Trend Micro security predictions for 2014 and beyond
Read more
Basic two-step verification will no longer work against mobile MitM attacks
Cybercriminals will level up via targeted attack methods

Bad actors will increasingly use clickjacking and watering hole tactics, new exploits, and mobile threat vectors

One major data breach will occur each month

More bugs will be exploited as vendors end support for Java 6 and Windows XP

Bad actors will use the Deep Web to drag law enforcers in a global struggle

Privacy will become bigger than the individual; public distrust will ensue

Bad actors will continue to await the “killer app” before jumping onto the IoE bandwagon


Heads-up display (HUD) glasses and contact lenses that respond to hand gestures and personalize content, along with smart grids that automate basic services and technology-assisted living—these are but a few of the technologies we believe will be available by 2020.

To anticipate the future of cybercrime and help governments, businesses, and individuals prepare, Trend Micro, the Europol, and the International Cyber Security Protection Alliance (ICSPA) released “Project 2020: Scenarios for the Future of Cybercrime” last September. Likewise, a riveting Web series, “2020: The Series,” was created to better show future scenarios that will affect all netizens’ digital lives.

Pertinent questions like “Are these scenarios bound to happen?”; “Who will own our data by then?”; “Who will secure our data from emerging threats?”; and “Which existing technologies will usher in the 2020 way of life?” have been brought to light.

Interestingly enough, the seeds have been sown and we’ll likely see them grow in the near future. We’re already seeing them turn into reality with the advent of wearable technologies like Google Glass and smart watches, smart meters, and even decades-old industrial control systems (ICS) and radio-frequency-aided technologies like the Automated Identification System (AIS). Despite their existence though, we believe they won’t be targeted by real attacks yet in 2014. Threat actors have yet to determine the most effective means to crack the “Internet of everything” (IoE) threat space wide open and so will only launch proof-of-concept (PoC) attacks.

While waiting, cybercriminals and threat actors will continue to blur boundaries in search of what they can and can’t use to steal valuable information. We expect the threat landscape to move closer toward making 2020 a reality, as attackers, regardless of type, use the new tactics and tools outlined in our predictions for 2014 and beyond.

Download PDF
Download the full report (PDF/engl.)

Trend Micro Incorporated, a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years of experience, we deliver top-ranked client, server, and cloud-based security that fits our customers’ and partners’ needs; stops new threats faster; and protects data in physical, virtualized, and cloud environments. Powered by the Trend Micro™ Smart Protection Network™ infrastructure, our industry-leading cloud-computing security technology, products and services stop threats where they emerge, on the Internet, and are supported by 1,000+ threat intelligence experts around the globe. For additional information, visit

Just this June, two of the biggest social networking sites, Twitter and Facebook, adopted two-step verification to better protect their users. Though a welcome improvement to just using user-name-password combinations, it doesn’t hinder malware like PERKEL from intercepting authentication messages sent to mobile devices.

Nearly one in five smartphone users banked via their mobile devices this year. It doesn’t help that the smartphone user base has ballooned to over a billion this year and that the number of mobile bankers is projected to hit the same mark by 2017.

Even more, mobile payment adoption is expected to grow alongside the device shipment volume. In the United States alone, the value of proximity mobile payment transactions is expected to reach US$2.59 billion in 2014.

Given all these, we foresee more mobile man-in-the middle (MitM) attacks that render basic two-step verification lacking against popular activities. It is, after all, only logical for mobile banking threats to cope with developing trends and technologies.

Threat actors and cybercriminals used to have distinct boundaries when it came to defining what, how, and why they do certain things. But now, we are seeing cybercriminals adopt methods usually identified with threat actors in the past.

This trend will continue; more cybercriminals will use targeted-attack-type methodologies to compromise machines and networks. They will likely be motivated by the success of targeted attack campaigns. They will use easy-to-craft-malware, launch small but effective campaigns like Safe, and take advantage of the weakest link in network chains—humans.

More recent reports also revealed that around 150 samples that can take advantage of the newly discovered Microsoft zero-day bug (CVE-2013-3906) have been found, making it a likely candidate for exploit of choice in 2014.

Like threat actors, cybercriminals will soon conduct open source research and craft their own spear-phishing emails. They will also exploit 2–3 common vulnerabilities like this year’s favorites, CVE-2012-0158 and CVE-2010-3333, because of their proven track records.

Besides these, the malware infection count is likely to surge due to the end of support for software and OSs like Windows® XP and Microsoft™ Office® 2003. This is expected, as users won’t be able to patch new vulnerabilities on legacy software and OSs nor turn off legacy systems for fear of ending running critical processes.

Spear phishing has been threat actors’ most favored attack vector. In 2014 though, we not only expect attackers to craft more spear-phishing emails but also launch more clickjacking and watering hole attacks, search for new exploits of choice, and target new vectors like mobile devices to get in to networks.

We will see troves of successful clickjacking and watering hole attacks using various social engineering lures and new exploits. The new zero-day exploit (CVE-2013-3918) could become threat actors’ top sentinel.

Exploit trends will shift as well. Attackers will target bugs in software suites rather than in OSs due to the lack of exploitable vulnerabilities in the latter.

Attackers will also increasingly target mobile device users, veering away from using email attachments for attacks. This should, after all, prove more effective because mobile devices are replacing desktops, especially in homes. Individuals and organizations alike should keep in mind that when it comes to targeted attacks, any device can and will be used as point of entry.

2013 was plagued by prominent data breach incidents, including the attacks on Evernote and LivingSocial, which affected millions of users worldwide. More such incidents can be expected to occur in 2014.

One major data breach will be seen each month. Cybercriminals will learn more from each successful incident and craft new and better means to monetize stolen data. As with the Adobe breach this October, stolen user data will be filtered and “chopped up” into more valuable chunks before being sold underground to make bigger profits.

Information will continue to be a lucrative profit source for cybercriminals and an espionage or sabotage gold mine for threat actors. Someone will always try to get in to a network, if they’re not yet in there, that is.

Meanwhile, existing trends will continue. Groups like Anonymous will continue to hack into establishments they disagree with and threat actors will strive to search for new tools and tactics to exploit vulnerabilities.

A zero-day exploit targeting the still-large number of Java 6 users was discovered right after support for the software was discontinued. Java 6 users were left on their own against the attack. We believe Windows XP users will suffer the same fate when support for the OS ends in 2014.

The 11-year-old OS still runs on 20% of computers today and is still used by about 500 million people. Though both Oracle and Microsoft have been pushing affected users to upgrade to newer versions, hesitation persists because they have grown so used to previous versions.

Given these, attacks exploiting vulnerabilities in unsupported software like Java 6 will intensify. By April 2014, when Windows XP support officially ends, we expect the vulnerability landscape to be littered with more zero-day exploits targeting the OS. Cybercriminals may even include these exploits in existing toolkits.

Point-of-sale (PoS) terminals, healthcare devices, and critical infrastructure, among others, that run legacy software and OSs will also be affected.

Lastly, the recent Adobe ColdFusion source code leakage will lead to more attacks on servers that run outdated versions of the software. And seeing that ColdFusion deals with server-side processes, attacks against its users—“high-value” targets or enterprises—are likely to net cybercriminals more valuable information and greater profit.

Awareness of illegal activities that take place in the Deep Web has taken root. And groups like the International Criminal Police Organization (Interpol), the U.K. Serious Organized Crime Agency (SOCA), the European Police Office (Europol), the Federal Bureau of Investigation (FBI), and the International Telecommunication Union (ITU), along with security experts like Trend Micro have taken steps to mitigate cybercrime. Though developing countries have yet to keep up, developed nations have begun investing in and taking an active part in the fight against cybercriminals and threat actors.

Despite these efforts though, the Deep Web will continue to pose significant challenges to law enforcers, as they struggle to develop the capacity to address cybercrime on a large scale. This will especially hold true should bad actors go deeper underground with the use of “darknets”—a class of networks that guarantee anonymous and untraceable access like The Onion Router (TOR)—and harder-to-track cryptocurrencies like Bitcoin, helping them become even more elusive.

As a result of a scandal involving classified information revealed by former government contractor, Edward Snowden, a number of states and citizens are worried about how their data is being handled today. Europeans, known to be sensitive when it comes to data privacy, are threatening to sever data-sharing agreements with the United States. Private citizens are expressing concerns over data collected from consumer-facing services. Founders of a popular photo-sharing app also admitted to retrieving unopened photos still on the server if given a search warrant.

We predict that public distrust will continue to ensue, resulting in a period of disparate efforts to restore privacy. This can cause certain entities to reexamine where they choose to store data or host their infrastructure. The past quarter already saw an American networking firm suffer a sudden 21% revenue drop from its top 5 markets—a 25% drop in Brazil; 18% in India, Mexico, and China; and 30% in Russia.

The National Security Agency (NSA) story will trigger a big mind shift that will drive users to poke deeper into privacy risks—focusing on the Deep Web and TOR use, international traffic routing, and Facebook data collection.

In response to privacy dilemmas, users will consider technologies like personal encryption solutions. Cloud service providers will strive to ensure security control and data privacy protection. They will partner with security companies to do so, ushering in the “bring your own controls” (BYOC) trend, as enterprises seek to properly segment data and protect their core from unauthorized access.

IoE will continue to drive discourse and new technologies or processes but we won’t see large-scale, widespread threats in 2014. Attacks can only occur once a “killer app,” that one app or device that will change the landscape as we know it, emerges and provides bad actors enough financial motivation to do so.

Valve’s recent release of the Steam Box console and developments in the augmented reality appliance space with wearable devices like Google Glass will spur new threats beyond 2014. The addition of Linux-based consoles to the market also means that gaming malware creators will have more users to target.

Vulnerable radio-frequency-enabled systems will be low-hanging fruits that professional attackers can target. We foresee a shift in vulnerability identification; this will no longer be limited to computers, corporate networks, or even mobile devices but will include radio-frequency-enabled technologies mostly used in the transportation industry. More research pointing out exploitable bugs in technologies like the AIS that can allow attackers to hijack marine vessel tracking systems, among others, will increasingly crop up. In fact, we won’t be surprised if we see an attack on an AIS transmitting station or similar technology by 2020.

We expect more attention to be poured onto IoE, insufficiently secured SCADA networks, vulnerable medical devices, and other flawed systems beyond 2014. And all these will be made apparent by the number of PoC attacks, more in-depth research, and discussions that will revolve around IoE in 2014.