Predicting future threats can be a hit-or-miss exercise for a security research organization. Certainly it is interesting to put on our wizard hats and prognosticate about what may happen in the coming months, but how much do threats really change each year? The past 12 months were a transformative year in many ways, but were these transformations revolutionary or evolutionary? We saw great changes in mobile threats, hacktivism, client-side exploitation, social-media exploitation, and targeted attacks. Many of these changes and trends will continue to influence the threats landscape for years to come.

What changes to threats does McAfee Labs expect in the coming year? We foresee several new scenarios as well as some significant evolutions in even the most established threat vectors:

• Industrial threats will mature and segment
• Embedded hardware attacks will widen and deepen
• Hacktivism and Anonymous will reboot and evolve
• Virtual currency systems will experience broader and more frequent attacks
• This will be the “Year for (not “of”) Cyberwar”
• DNSSEC will drive new network threat vectors
• Traditional spam will go “legit,” while spearphishing will evolve into the targeted messaging attack
• Mobile botnets and rootkits will mature and converge
• Rogue certificates and rogue certificate authorities will undermine users’ confidence
• Advances in operating systems and security will drive next-generation botnets and rootkit