McAfee has kicked off its annual list of the biggest cyber threats anticipated to take effect in 2014. As the use of mobile devices, mobile apps, and social media continue to increase, cybercriminals are working hard on staying one-step ahead in building malicious attacks to compromise your privacy and steal your identity. The following are McAfee’s Top Cyber Threats for 2014:
1. Mobile Malware
During 2013, the growth rate in new mobile malware (which almost exclusively targets Android devices) was far greater than the growth rate of new malware targeting PCs. In 2014, McAfee Labs experts predict that mobile malware will be the focus in both technical innovation and volume of attacks in the overall malware “market.”
We may see the first ransomware attacks aimed at mobile devices that will encrypt data stored on the device and hold it for ransom. The information will be released only when the victim pays the cybercriminal via conventional currency or by virtual currency – such as Bitcoin.Other new attacks may target the Near Field Communications features found on many devices and attacks may corrupt valid apps to steal data without detection. With the rise of bring-your-own-device (BYOD) adoption, enterprise infrastructures will be a high target in 2014. Enterprise users who inadvertently download malware may introduce malware inside the corporate network.
2. Virtual Currencies
McAfee predicts that virtual currencies will fuel malware attacks globally in 2014. In general, growth in virtual currencies benefits and promotes economic activity. However, this has also provides cybercriminals with an anonymous payment infrastructure that they use to collect money from their victims.
McAfee expects that ransomware attacks, such as CryptoLocker, will continue to flourish as long as these attacks remain profitable. Furthermore, we may see new ransomware attacks aimed at enterprises.The good news is that thought the ransomware payload is unique, the methods cybercriminals use to distribute ransomware (spam, drive-by downloads, infected apps) are not. Therefore, keeping systems current and practicing good security practices will keep you relatively safe from these threats.
3. Stealth Attacks
Advanced malware attacks include evasion techniques that keep them under the radar even from the most reliable malware detection mechanisms. This popular evasion technique will be further embraced by cybercriminals with the use of sandbox-aware attacks that will remain dormant unless it detects that it is running directly on an unprotected device.
Other new malware technologies that we will see in 2014 include return-oriented programming attacks that cause legitimate applications to behave maliciously and self-deleting malware that covers its tracks after launching an attack.
Furthermore, we will see Hacktivists take advantage of global events, such as Sochi Winter Olympics and the FIFA World Cup in Brazil, to launch politically motivated attacks.
4. Social Attacks
Social Attacks are targeted at social platforms such as Facebook, Twitter, LinkedIn, Instagram, etc. In 2014, McAfee expects to see attacks that leverage social platform features to access data about user contacts, location, or business activities to target advertising or perform virtual/real-world crimes.
A common platform attack simply steals users’ authentication credentials. One example is the Pony botnet which stole more than two million passwords from Facebook, Google, and Yahoo. Another popular social platform attack expected to increase in 2014 is the “false flag” attack that involves social engineering to trick a user into revealing personal information or authentication credentials. This attack may present itself as an “urgent” request to reset your password, but instead will steal your credentials and use your account to collect personal information about you and your contacts.
5. New PC Attacks
New PC attacks include HTML5 exploitation. HTML5 provides rich capabilities for website developers. However, McAfee expects to see HTML5-based attacks that will breach the browser “sandbox” and grant access to the device and its services.
6. Big Data Analytics Improvements
This one is not a threat, but rather a trend that will help enterprises to combat cyber threats. Historically, most information security solutions depend upon identifying malicious payloads (blacklisting) and identifying valid applications (whitelisting). The challenge for information security experts is identifying and processing “grey” payloads. This involves applying several security technologies aligned with robust threat-reputation services.In 2014, security vendors will add new threat-reputation services and analytics tools that will enable users to identify advanced cyber threats faster and more accurately than can be done today. Big Data analytics will enable security experts to identify advanced evasion technique attacks that can compromise business processes.
7. Attacks on Cloud-Based Corporate Applications
The deployment of cloud-based corporate applications will create new attack opportunities for cybercriminals. The issue for corporate security experts is that when a corporate application moves to the cloud, the organization loses visibility and control over the security profile. This puts tremendous pressure on ensuring that the cloud provider’s user agreement clearly states that proper security measures are in place and are constantly upgraded to combat evolving security threats.