1. Malware targeting end users will grow more sophisticated, just like the ones used in APT-type of attacks
APTs (Advanced Persistent Threats), and other advanced targeted attacks, delivered immense damages worldwide. The latest attack was the theft of account information from 70 million Target customers in the US in late 2013. In 2014, malware aimed at end users will be even more advanced, like the ones used in APT attacks. In other words, advanced threat (malware) will target not only organizations but individual users.
OnlineGameHack, which is designed to steal online game accounts, is on its way to being transformed to banking malware, which steals banking credentials. APT-types of threats are not much different from watering hole attacks which exploits zero-day vulnerabilities. In addition, the number of bitcoin-mining malware attacks will increase.
2. Hardware-based malware distribution will increase
Firmware is the combination of persistent memory and program code and data stored in the hardware devices. In 2014, cyber criminals will accelerate their distribution of malware via hardware, including firmware, to avoid being detected. In April 2013, BIOS source code was leaked from the vendor.
The backdoor in the specific firmware was found in October. In a stranger occurrence, in November, some irons imported from China into Russia allegedly showed evidence of including wireless spy chips that could connect to unprotected Wi-Fi networks and spread viruses.
3. Acceleration of industrialization of online banking fraud and cybercrime
Cybercrime will continue to grow as a business. In 2013, there were many types of online banking frauds including (voice) phishing, pharming, smishing (SMS+phishing) and memory modification. Experts point out that banking malware continues to become more sophisticated. We expect that malware authors will continue to target the financial sector. In addition to banking being a prime target, government, telecommunications, and manufacturing will continue to be high on the list.
4. Attackers will find easier ways to distribute malware
In 2014, attackers will utilize even more cost-effective ways to distribute malware. Already, cyber criminals can rent botnets to spread malware, rather than develop their own. We predict that, for example, they will try to compromise CDN providers, domain providers and/or ISPs so that the users can easily get infected when they visit the websites connected with compromised content from ISPs.
5. Increased probability of encountering malware, as Microsoft stops the support of Windows XP
Support for Windows XP SP3 and Office 2003 will end on April 8th, 2014. This means that users will no longer get security updates (patches) for Windows XP from Microsoft. It is obvious that the attackers will exploit security flaws of XP and IE 6 to 8, as many PC users are still using them. Home users will have to rely on antivirus, internet security, firewalls and other third-party security solutions. Both home and business desktop users will need to update their OS. Also, Mac users are not immune from attacks!
6. Targeted mobile malicious app will appear
In our research, malicious apps focused on the Android OS are becoming more similar to PC malware in terms of volume and targeting. As PC malware from cybercriminals goes lower in volume, yet highly targeted, android malicious apps will experience the same scrutiny. This is because to decrease the risk of detection, attackers will aim their attacks at the mobile devices of key people and individuals in businesses, companies, and in the government, rather than the mass market. Their damage can be even greater. There are major risks to BYOD!
7. Cyber warfare will become more visible and intense
We’re not saying that cyber warfare wasn’t there before Edward Snowden unveiled classified NSA documents. His actions will result in cyber warfare becoming a greater area of concern and a top priority in national and international security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.