Biggest security threats in 2014

Smarter, shadier and stealthier cybercrime will force the IT industry to dramatically change in 2014, predicts Sophos

January 5, 2014
data security skull

Sophos released its latest Security Threat Report on 10 December 2013, predicting a greater focus from cybercriminals on high quality and convincing phishing and social engineering.

The report outlines the significant changes in cyber-criminal behavior over the course of last year and a forecast for their preferred methods of attack in 2014.

“This year cyber criminals continued the theme of professionalization of their ‘industry’, offering easy to buy and use services that amplified the scale of cybercrime to never before seen levels,” said Sophos.

“While many security experts are aware of the high level trends, few have recognized their significance” said James Lyne, global head of security research at Sophos.

“If 2013 has taught us anything, it is that traditional security controls are struggling. These new behaviors are forcing the industry to adapt and change, and widely held best practices must be reconsidered.”

The threat report highlights new security concerns ranging from stealthy malware tools that offer dynamic camouflage and provide attackers with long-term persistent access to users’ data, to the proliferation of connected devices that represent new and often ill-protected targets.

Many new “Internet of things” devices are becoming commonplace, offering shadier cyber criminals the potential to impact our daily lives, rather than just the traditional theft of financial information.

“These trends are set to continue in 2014 as threats become even smarter, shadier and stealthier,” said Lyne.

In 2014 Sophos predicts greater focus from cybercriminals on high quality and convincing phishing and social engineering. This, Sophos said, is to compensate for harder to exploit operating systems like Windows 8.1.

Embedded devices – such as POS systems, medical systems and new ‘smart’ infrastructure – will open old wounds as security mistakes eliminated in the modern PC environment are carelessly re-implemented.

Attacks on corporate and personal data in the cloud will continue to grow as providers struggle to refine the security strategy in this new computing platform; and malware for mobile is set to become as sophisticated as its PC relatives.

Trends to Watch in 2014

Sophoslabs said that the following trends should be prominent in the coming year:

  • As businesses increasingly rely on various cloud services, we expect to see an emergence of attacks targeting endpoints, mobile devices and credentials as means to gaining access to corporate or personal clouds.
  • We expect the success of advanced persistent threats (APTs) in carrying out attacks for the purposes of industrial espionage will inspire old-school financial malware gangs to adopt their techniques.
  • Cybercriminals will continue to explore new avenues for Android malware monetization.
  • Malware diversity by targeted audience will likely continue to grow in 2014, especially to differentiate between consumer and business users.
  • Mobile security in general will continue to be a hot topic in 2014. The continuing adoption of emerging apps for personal and business communication widens the attack surface, particularly for socially engineered scams and data exfiltration attempts.
  • In the never-ending fight between the cybercriminals and security vendors, we expect to see new weapons aimed at the latest cyber-defense mechanisms. Reputation services, cloud security databases, whitelisting and sandboxing layers will be attacked in new and sinister ways.
  • With growing adoption of 64-bit operating systems on PCs, we’re expecting a growth of malware that is unable to run on 32-bit PCs.
  • With Windows XP reaching end-of-life after 12 years, it will become a huge target for attackers.
  • The revelations throughout 2013 of government agency spying and backdoors showed the world that broad-scale compromise of the core infrastructure we all operate on is happening. The discoveries so far likely only scratch the surface and we can expect to see many more of these stories in 2014.
  • While we don’t expect attacks against the “Internet of Things” to become widespread in 2014, we do predict an increase in reported vulnerabilities and proof-of-concept exploits.

Websense 2014 security predictions

Websense released its 2014 security predictions report recently, which included the following predictions:

  • Advanced malware volume will decrease.
  • A major data-destruction attack will happen.
  • Attackers will be more interested in cloud data than your network.
  • Redkit, Neutrino and other exploit kits will struggle for power in the wake of the Blackhole author arrest.
  • Java will remain highly exploitable and highly exploited — with expanded repercussions.
  • Attackers will increasingly lure executives and compromise organizations via professional social networks.
  • Cybercriminals will target the weakest links in the “data-exchange chain.”
  • Mistakes will be made in “offensive” security due to misattribution of an attack’s source.

More on security

Fraudsters using Woza Online to scam people in SA

SA Parliament hacker in court

Worst passwords in the world revealed

Tags: Headline, security, Sophos, SophosLabs, Websense

Free Email Newsletter:
Subscribe

Shutterstock is the image partner of MyBroadband – technology images can be found here

Join the conversation

Connect with MyBB

twitterfacebookandroidappleblackberrynewsletterfeed

Poll

Will you subscribe to Telkom’s 100Mbps fibre service if it is available in your area?

View Results

Loading ... Loading ...

More News

Slow ADSL for some Telkom Internet users

Snail slow network cable

Many Telkom Internet service provider users are complaining about poor ADSL performance in KZN

Standard Bank apologises for systems failure

Standard bank

Standard Bank has apologised to its clients for technical glitches that lasted several hours on Monday

Telkom’s multi-million rand savings drive

Telkom

Telkom has so far managed to save R87.5 million, by curbing procurement costs and promoting a more “conscious and effective Telkom culture”.

Free MTN data promotion extended

MTN data giveback promotion

MTN has announced new pre-paid data bundles along with the extension of its “data giveback” promotion

Free MyBroadband Newsletter:
Subscribe
X
bool(true)