Look Out: Cyber Criminals to Ramp Up Mobile Attacks in '14
Be warned: your smartphone may not be as safe as you think it is.
Security giant McAfee Labs foresees the mobile platform making up the lion’s share of cyber threat innovation next year, with ransomware – a type of malicious software that can be installed on your device -- expanding on mobile devices as virtual currencies gain in popularity.
It also sees growth among attacks on social platforms like Twitter (NYSE:TWTR) and Facebook (NASDAQ:FB), improving sophistication among criminal gangs and state actors, and advanced persistent threats that expose the flaws of data centers.
"With target audiences so large, financing mechanisms so convenient, and cyber-talent so accessible, robust innovation in criminal technology and tactics will continue its surge forward in 2014,” said Vincent Weafer, senior vice president of McAfee Labs.
Here’s what to expect for 2014:
1. Mobile Malware
Malicious software will continue to increase next year, particularly on Google’s (NASDAQ:GOOG) Android, which saw appearances of new samples grow by 33% over the last two quarters.
A separate report from mobile security provider Lookout says an app dubbed ‘Bazuc’ that offers cash for unused text messages will continue to pose a threat.
Lookout says between 10,000 and 50,000 downloads of the app took place before the spamming mechanism was banned from the Google Play store, but countless third-party stores are expected to still offer it.
At the same time, hackers are expected to exploit app vulnerabilities in the mobile-friendly HTML5, which is growing in popularity due to its rich programming capabilities.
2. Ransomware
One doesn't have to look further than the Liberty Reserve money laundering scandal or the Silk Road illicit trading platform to know the likes of Bitcoin sometimes prove a hub for illegal activity.
Their anonymous nature has made them irresistible to criminals, and as the Cryptolocker threat of 2013 showed, bad guys are now using them to more easily conduct ransomware.
As it sounds, ransomware is a tactic that essentially holds a device hostage with crippling software until the user pays a ransom. While this type of attack has been around for years, virtual currencies have helped to more efficiently facilitate them.
“With businesses and consumers continuing their shift to mobile, we expect to see ransomware aimed at mobile devices,” McAfee says.
Of course, this hasn't stopped an overwhelming adoption of digital currency. Bitcoin has been one of the greatest success stories of 2013, and the heightened demand has sparked a movement toward regulation.
3. Sophisticated Gangs
For several years, regular street gangs have been creeping more steadily into white-collar crime and cyber warfare. Next year, McAfee says there will be even broader adoption of advanced evasion techniques used by gangs and state actors against unprotected devices.
Among their biggest techniques will be so-called sandbox-aware attacks, which do not fully deploy unless they believe they are running directly on an unprotected device, and return-orientated programming attacks that turn otherwise legitimate apps into malicious tools. Users can also anticipate self-deleting malware that covers its tracks.
Perhaps the most alarming is the expected increase of advanced attacks on industrial control systems targeting public and private infrastructure. Attacks on critical infrastructure have long been a fear among security authorities due to their potential for widespread damage.
4. Social Attacks
From the Twitter pump-and-dump investing schemes, to the onslaught of fake ‘Facebook’ profiles created to deploy malicious links and steal personal user data, 2013 further cemented the use of social networking sites as a tool for cyber crime.
In the coming year, McAfee says it expects to see more attacks that leverage social platform features to capture passwords as well as personal and location data about a user and their contacts.
This information, obtained using so-called 'reconnaissance attacks' either directly or through third parties, can then be used to deploy advertising schemes or to facilitate virtual or real-world crimes.
“The activity in mobile and social is representative of an increasing ‘black hat’ focus on the fastest growing and most digitally active consumer audiences, in which personal information is almost as attractive as banking passwords,” Weafer said.
5. Cloud and Big Data
In 2014, security vulnerabilities related to the cloud will continue to be exposed, leaving data centers, and the companies reliant on their services, at risk.
This may pose a particular problem for small businesses that purchase cloud-based services without double checking that their user agreements with their cloud providers address security risks.
“Cybercriminals will look for more ways to exploit the ubiquitous hypervisors found in all data centers,” McAfee said.
This will require security vendors in 2014 to adopt big data analytics tools to enable them to better and more quickly identity stealthy and advanced persistent threats.