(U//FOUO) U.S. Air Force Top Ten Cyber Threats 2012

The following “For Official Use Only” Cyber Threat Bulletin from the U.S. Air Force’s 624th Operations Center Intelligence Surveillance & Reconnaissance Division, formerly part of the Air Force Cyber Command (AFCYBER), is almost a verbatim recreation of a public report issued by McAfee.

624th Operations Center Intelligence Surveillance & Reconnaissance Division (AFCYBER)

  • 4 pages
  • January 9, 2012


Every year as technology grows and advances thus do the threats that surround it. Predicting what new cyber threats to look for may not always be an easy task. By keeping up with the past trends and ever changing current environment, may help to give us a good handle on how to prepare for what may be to come.

Last year we saw great changes in Hacktivism, mobile threats, social-media exploitation, client-side exploitation, and targeted attacks. As many of these will only continue to evolve as we step in to 2012, there are many more to be added to the list and not ignored. According to McAfee, the top ten threats for 2012 are:

1. Attacking Mobile Devices – Over the last two years mobile devices and smartphones have experienced a huge increase in attacks with 2011 showing the largest levels in mobile malware history. As they did on PCs, rootkits and botnets deliver ads and make money off of their mobile victims the same way. The installation of software or spyware, ad clicks or premium-rate text messages, as well as a shift toward mobile banking attacks is just a few threats facing mobile device users. As more users handle their finances on mobile devices, techniques previously dedicated for online banking will now focus on mobile banking users, bypassing PCs and going straight for mobile banking apps.

2. Embedded Hardware – GPS, routers, network bridges, and recently many consumer electronic devices use embedded functions and designs. Malware that attacks at the hardware layer will be required for exploiting embedded systems. Attackers will often try to “root” a system at its lowest level. If code can be inserted that alters the boot order or loading order of the operating system, greater control is gained and can maintain long-term access to the system and its data. The consequence of this trend is that other systems that use embedded hardware, for example, automotive systems, medical systems, or utility systems will become susceptible to these types of attacks. These proofs-of-concept code are expected to become even more effective in 2012.

3. “Legalized” Spam – Since the drop in global spamming volumes from the peak in 2009 and the increased black market cost of sending spam through botnets, “legitimate” advertising agencies. The United States’ CAN-SPAM Act was watered down so much that advertisers are not required to receive consent for sending advertising. “Legal” spams, and the technique known as “snowshoe spamming,” are expected to continue to grow at a faster rate than illegal phishing and confidence scams.

4. Industrial Attacks – Gaining more attention every day, the cyber threat potential is one of few that pose real loss of property and life. Water, electricity, oil and gas are essential to people’s everyday lives, Many industrial systems are not prepared for cyber attacks, yet many such as water, electricity, oil and gas are essential to everyday living. As with recent incidents directed at water utilities in the U.S., attackers will continue to leverage this lack of preparedness.

5. Hacktivism – One thing is certain, when a target was identified, hacktivists are a credible force. The problem in 2011 was the undefined structure, differentiating between rogue script kiddies and a politically motivated campaign was a task. McAfee Labs predicts that in 2012, either the “true” Anonymous group will re-invent itself, or die out. The other piece to look for in 2012, digital and physical demonstrations becoming more engaged and targeting public figures more than ever before.

6. Virtual Currency – Also commonly referred to as cyber-currency, a popular means to exchange money online which is not backed by tangible assets or legal tender laws. Many use services such as Bitcoin, which allows users to make transactions through a decentralized, peer-to-peer network using an online wallet to receive “coins” and make direct online payments. Users need a wallet address to be able to send and receive coins, the wallets however are not encrypted and the transactions are public. This boosts opportunity for cybercriminals, not to mention Trojan malware.

7. Rogue Certificates – We often tend to trust digitally-signed certificates without a second thought believing the digital signature or certificate authority they came from to be legit. Recent threats such as Stuxnet and Duqu used rogue certificates to evade detection and investigations have shown that as many as 531 fraudulent certificates were issued from DigiNotar, a troubled Dutch authority that recently declared bankruptcy. Increased targeting of certificate authorities and the broader use of fraudulent digital certificates will only increase, giving attackers an even greater advantage.

8. Cyber War – As more and more countries are realizing the harmful outcomes cyber attacks pose, industrial attacks for example, that carry crippling potential, the need for defense is more apparent than ever. McAfee Labs expects to see countries demonstrate their cyber war capabilities in 2012, in order to send a message.

9. Domain Name System Security Extensions – A technology to protect name-resolution services from spoofing and cache poisoning by using a “web of trust” based on public-key cryptography; meant to protect a client computer from inadvertently communicating with a host as a result of a “man-in-the-middle” attack. Unfortunately it would also protect from spoofing and redirection of any attempts by authorities who seek to reroute Internet traffic destined to websites that are trafficking in illegal software or images. With governing bodies around the globe taking a greater interest in establishing “rules of the road” for Internet traffic, McAfee Labs expects to see more and more instances in which future solutions are hampered by legislative issues.

10. Advances in Operating Systems – Recent versions of Windows have included data-execution protection as well as address-space layout randomization. These security methods make it harder for attackers to compromise a victim’s machine. Encryption technologies have also boosted OS protection in recent years. As with most internal OS security measures, attackers very quickly found ways to evade them. Advances by the information security industry and operating system will continue to advance, but will that push malware writers to focus on directly attacking hardware? McAfee Labs expects to see more effort put into hardware and firmware exploits and their related real-world attacks through 2012.

Share this: