This post is the first in a series of articles that will expand on the recently released McAfee Labs 2014 Threats Predictions. In this and upcoming posts, McAfee Labs researchers will offer their views of new and evolving threats we expect to see in the coming year. This article was written by Dr. Igor Muttik and Ramnath Venugopalan.
Big Data is a popular term. The concept feels important, and menacing, because we know that the amount of knowledge available on the Internet is enormous and it grows at a staggering rate. But data accessible via the Internet is only the tip of an iceberg: The Internet as we know it is only the public part of massive amounts of online data. Knowledge is power; that hasn’t changed. And extensive knowledge (which Big Data provides) leads to a lot of power.
Those of us who often shop online notice that commercial websites are getting better at focused personal advertising; sometimes they identify our interests even before we realize them ourselves. Commercial sites gather and share (often indirectly, via ad providers) information about web pages we visit. In 2014 we expect commercial companies will become more effective and more aggressive in tracking consumers by analyzing their growing pieces of Big Data. Driven by further adoption of “do not track” functionality in browsers, we foresee an accelerated shift from tracking based on cookies toward fingerprinting based on browsers and behavior. As a result, there will be deeper and wider online tracking and an increasing number of privacy concerns. Unprotected users will continue to lose control over who analyses and records their online actions and when it happens. Staying anonymous when browsing will be harder next year.
Security companies are also creating Big Data stores, but the data we gather is very different from the information that commercial interests and cybercriminals seek. Security products do not need personally identifiable information to discover malware, spam, and other intrusions—only the data to uncover new attacks.
Tracking consumers using Big Data is easy. However, discovering new and unknown intrusions is much harder as we deal with professionally organized malware-writing gangs. Despite their efforts, we predict that machine learning and data analytics based on Big Data will improve the discovery of targeted attacks and persistent threats in 2014.
Many large-scale organizations are deploying Big Data analytics, at the cost of millions of dollars, to identify threats within their environments. In 2014 and beyond, however, we expect to see the first signs of evasion maneuvers targeting Big Data analytics as malware and spam gangs, for example, will attempt to poison security telemetry to make their activities less noticeable.