those with default patching and modern exploit defenses.  As users upgrade and install current applications, malicious actors will refocus their efforts on social engineering and weak credentials to gain access to systems and accounts. In 2014, enterprises and individual users should be wary of increased and novel social engineering attempts and consider use of multi-factor authentication to protect their accounts.

_____________________________________________________________________________________________________________________________________________________________________

PREDICTION #8: Ransomware will Impact More People
By Tracey Pretorius, Director, Trustworthy Computing
Although ransomware has been around for years, (to read more, see: Ransomware is on the Rise, Especially in Europe) to date, ransomware infections have been on a much smaller scale than other types of malware. But, given increased levels of success attackers have had with this type of extortion scheme in 2013, I predict more attackers will embrace this business model in 2014 and ransomware infections will rise. The impact of a ransomware infection on businesses of all sizes could be highly disruptive if they aren’t prepared for this type of threat.
 
As the probability of encountering a potentially super impactful threat increases, so does the risk. Now is the time for organizations to plan mitigations for ransomware. Besides running up-to-date anti-malware software from a vendor you trust, backups are extremely important. For many of the systems that get infected by this type of threat, the only guaranteed way to recover data that has been encrypted by attackers is to restore it from backup after the system has been disinfected or rebuilt. Leveraging the cloud to do this is a low cost option. You can read more about this threat and how to mitigate it here.    

_____________________________________________________________________________________________________________________________________________________________________
 
As you may have noticed, we have included perspectives from a wide-range of senior cybersecurity leaders at Microsoft in this year’s predictions, including:

  • Paul Nicholas, Senior Director, Global Security Strategy, Trustworthy Computing
  • David Bills, Chief Reliability Strategist, Trustworthy Computing
  • Mike Reavey, General Manager, Operational Security Assurance, Trustworthy Computing
  • Jeff Jones, Director, Trustworthy Computing
  • Christopher Betz, Senior Director, Microsoft Security Response Center
  • Tracey Pretorius, Director, Trustworthy Computing
  • Tim Rains, Director, Trustworthy Computing

In conclusion, we have seen some significant shifts in the threat landscape and in the industry in 2013. But basic security fundamentals continue to be effective at mitigating the risks; keeping all software up-to-date, running anti-malware software from a trusted source, and demanding software that has been developed using a security development lifecycle will continue to be best practices in 2014. Leveraging cloud services will also pay security, privacy and reliability dividends in the New Year and beyond.

We wish you a safe and prosperous 2014.

Tim Rains
Director
Trustworthy Computing
Microsoft