McAfee Labs expects that in 2014 the majority of the innovation in the field of cyber threats will focus on mobile platforms. Thus, the range of ransomware – malware files on a computer hostage by encrypting them – would sharply increase for mobile devices this year.
McAfee Labs in its annual 2014 Predictions Report expects to see increase attacks of ransomware aimed at mobile devices as more business shifting to mobile and the expansion of BYOD trend. These attacks will include targeting near-field communications vulnerabilities, as well as corrupt valid apps to expropriate data without being detected.
Mobile malware creates the greatest development in cyber threats, both in terms of technical innovation in the volume of seizures in 2014. Over the past two quarters, the growth of new PC malware nearly flat, while the growth of new variants of malware for Android has increased by 33%. As businesses and consumers increasingly use mobile devices, it is expected also appear increasingly ransomware that focuses specifically on these mobile devices.
McAfee expects the first attacks on Near Field Communications (NFC). NFC is a communication technique that can be used for mobile payments without a PIN or other forms of authentication. The company expects to see more attacks using legitimate apps that have been modified to steal information without being detected.
Attacks that use Advanced Evasion Techniques (AET) will be deployed that will be harder than ever to identify and stop. Other attack technologies will include return-oriented programming attacks that cause legitimate applications to behave in malicious ways, self-deleting malware that covers its tracks after subverting a target, and advanced attacks on dedicated industrial control systems targeting public and private infrastructure, the report stated.
Other Forms of Attacks Also Likely to Increase
Although the rise of virtual currency in itself is a positive development, they also offer cybercriminals anonymous and unregulated payment infrastructure they need to collect money. Their victims Currencies like Bitcoin will also provide new generations of ransomware, which are similar to Crypto Locker. Both criminals and governments will use new stealth attacks that are harder to identify. Cyber criminals will use other attack techniques such as “return-oriented programming” legitimate apps that can be used to exhibit malicious behavior.
The report said that more criminals will leverage social platforms to capture passwords or data about user contacts, location, or business activities. This kind of information can then be used for targeted advertising, or for carrying out targeted attacks – both digital and physical attacks.
The report said in 2014, new PC attacks will exploit application vulnerabilities in HTML5, which allows websites to come alive with interaction, personalization, and rich capabilities for programmers. On mobile platforms, it is expected that attackers will attempt to break out of the security sandbox of the browser and provide attackers as direct access to the unit and then running services. Also, cybercriminals will increasingly abuse of vulnerabilities that are below the level of the operating system, stored in the storage and even in the BIOS.
In terms of big data security analysis, McAfee said security vendors will continue to add new threat-reputation services and analytics tools that will enable them and their users to identify stealth and advanced persistent threats faster and more accurately than can be done today with basic blacklisting and whitelisting technologies.
Finally, when it comes to cloud security, the report noted that cyber criminals will seek new ways to attack the common platforms in virtual data centers as well as access to systems and communications infrastructures that form the basis of cloud services. Small businesses that purchase cloud-based services will continue to grapple with security risks unaddressed by cloud providers’ user agreements and operating procedures.
The emergence and evolution of advanced evasion techniques represents a new enterprise security battlefront, where the hacker’s deep knowledge of architectures and common security tactics enable attacks that are very hard to uncover. With target audiences so large, financing mechanisms so convenient, and cyber-talent so accessible, robust innovation in criminal technology and tactics will continue its surge forward in 2014.