Innovation is usually a positive word, ascribed to the efforts of organizations to improve profitability and productivity.
Regretably, creators of IT threats are expected to be even more innovative in 2014 than they were this year, according to Doug Cooke, director of sales engineering at McAfee Canada.
“As the technology evolves hackers look at different things,’ he said in an interview as McAfee released its 2014 threat prediction report.
“Instead of a ‘spray and pray’ approach (to distributing malware) they’re being much more targeted” including going after critical infrastructure.
Here are McAfee’s seven predictions for the coming year:
–Always ready to follow the money, the bad guys will continue turning their efforts towards mobile malware. It was the fastest growing trend this year, Cooke added. “Ransomware” – malware that takes over your device and won’t let go until you pay for a so-called fix — will move to mobile operating systems. Also, as near field communications (NFC) – the capability to swipe a mobile device by a scanner for payment – spreads, it will increasingly be looked at as an attack vector.
The vehicles will be traditional – users clicking on a link.
Enterprises should be warned: With an increasing number of mobile devices tolerated within organizations, dealing with mobile-based threats will be something to be prepared for.
–Virtual currencies like bitcoin, ripple, litecoin and others will be “the vehicle of choice hackers will use when attempting to fleece people of their money – including through ransomware.
Why? Because digital currencies provide cybercriminals with so-far unregulated and anonymous payment structures.
–“Hackers are getting smart,” Cooke said. When they create a new piece of malware it gets targeted, making it harder for security companies to get examples of it and build a defence. That’s one reason why sandbox defences are increasing, he said. Hackers are responding with malware that doesn’t execute in a sandbox, which can defeat an intrusion protection scanner. Malware evasion techniques will be quite sophisticated.
–Social media-based threats will increase. Think of the botnet on Facebook that scraped up user passwords. Attackers will also increasingly try using Facebook for phishing attacks to get unsuspecting people to click on links for changing passwords or give out personal information. Linkedin will also be a target.
— HTML 5 is rapidly being used by more organizations for Web-based content. New PC attacks will exploit vulnerabilities created in part by inexperienced coders. And cybercriminals will also go after BIOS systems and storage devices.
–It wouldn’t be an IT story if cloud computing didn’t get mentioned. Guess what – cloud based corporate applications will also be increasingly targeted. After all, hypervisors are ubiquitous.