Managed services providers (MSPs) are likely to see a rise in ransomware and security-aware attacks in 2014.
That's according to McAfee Labs' annual "2014 Predictions Report" released this week, a forecast of the threat landscape for 2014. The report pointed to the following concerns for MSPs:
- Mobile malware will be the driver of growth in overall malware attacks.
- Virtual currencies will fuel ransomeware attacks.
- New stealth attacks will be harder to prevent.
- Social platforms will be used to capture personal data.
- PC and server attacks will target vulnerabilities above and below operating systems.
- The threat landscape will dictate adoption of big data.
- Cloud-based apps will create new attack surfaces.
Here's a closer look at each threat.
Mobile malware will drive growth "in both technical innovation and the volume of attacks in the overall malware in 2014."
Ransomware will be aimed at mobile devices, a result of businesses shifting to mobile, the report said. These attacks will include targeting near-field communications vulnerabilities, as well as corrupt valid apps to expropriate data without being detected.
Virtual currencies will fuel malicious ransomware attacks.
Virtual curencies will be used as a way for criminals to conduct business. According to the report, "virtual currencies provide cybercriminals the unregulated and anonymous payment infrastructure they need to collect money from their victims."
New stealth attacks will be deployed that will be harder than ever to identify and stop.
Advanced evasion techniques (AETs) will increase. "Other attack technologies will include return-oriented programming attacks that cause legitimate applications to behave in malicious ways, self-deleting malware that covers its tracks after subverting a target, and advanced attacks on dedicated industrial control systems targeting public and private infrastructure," the report stated.
Attacks on social platforms will increase.
The report said that more criminals will leverage social platforms "to capture passwords or data about user contacts, location, or business activities." According to the report, the information will be "used to target advertising or perpetrate virtual or real-world crimes."
New PC and server attacks will target vulnerabilities above and below the operating system.
"In 2014, new PC attacks will exploit application vulnerabilities in HTML5, which allows websites to come alive with interaction, personalization, and rich capabilities for programmers," the report revealed.
With regards to the mobile platform, the report said that attacks will breach the browser's "sandbox," providing criminals with direct access to the device and its services.
Threat landscape will dictate adoption of big data security analytics to meet detection and performance requirements.
"In 2014, security vendors will continue to add new threat-reputation services and analytics tools that will enable them and their users to identify stealth and advanced persistent threats faster and more accurately than can be done today with basic blacklisting and whitelisting technologies," report sad.
Cloud-based corporate applications will create new attack surfaces.
The report said cybercriminals will attack cloud-based corporate applications because of the insufficient security measures of some data centers, adding that "small businesses that purchase cloud-based services will continue to grapple with security risks unaddressed by cloud providers’ user agreements and operating procedures."
"With target audiences so large, financing mechanisms so convenient, and cyber-talent so accessible, robust innovation in criminal technology and tactics will continue its surge forward in 2014," said Vincent Weafer, senior vice president of McAfee Labs.