1. Sophisticated threat actors will continue to hide behind traditional mass-market crimeware tools to make identification and attribution hard for network defenders. Prediction by Darien Kindlund.
2. More attack binaries will use stolen or valid code signatures. These signatures allow malware to spoof as legitimate executables and bypass traditional antivirus looking for those characteristics. Prediction by Amanda Stewart.
3. Mobile malware will further complicate the threat landscape. We'll see blended threat between desktop and mobile gaining access to mobile-based authentication (such as SMS confirmation numbers). Because cybercriminals go where the clicks are, expect to see a continued focus on attacking these devices. Prediction by Yogi Chandiramani and Tim Stahl.
4. Java zero-day exploits may be less prevalent. Despite the comparative ease of Java exploit development, the frequent release of new Java zero-day exploits stopped after February 2013. The reason is unclear, but may be due in part to security warning pop-ups in Java 1.7 or increased attention from white-hat security researchers. Another possibility: too few people are using vulnerable versions of Java, giving exploit authors little incentive to continue finding more bugs. Prediction by Yichong Chen.
5. Browser-based vulnerabilities may be more common. Attackers are becoming increasingly adept at bypassing ASLR (Address Space Layout Randomization) in the browser. And in contrast to the slowing pace of newly found Java and classic input-parsing vulnerabilities, those involving browser zero-day vulnerabilities continue apace. Prediction by Dan Caselden.
6. Malware authors will adopt stealthier techniques for command-and-control (CnC) communications. They will tunnel communications over legitimate protocols and abuse legitimate Internet services to relay traffic and evade detection. This shift reflects the logical escalation by attackers who are increasingly hindered by network defenses. Prediction by Thoufique Haq.
7. Watering-hole attacks and social media targeting will increasingly supplant spear-phishing emails. Watering holes and social-media networks provide a neutral zone where targets let their guard down. The trust factor is not a big obstacle, and minimal effort is required to lure the target in to a trap. Prediction by Thoufique Haq.
8. More malware will fill the supply chain. Expect more malicious code in BIOS and firmware updates. Prediction by Bryce Boland.
9. New heap-spray techniques will emerge because of Adobe Flash's "click to play" mitigation (requiring user interaction to execute potentially malicious Flash content). In recent months we saw Flash being used to spray the heap during exploitation. But since Adobe implemented the "click-to-play" feature inside Microsoft Word documents, this approach no longer works. The most recent zero-day docx/tiff exploit, for instance, didn't use Flash for this reason. Prediction by Alex Lanstein.
10. Attackers will find more ways to defeat automated (sandbox) analysis systems, such as triggering on reboots, mouse clicks, applications closing and so on. A prime example: malware triggering at a specific time, similar to what we have seen in Japan and Korea. Attackers are focusing on evading sandbox systems, betting that this effort will make their malware dramatically more powerful. Prediction by Alex Lanstein.