With 2014 now in full swing, Catalin Cosoi, Chief Security Strategist at Bitdefender, draws on his expertise to predict the key security threats on the horizon:
Digital trust is gone: Malware signed with stolen digital certificates has been around for a while, but last year’s ‘next big thing’ was malware signed with digital certificates expressly purchased for this purpose. We expect this trend to continue throughout 2014, especially for grey-area software such as aggressive adware or spyware.
‘The Internet of Things’ to expand: By 2015, the number of interconnected devices in the world will reach 25 billion and that number will double by 2020. These devices include: livestock monitors; medical gear; automotive on-board computers and emergency signalling; buoys and household items, each with their own security implementations. ‘The Internet of Things’ is likely to become the main focus of cyber-criminals due to the sheer number of devices and poor security implementations.
Cyber-criminals to target Android users: Android currently holds about 70 per cent of the mobile OS market share, which makes it incredibly relevant to cyber-criminals. Adding to that is the fact that mobile devices are a payment mechanism by themselves (via premium-rate SMS, as well as the newly introduced NFC payments), cyber-criminals will increase their focus on developing malware for Android. The emergence of BYOD will also allow cyber-criminals to target companies as well as home-users.
E-mail spam is decreasing; long live social network targeted advertising: Spam has been around since the dawn of electronic communications and has gained serious traction during the botnet era. While spam volumes will continue to pump in 2014, cyber-criminals will put a greater focus on social networks, where they can target victims more effectively.
With Facebook already surpassing one billion active users, social networks will also be used by cyber-criminals to harvest willingly-shared information for spear-phishing, and for the dissemination for new threats. Blind spam attacks will, of course, still be used by cyber-criminals in conjunction with malicious attachments to add computers to botnets.
Old technologies will still be popular: The upcoming support termination for Windows XP – that will reach its end of life in April 2014 – will likely let cyber-criminals go after users of an operating system that is no longer patched. With no security updates to be delivered, Windows XP users, especially those in enterprise environments, will become increasingly vulnerable after April 2014.
Wearable technology may be targeted by hackers: Wearable devices, such as health-monitoring bracelets, are becoming increasingly popular with users all around the world and they are also becoming ever more interconnected with the internet.
Their minimal size and focus on battery life leaves little to no room for security, which may put them into the crossfire of hackers crossfire in the near future, although not necessarily in 2014.
Medical devices could also be at risk: Just like wearable technology, medical devices are becoming more and more interconnected. Their wireless communication capabilities allow doctors to monitor the health status of the patient and the device’s performance, but could also allow unauthorised third parties to tamper with the equipment and cause immediate death.
Malware growing bigger and more insidious: Botnets are still the backbone of any cyber-criminal operation, ranging from DDoS attacks to sending spam or illegaly mining Bitcoins at the expense of the victim. Cyber-criminals will focus on exploiting unpatched software bugs to join machines to botnets.
Some of the larger botnets will likely switch to peer-to-peer communication models to prevent takedown, while smaller ones will use social networks as a backup communication mechanism with their C&C servers.
Malware will surpass 250 million unique samples throughout 2014 because of server-side polymorphism features that are present in nearly all major crimepacks on the underground market.