It’s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new, while other items show up on these lists every year.

Criminal groups will increasingly adopt nation-state tactics. There are a couple of ways that I see this potentially working: the nation-state groups could work together with criminal groups towards a common goal. State groups could also contract their espionage activities out to criminal groups, that will use criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities. Below there are nine predictions from experts.

ShellShock, the remote code execution bug affecting GNU Bash, the command interpreter present on many Unix systems and Linux distributions, is still being exploited by attackers.

Experts warn about attackers leveraging a new version of the Bashlite malware, which was initially created as a DDoS bot with brute forcing capabilities and exploits the ShellShock bug. The malware now targets both computers and other devices running on BusyBox, located on the same network. The BusyBox software provides a number of Unix tools in a single executable file, and was specifically developed for embedded operating systems with limited resources. 

In what seems like the most impactful security vulnerability since the OpenSSL Heartbleed affair, a new Internet-wide bug emerged this week in the Bourne again shell (Bash).

While its true severity remains unknown, the Bash vulnerability (also known as “shell shock”) is being talked about everywhere, and you may have even seen your local news anchors discussing the story in front of a green-screen covered in fast-scrolling computer code on last night’s evening news. Bash is present in a very large number of Web-servers and in-home appliances. What is Bash?