With the dust still settling from the theft of 40 million credit cards from retail giant Target, and new revelations about network breaches at Snapchat and Skype, 2014 is shaping up to be a busy year for cybersecurity.
But if the experts at McAfee Labs are right, this year is likely to see a significant increase in the complexity of the threat environment as cyber-criminals double down on targeting mobile devices and emerging browser vulnerabilities, and develop new forms of malware capable of evading detection by big data analytics.
According to a new threat report released Dec. 30, McAfee Labs expects to see new forms of malware targeting mobile devices, particularly Android users.
“It is highly likely we will see the first real ransomware attacks aimed at mobile devices that will encrypt key data on the device and hold it for ransom,” the report states. “The information will be released only if the victim delivers either conventional currency or a virtual currency—such as Bitcoin—to the perpetrator.”
The report also warns of new attacks on vulnerabilities in the near-field communications features now found on many devices, as well as attacks that will corrupt valid apps to steal personal data without being detected. McAfee also predicts an increase in the number of attacks that will leverage mobile devices as a way to target enterprise networks.
McAfee analysts are also warning of new PC attacks that will attempt to exploit vulnerabilities in HTML5, a new Web programming language designed to enhance interactivity and rich media, and provide new ways for users to interact with mobile websites.
“As many HTML5-based applications are designed for mobile devices, we expect to see attacks that will breach the browser sandbox and give attackers direct access to the device and its services,” the report states. And this could be yet another headache for enterprise security managers as large companies and agencies develop internal applications based on HTML5.
Adding to the complexity of the threat environment this year will be a new generation of what McAfee calls “sandbox-aware” malware that will be smart enough not to fully deploy unless it knows it is running directly on an unprotected device. Likewise, these tools will be capable of taking evasive actions, including self-deleting after compromising a system.
Big data was certainly a big deal in 2013. But this year, big data is expected to make a significant impact on the ability of the security industry to identify many of these advanced attacks. According to McAfee, security vendors this year will add new threat-reputation services and big data analytics tools that will enable them and their users to identify stealth and advanced persistent threats faster and more accurately than is possible today.
And it should come as no surprise McAfee researchers expect to see the first signs this year of malware and spam gangs attempting to poison security telemetry to make their activities less noticeable to big data analytics tools.
Big data also comes with a downside, especially for those concerned with privacy. In a Dec. 30 blog post, McAfee researchers Igor Muttik and Ramnath Venugopalan warn it will be tougher this year for Internet users to remain anonymous.
“In 2014, we expect commercial companies will become more effective and more aggressive in tracking consumers by analyzing their growing pieces of big data. Driven by further adoption of ‘do not track’ functionality in browsers, we foresee an accelerated shift from tracking based on cookies toward fingerprinting based on browsers and behavior,” Muttik and Venugopalan wrote.
“As a result, there will be deeper and wider online tracking and an increasing number of privacy concerns. Unprotected users will continue to lose control over who analyses and records their online actions and when it happens. Staying anonymous when browsing will be harder.”
