Where will the biggest cyber security risks come from in 2014? Which new threats are businesses likely to face, and which vulnerabilities are most likely to be exploited by unscrupulous hackers? Well, according to security behemoth, McAfee, the major threat will come from ransomware – a type of malicious software that can be installed on mobile and BYO devices. The problem, McAfee argues, will only become more pronounced as the popularity of virtual currencies increases. McAfee also believes that there will be an escalation in the number of sophisticated cyber-attacks on the vulnerabilities of data centres and social media platforms like Twitter and Facebook. Its advice to business and enterprise is simple: act quickly and take the necessary security precautions whilst the going is still good.
According to Vincent Weafer, senior vice president of McAfee Labs, organised and sophisticated cyber-criminality is here to stay:
“With target audiences so large, financing mechanisms so convenient and cyber-talent so accessible, robust innovation in criminal technology and tactics will continue its surge forward in 2014.”
McAfee’s 5 threats for 2014
Mobile malware
Malicious software will continue to increase throughout 2014, particularly on Google’s Android platform: instances of malicious software on the platform increased by 33 per cent in the last two quarters of 2013 alone. McAfee also believes hackers are likely to try to exploit app vulnerabilities in the mobile-friendly HTML5, which is growing in popularity due to its rich programming capabilities.
Ransomware
If the experiences of the Liberty Reserve money laundering scandal or the Silk Road illicit trading platform teach us one thing, it’s that Bitcoin and other virtual currencies sometimes prove a hub for illegal activity. The reason would appear to be that their anonymity makes them irresistible to criminals and more susceptible to ransomware, as the recent Crytolocker threat demonstrated. Ransomware will effectively hold a device hostage with crippling software until the user pays a ransom. It’s not a new threat per se, but McAfee believes it’s becoming an increasingly serious problem given the increase in virtual currency trading:
“With businesses and consumers continuing their shift to mobile, we expect to see ransomware aimed at mobile devices,” McAfee says.
Sophisticated security attacks
For a number of years ‘regular’ street gangs have been diversifying into white-collar crime and cyber warfare. In 2014 McAfee believes there will be even broader adoption of advanced evasion techniques used by gangs and state actors against unprotected devices. One of the more worrying cyber threats is the so-called sandbox-aware attacks. These cyber-attacks won’t fully deploy unless they believe they are running directly on an unprotected device, and return-orientated programming attacks that turn otherwise legitimate apps into malicious tools. Users can also anticipate self-deleting malware that covers its tracks. McAfee believes the most alarming threat is the anticipated increase in advanced attacks on industrial control systems targeting public and private infrastructure. Any attack on critical infrastructure induces fear among security authorities as it has the potential to cause widespread damage.
Social attacks
2013 will probably go down as the year in which social networking sites like Facebook and Twitter became a tool for cyber-crime. Countless Twitter pump-and-dump investing schemes and fake Facebook profiles were created to deploy malicious links and steal personal user data. In 2014 McAfee is expecting to see more attacks which manipulate social platform features to capture passwords as well as personal and location data about users and their contacts. This information, obtained using so-called ‘reconnaissance attacks’ either directly or through third parties, can then be used to deploy advertising schemes or to facilitate virtual or real-world crimes:
“The activity in mobile and social is representative of an increasing ‘black hat’ focus on the fastest growing and most digitally active consumer audiences, in which personal information is almost as attractive as banking passwords,” Weafer maintains.
Cloud and Big Data
In 2014, McAfee believes security vulnerabilities related to the cloud will continue to escalate, leaving data centres, and the companies reliant on their services, at risk. The could pose a particular problem for small businesses, particularly those that purchase cloud-based services without double checking that their user agreements with their cloud providers address security risks:
“Cyber-criminals will look for more ways to exploit the ubiquitous hypervisors found in all data centres,” McAfee argues.
This will require security vendors in 2014 to adopt big data analytics tools to enable them to better and more quickly identity stealthy and advanced persistent threats.
If your business needs help with security reviews, penetration testing or web security solutions, please contact Krypsys on 01273 044072 or [email protected].