Login
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape.
This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It also saw the introduction of AI tools that are easy and accessible to virtually anyone with a phone or laptop, which will continue to have significant implications, as will the fluctuating popularity of cryptocurrency and the emergence of “Web3.”
Advances such as these have set the stage for 2023, which will continue to reshape our interactions with technology—advances that bad actors will try to exploit, and in turn, us.
Yet as the threat landscape continues to evolve, so do the ways we can protect ourselves. With that, we share McAfee’s threat predictions for 2023, along with insights and advice that can help us enjoy the advances to come with confidence.
By Steve Grobman, Chief Technology Officer
Humans have been fascinated by artificial intelligence (AI) for almost as long as we’ve been using computers. And in some cases, even fearful of it. Depictions in pop culture range from HAL, the sentient computer from 2001: A Space Odyssey to Skynet, the self-aware neural network at the center of the Terminator franchise. The reality of current AI technologies is both more complicated and less autonomous than either of these. While AI is rapidly evolving, humans remain at the heart of it, and whether it’s put to beneficial or nefarious use.
Within the last few months, creating AI-generated images, videos, and even voices are no longer strictly left to professionals. Now anyone with a phone or computer can take advantage of the technology using publicly available applications like Open AI’s Dall-E or stability.ai’s Stable Diffusion. Google has even made creating AI-generated videos easier than ever.
What does this mean for the future? It means the next generation of content creation is becoming available to the masses and will only continue to evolve. People both at work and at home will have the ability to create the AI-generated content in minutes. Just as desktop publishing, photo editing, and inexpensive photorealistic home printers created major advances that empowered individuals to create content that previously required a professional designer, these technologies will enable sophisticated outputs with minimal expertise or effort.
Advances in desktop publishing and consumer printing also provided benefits to criminals, enabling better counterfeiting and more realistic manipulation of images. Similarly, these emerging next-generation content tools will also be used by a range of bad actors. From cybercriminals to those seeking to falsely influence public opinion, these tools will empower scammers and propagandists to take their tradecraft to the next level with more realistic results and significantly improved efficiency.
This is especially likely to ramp up in 2023 as the U.S. begins the 2024 presidential election cycle in earnest. Globally, the political environment is polarized. The confluence of the emergence of accessible next-generation generative AI tools and what is sure to be a highly contested 2024 election season is a perfect storm for creating and distributing disinformation for political and monetary gain.
We’ll all need to be more mindful of the content we consume and the sources that it originates from. Fact-checking images, videos, and news content, something that’s already on the rise, will continue to be a necessary and valuable part of media consumption.
By Oliver Devane, Security Researcher
Cryptocurrency scams
In 2022 we saw several online scams making use of existing content to make crypto scams more believable. One such example was the double your money cryptocurrency scam that used an old Elon Musk video as a lure. We expect such scams to evolve in 2023 and make use of deep fake videos, as well as audio, to trick victims into parting ways with their hard-earned money.
The financial outlook of 2023 remains uncertain for many people. During these times, people often look for ways to make some extra money and this can lead them vulnerable to social media messages and online ads that offer huge financial gains for little investment.
According to the IC3 2021 report, the losses for financial scams increased from $336,469,000 in 2020 to $1,455,943,193 in 2021, this shows that this type of scam is growing by an enormous amount, and we expect this to continue.
Unfortunately, scammers will often target the most vulnerable people. Fake loan scams are one such scam where the scammers know that the victims are desperate for the loan and therefore are less likely to react to warning signs such as asking for an upfront fee. McAfee predicts that there will be a large increase in these types of scams in 2023. When looking for a loan, always use a trusted provider and be careful of clicking on online ads.
Metaverses such as Facebook’s Horizon enable their users to explore an online world that was previously unimaginable. When these platforms are in the early stages, malicious actors will usually attempt to exploit the lack of understanding of how they work and use this to scam people. We have observed phishing campaigns targeting users of these platforms in 2022 and we expect this to increase dramatically in 2023 as more and more users sign up for the platforms.
By Craig Schmugar, McAfee Senior Principal Engineer
More than 25 years ago, Windows 95 became the platform of choice not just for millions of users around the globe, but for malware authors targeting those users. Over the years, Windows has evolved, as has the threat landscape. Today, Windows 10 and 11 make up the majority of the desktop PC market, but thanks to the rise of the mobile Internet, device diversity has greatly evolved since the advent of Windows 95.
Over five years ago, Android overtook Windows as the world’s most popular OS and with this shift bad actors have been pursing alternative methods of attack. The ultimate vectors are those which impact users across a spectrum of devices. Email and web-based scams (some of which are outlined in the blog above) are as prolific as ever as these technologies are ubiquitous across desktop and mobile devices.
Meanwhile, other technologies span across desktop and mobile experiences as well. For Google, such cross-platform capabilities are highlighted by increased adoption of ChromeOS and a few underlying technologies. This includes 270 million active Android users and a 270% increase in Progressive Web Application (PWA) installations [https://chromeos.dev]. ChromeOS’ ability to run Android applications, combined with its wide-spread adoption, provides the climate for increased attention by those with ill intentions.
Similarly, adoption of PWAs provide bad actors with additional incentive to deliver deceptive and imposter attacks through this multi-OS channel, including ChromeOS, iOS, MacOS, and Windows.
Finally, on the heels of COVID restrictions that impacted schools in various countries, Google reported 50 million students and educators worldwide [https://chromeos.dev] using ChromeOS. Many users will be unaware of malicious Chrome extensions lurking in the Chrome Web Store.
All of this means that the stage is set for a marked increase in threats impacting Chromebook in the year to come. In 2023, we can expect to see Chromebook users among millions of unsuspecting victims that download and run malicious content, whether from malicious Android Apps, Progressive Web Apps, or Chrome Web Store extensions, users should be leery of popups and push notifications urging them to install untrusted apps.
By Fernando Ruiz, Senior Security Researcher
Editor’s Note: Web3? FOMO? If you’re already lost, you’re not alone. Web3 is a term some use to encompass decentralized internet services, technologies like Bitcoin and Non-Fungible Tokens (digital art that collectors can purchase with cryptocurrency). Still confused? A lot of people are. This New York Times article is a good primer on what is currently considered Web3.
As for FOMO, that’s just an acronym meaning the “Fear of Missing Out.” That nagging feeling, most often felt by extroverts, that others are out there having more fun than them and that they’re missing the party.
Whether you invest in cryptocurrency or just see the headlines on Twitter, no doubt you’ve seen that the price of cryptocurrency has sharply declined during 2022. These fluctuations are becoming more normal as crypto becomes even more mainstream. It’s very likely that the value of crypto will rise again.
When the last upturn in valuation happened near the start of the pandemic, the hype about crypto also skyrocketed. Suddenly Bitcoin and other cryptocurrencies were everywhere. Out of that, rose the concept of Web3, with more companies investing in new applications over blockchain (the technology that is the backbone of cryptocurrency).
McAfee predicts that the popularity of cryptocurrency will rise again, and consumers will hear much more about Web3 concepts like decentralized finance (DeFi), decentralized autonomous organizations (DAOs), self-sovereign identity (SSI) and more.
Some amateur investors, remembering the rapid rise of the value of Bitcoin earlier this decade, won’t want to miss out on what they think will be a great opportunity to get rich quick. It’s this group that bad actors will seek to exploit, offering up links or applications that play on these users’ crypto/Web3 FOMO.
As crypto bounces back and initial awareness of decentralization grows in the general population, consumers will begin to explore these Web3 offerings without fully understanding what they mean or what dangers they should be aware of, leaving them open to scams as they invest time and money into crypto or creating their own NFT content. These scams could entice users to click on a link or download an app that appears to legitimately interact with some blockchains, but in actuality:
Additionally, when consumers DO hold crypto, NFT, digital land, or other blockchain financial assets they are going to be targeted for more sophisticated threats that can drain their funds: smart contracts, exchanges, digital wallets, and synchronization services can all be associated with hidden authorizations that allow a third party (potentially a bad actor) to take control of the assets. It’s important that users read the terms and conditions of any app they download, especially those that will be accessing ANY type of financial institution or currency, whether traditional or crypto.
Social engineering will also continue to be a top entry point for cybercriminals. The complexity of the attacks will evolve as the technology does, which will require more preparation and understanding of how Web3 applications and tools work in order to safely interact with them.
What has emerged from the world of Web3 thus far, while exciting, has also expanded attack surfaces and vectors, which we expect to see grow throughout 2023 as Web3 evolves.
The post McAfee 2023 Threat Predictions: Evolution and Exploitation appeared first on McAfee Blog.
The protocol aims to develop a application layer abstraction for the Hyper Service Transfer Protocol.
HSTP is a recursion as nature of HSTP. This protocol implements itself as a interface. On every internet connected device, there is a HSTP instance. That's why the adoption is not needed. HSTP already running top of the internet. We have just now achieved to explain the protocol over protocols on heterogeneous networks. That's why do not compare with web2, web3 or vice versa.
HSTP is a application representation interface for heterogeneous networks.
HSTP interface enforces to implement a set of methods to be able to communicate with other nodes in the network. Thus serves, clients, and other nodes can communicate with each other with trust based, end to end encrypted way. By the time the node resolution is based on fastest path resolution algorithm I wrote.
Story time!
A small overview
Think about, we're in the situation of one mother and one father lives a happy life. They had a baby! Suddenly, the mother needed to drink pills regularly to cure a disase. The pill is a poison for the baby. The baby is crying and the mother calls father because he is the only trusted person to help the baby. But the father sometime can not stay at home, he needs to do something to feed the baby. Father heard one milkman has fresh and high quality milks for low price. Father decides to try to talk the milkman, milkman deliver the milk to the father, father carry the milk to the mother. Mother give the milk to the baby. Baby is happy now and the baby sleeps, mother see the baby is happy.
The family never buy the milk from outside, this is the first time they buy milk for the baby: (Mom do not know the number of milkman, milkman do not know the home address)
FreshRSS 
As steps:
0) - Baby wants to drink milk.
1) - Baby cries to the mom.
3) - Mom see the baby is crying.
4) - Mom checks the fridge. Mom sees the milk is empty. (Mother is only trusting the Father)
5) - Mom calls the father.
6) - Father calls the milkman.
7) - Milkman delivers the milk to father.
8) - Father delivers the milk to mom.
9) - Mom gives the milk to the baby.
10) - Baby drinks the milk.
11) - Baby is happy.
12) - Baby sleeps.
13) - Mother see the baby is happy and sleeps.
14) - In order to be able to contact the milkman again, the mother asks the father to tell her that she wants the milkman to save the address of the house and the mobile phone of the mother.
15) - Mother calls the father.
16) - Father calls the milkman.
17) - Milkman saves the address of the house and the mobile phone of the mother.
Oops, tomorrow baby wakes up and cries again,
0) - Baby wants to drink milk.
1) - Baby cries to the mom.
2) - Mom see the baby is crying.
3) - Mom checks the fridge. Mom sees the milk is empty. (Mother is trusting the Father had right decision in the first place by giving the address to the milkman, and the milkman had right decision in the first place by saving the address of the house and the mobile phone of the mother.)
4) - Mother calls the milkman (Mother is trusting the Father's decision only)
5) - Milkman delivers the milk to mom.
6) - Mom gives the milk to the baby.
7) - Baby drinks the milk.
8) - Baby is happy.
9) - Baby sleeps.
10) - Mother see the baby is happy and sleeps.
11) - Mother is happy and the mother trust the milkman now.
this document you're reading is a manifest for the internet people to connecting the other people by trusting the service serve the client and the trust only can be maintainable by providing good services. trust is the key, but not enough for survive. the service has to be reliable, consistent, cheap. unless the people will decide to not ask from you again.
So, it's easy right? It's so simple to understand, who are those people in the story?
also,
Baby is in trusted hands. Nothing to worry about. They love you, you will understand when you grow up and have a child.
// Technical step explanation soon, but not that hard as you see.
HSTP is a interface, which is a set of methods that must be implemented by the application layer. The interface is used to communicate with other nodes in the network. The interface is designed to be used in a heterogeneous network.
HSTP shall be implemented on any layer of network connected devices/environment.
HSTP node could be a TCP server, HTTP server, static file or contract in any chain. One HSTP node is able to call any other HSTP node. Thus the nodes can call each other freely, they can check their system status, and they can communicate with each other.
HSTP is already implemented on language level, by people for people. English is mostly adopted language around the Earth. JavaScript could be known also mostly adopted language for browser environments. Solidity is for EVM-based chains, hyperbees for TCP based networks, etc.
HSTP interface shall be applied between any HSTP connected devices/networks.
Infinitive scaling options: Any TCP connected device can talk with any other TCP connected device over HSTP. That means any web browser is serve of another HSTP node, and any web browser can call any other web browser.
Uniform application representation interface: HSTP is a uniform interface, which is a set of methods that must be implemented by the application layer.
Heterogeneous networks: Any participant of network is allowing to share the resources with other participants of the network. The resources can be CPU, memory, storage, network, etc.
Conjucation of web versions Since the blockchain technologies calling as web3, people started discussing about the differanciates between the web's. Comparing is a behaviour for incremental numeric system education's mindset. Which one is better: none of them. We have to build systems could talk in one uniform protocol, underneath services could be anything. HSTP is aiming for that.
Registry interface Registry interface designed for using on TCP layer, to be able to register top level tld nodes in the network. The first implementation of HSTP TCP relay will resolve hstp/
The registry has two parts of the interface:
Registry implementation needs two HSTP node,
Router interface
For demonstration purposes, we will use the following solidity example:
// SPDX-License-Identifier: GNU-3.0-or-later
pragma solidity ^0.8.0;
import "./HSTP.sol";
import "./ERC165.sol";
enum Operation {
Query,
Mutation
}
struct Response {
uint256 status;
string body;
}
struct Registry {
HSTP resolver;
}
// HSTP/Router.sol
abstract contract Router is ERC165 {
event Log(address indexed sender, Operation operation, bytes payload);
event Register(address indexed sender, Registry registry);
mapping(string => Registry) public routes;
function reply(string memory name, Operation _operation, bytes memory payload) public virtual payable returns(Response memory response) {
emit Log(msg.sender, _operation, payload);
// Traverse upwards and downwards of the tree.
// Tries to find the closest path for given operation.
// If the route is registered on HSTP node, reply from children node.
// If the node do not have the route on this node, ask for parent.
if (routes[name]) {
if (_operation == Operation.Query) {
return this.query(payload);
} else if (_operation == Operation.Mutation) {
return this.mutation(payload);
}
}
return super.reply(name, _operation, payload);
}
function query(string memory name, bytes memory payload) public view returns (Response memory) {
return routes[name].resolver.query(payload);
}
function mutation(string memory name, bytes memory payload) public payable returns (Response memory) {
return routes[name].resolver.mutation(payload);
}
function register(string memory name, HSTP node) public {
Registry memory registry = Registry({
resolver: node
});
emit Register(msg.sender, registry);
routes[name] = registry;
}
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(HSTP).interfaceId;
}
}
HSTP interface
// SPDX-License-Identifier: GNU-3.0-or-later
pragma solidity ^0.8.0;
import "./Router.sol";
// Stateless Hyper Service Transfer Protocol for on-chain services.
// Will implement: EIP-4337 when it's on final stage.
// https://github.com/ethereum/EIPs/blob/master/EIPS/eip-4337.md
abstract contract HSTP is Router {
constructor(string memory name) {
register(name, this);
}
function query(bytes memory payload)
public
view
virtual
returns (Response memory);
function mutation(bytes memory payload)
public
payable
virtual
returns (Response memory);
}Example HSTP Node
HSTP node has access to call parent router by super.reply(name, operation, payload) method. HSTP node can also call children nodes by calling this.query(payload) or this.mutation(payload) methods.
A HSTP node can be a smart contract, or a web browser, or a TCP connected device.
Node has full capability of adding more HSTP nodes to the network or itself as sub services.
HSTP HSTP
/ \ / \
HSTP HSTP HSTP
/ \
HSTP HSTP
/ /
HSTP HSTP
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import "hstp/HSTP.sol";
// Stateless Hyper Service Transfer Protocol for on-chain services.
contract Todo is HSTP("Todo") {
struct ITodo {
string todo;
}
function addTodo(ITodo memory request) public payable returns(Response memory response) {
response.body = request.todo;
return response;
}
// Override for HSTP.
function query(bytes memory payload)
public
view
virtual
override
returns (Response memory) {}
function mutation(bytes memory payload)
public
payable
virtual
override
returns (Response memory) {
(ITodo memory request) = abi.decode(payload, (ITodo));
return this.addTodo(request);
}
}</ code>Ethereum proposal is draft now, but the protocol has referance implementation Todo.sol.
You can test the HSTP and try on remix now.
// SPDX-License-Identifier: UNLICENSED
pragma solidity ^0.8.0;
import "hstp/HSTP.sol";
// Stateless Hyper Service Transfer Protocol for on-chain services.
contract Todo is HSTP("Todo") {
struct TodoRequest {
string todo;
}
function addTodo(TodoRequest memory request) public payable returns(Response memory response) {
response.body = request.todo;
return response;
}
// Override for HSTP.
function query(bytes memory payload)
public
view
virtual
override
returns (Response memory) {}
function mutation(bytes memory payload)
public
payable
virtual
override
returns (Response memory) {
(TodoRequest memory todoRequest) = abi.decode(payload, (TodoRequest));
return this.addTodo(tod oRequest);
}
}GNU GENERAL PUBLIC LICENSE V3
