Cybercriminals will increasingly use ransomware, malware and hacktivism over the next year to move further into the lucrative business market.
McAfee has released it 2014 A/NZ threat predictions which highlights the treand towards ransomware and targeted attacks over the next 12 months.
In 2014, it also expects to see an increase in the new complex types of attacks on business PCs and mobiles, but it is clear that traditional tactics which have been around for years will also continue to impact businesses.
Michael Sentonas, Global CTO for Security Connected at McAfee said a key trend was that ransomware attacks, which usually target consumers, such as CryptoLocker, will move further into the business space where they have the potential to severely affects operations and cost companies a lot of money.
“We also expect to see an increase in mobile malware, which effectively locks the user out of his or her device or machine so the cyber criminals can access data, to have an impact on businesses via their increasingly mobile workforces,” he said.
“Hacktivism attacks which usually target governments are anticipated to spill over into business and enterprise markets.”
Understanding cyber threats and areas of vulnerability in the year ahead is vitally important as more businesses move operations into the cloud and embrace mobile technologies, providing cyber criminals with more entry points into company networks and data.
But Sentonas said, unfortunately, the poor cyber security foundations of many companies will continue to create an environment of high motivation, high opportunity for the attacker in 2014.
“In 2013, I saw a number of successful high profile attacks that occurred due to poor patching, misconfigurations, out of date security, and a lack of enterprise wide security visibility.
“Businesses need to understand that lax cyber security could have significant implications on their company data, operations and financial viability.”
Top ten threats for 2014:
1. Ransomware – Expect ransomware samples to increase given the financial success the cyber criminals have had with this type of malicious software. Ransomware such as CryptoLocker has typically targeted consumers, but now also targets enterprises.
2. Mobile Malware – The increasing volume and complexity of malware designed to capture identity and financial information will continue to crossover from desktops to mobile devices; a significant issue for an increasingly mobile workforce.
3. Destructive Malware – Cyber attackers are leveraging more destructive functions within their attack code. Cyber criminals will continue to drive the unprecedented rise in destructive malware, some of which are designed to damage the victim’s master boot record resulting in complete computer systems being rendered inoperable.
4. Hacktivism – Hacktivist groups based in Singapore, Malaysia, Indonesia and Australia will continue to target governments in 2014 and are expected to also spill over and target private enterprise.
5. “Next Generation” security tools will come under attack – Attackers will continue to develop exploits that will be ‘sandbox aware’ aiming to bypass security systems, demonstrating that sandboxing is a feature and not a complete security solution.
6. The Internet of Things comes alive – All devices that connect to the corporate network and the internet should be considered endpoints that come with a level of risk as they typically have less security, both by design and through poor security practices, and will be a target for attackers.
7. Bypassing Digital Signatures – More than 1.5 million samples of malware signed with digital signatures already exist and attackers will continue to circumvent the trust mechanisms upon which our digital ecosystems rely.
8. Security vs Privacy debate will continue – In 2014,expect to see some government and corporate organisations go dark in response to privacy issues. Consumer privacy demands will impact security architectures, the cloud, and information sharing.
9. Threat cycles will be recycled. A significant percentage of successful cyber intrusions do not rely on sophisticated techniques, rather the attackers aim to exploit lax security architecture, policy and skills shortages using tried and true methods.
10. Targeted Attacks to continue – An increase in targeted attacks on government, large enterprise organisations and small businesses is expected as cyber criminals focus their attempts to financially exploit targets. This does not necessarily mean a correlating increase in advanced malware and advanced persistent threat samples as attackers may use sophisticated or traditional techniques to achieve their ends.