Top Security Trend Predictions for 2014
The security experts at AppRiver actively monitor cyber risks 24 hours a day, every day. By scanning millions of messages, they uncover new and emerging threats in real time. Here are a few trend predictions for 2014 from AppRiver:
State-Sponsored Attacks and Cyberespionage—Security professionals are keenly aware of the frequency and success rate of state-sponsored cyberattacks, but for many others it is out-of-sight and out-of-mind (quick, look away!). Every day, critical infrastructure and organization entities face state-sponsored cyber attack. Far less common is nation states admitting to being behind them. But as more countries become equipped, empowered and emboldened to orchestrate these attacks, we can only expect the frequency and severity to increase.
Nontraditional, Internet-Connected Device Attacks—There is proof-of-concept evidence that it is possible to take control of medical devices such as a pacemaker. Though this is a pretty terrifying scenario, it has yet to happen in the real world. Of course, not all devices are as crucial as the pacemaker, but that doesn’t deter hackers who enjoy “pranking” hacks, which target devices connected to the Internet, such as Internet-controlled thermostats. With more and more things connected to the Internet, we can expect to these attacks to rise in 2014.
Improved Public Awareness of the Cost of Cybercrime—Cybercriminals are targeting a staggering number of people and businesses for the purpose of mass data theft. They are after anything of value, such as credit card numbers, personal information (that can be used for identity theft), bank account details, corporate trade secrets and more. As long as this type of data is stored online, it always will be targeted by malicious actors—individual hackers, activist groups, organized crime rings or nation states.
Along with the increased frequency and severity of cyberattacks is the responsibility of organizations to report a breach affecting customers or shareholders. The trend over the past few years for companies to be more transparent in disclosing information about data breaches and cybersecurity exposures is likely to continue in 2014.
"Adobe-Like" Breaches—In October 2013, Adobe announced there had been a security breach in its systems, which included the source code of Adobe’s ColdFusion and Acrobat software as well as 150 million active user accounts, according to reports. With so many breaches of user data, the data can end up being sold to the highest bidder. All of that information can make issuing attacks or stealing money easier for the attacker later on. But in a case of stolen software or source code, there also is a large risk of hackers knowing the ins and outs of the software, enabling them to write malicious code aimed at weaknesses they find. With the source code at hackers' power, we may be seeing these exploits come to light in 2014 and more Adobe patches being created for the new exploits.
Mobile Malware—Along with the growing popularity of mobile devices, so, too has malware grown. Most malware targets Google’s Android operating system, which is more open than Apple's iOS or the Blackberry OS. This allows developers to have more freedom in creating apps, which in turn provides more opportunity for those developers to create malware. With Android being the most popular mobile device operating system out there, we suspect to see the malware volume continue to increase in 2014. As the mobile malware market continues to grow next year, Google most likely will be right there taking steps to further secure the Android operating system.
Ransomware—Thanks to the media hype and the sheer effectiveness of malware such as Citadel and CryptoLocker in 2013, we should expect to see a continued—if not an increased—use of Ransomware well into 2014. CryptoLocker’s technique of encrypting data on its targets, making it unusable even after CryptoLocker is removed, proved to be highly effective for the cybercriminals. When something works for the bad guys, they tend to stick with it. The only thing that would possibly hinder the appearances of more Ransomware on the horizon would be the capture of the CryptoLocker group by authorities.
The Onion Router—Thanks to the recent arrests of Ross Ulbricht, founder of the Silk Road, and his associates, there will be a lot of chatter about what’s next for The Onion Router (TOR) and the hidden Internet, or Deep Web, as it’s sometimes called. As the FBI proved with the Silk Road arrests however, TOR isn’t completely anonymous anymore. People will be having the discussion about whether we truly will be able to remain anonymous online.
Guest blogs such as this are part of The VAR Guy's annual Platinum sponsorship.