Trend #1:  Government Malware Goes Commercial

Trend #2:  Black Clouds on the Horizon
The famous criminologist, James Q. Wilson, pioneered the concept of community policing and transformed law enforcement.  In this case, police partnered with citizens and business to identify issues that led to crime in order to reduce crime rates.  Mr. Wilson’s approach, however, applied to the physical world. 

The digital equivalent would encourage organizations to share attack data, and coordinate what they see from an attack standpoint.  Today, an attack on one company may seem random.  But taken in a broader context, having broader visibility takes the randomness out.  Why don’t security professionals do this?  Psychologists often assert that “The first step toward change is awareness.” We predict that in 2013 we will see that both business and government parties will be taking the second step of reducing the security deficit, not just by extending their individual defenses, but, more importantly, creating collaborative defenses by sharing individual protection data.  In other words, cyber hippies will form security communities.

Benefits of Collaboration
From the attacker point of view, launching a successful attack against an organization requires investment in infrastructure. The infrastructure may be physical, such as internet servers to host command and control servers and exfiltrated data, or logical, such as software hacking tools need to be developed, vulnerabilities that need to be researched, and stealth communication protocols to conceal the attacker’s true identity.

In order to get the most out of their initial investment in hacking infrastructure, attackers strive to reuse their attack infrastructure against as many targets as possible. When there’s no collaboration between defending parties, each new target has to react to the attack as if it’s new, while chances are that other targets have already experienced the same attack in the past.

A good example for such reuse, and the potential of using it for defense side benefit, was the discovery of the HTran protocol used by many APT hackers to disguise the location of their command and control servers. The sharing of protocol details helped Dell to uncover 60 different families of custom-targeted malware used to mount complex APT attacks.

Government involvement in Collaboration on 2013

We predict that in 2013, the private sector will actively seek security solutions to enable it to share attack data rapidly and to automatically enjoy the strength of community defense without hindering the privacy of the data.

But private sector will not be alone in that effort. Governments have also become aware to the damage cyber attacks inflict on the state’s economy and national security and acknowledged the potential of sharing attack data to fight it. The data can be shared between the government and the private sector and also amongst the different private sector parties themselves.

A recent report of the Bipartisan Policy Center states:

Improvements in information sharing between the federal government and private sector about cyber threats and vulnerabilities show great promise for improving our cyber defenses and potential response measures. Public-private cyber information sharing can bolster and speed identification and detection of threats and will be critical to a coordinated response to a cyber incident. This type of information sharing can and must be done in a manner that protects privacy and civil liberties.

We believe that we will see more regulations and laws to encourage the sharing of attack data on one hand and on the other hand lifting legal barriers concerning the privacy of data that may interrupt such sharing. Such obstacles are the current demand of certain regulations never to share certain type of data articles. We predict that this strict demand will be replaced with a more balanced attitude that allows the sharing of such data in a privacy preserving way, in order to provide better data protection.