2014 information technology threat predictions


Published on

Infographic - 2014 will witness new attack vectors and evasion techniques. Threat innovation will focus on mobile, social and cloud platforms while advanced evasion techniques will plague network security systems...

Published in: Business
  • Be the first to comment

  • Be the first to like this

2014 information technology threat predictions

  1. 1. IN 2014, EXPECT NEW ATTACK VECTORS AND EVASION TECHNIQUES Threat innovation will focus on mobile, social, and cloud, while advanced evasion techniques will plague network security systems. MOBILE MALWARE Mobile devices draw rapid rise in attacks and the most innovation in threat defenses. IN 2014 IN 2013 33 PERCENT In the past two quarters, Google Android malware samples grew by 33 percent, while PC malware sample growth held steady. Expect an explosion in mobile ransomware, infections of near field communication (NFC) devices, and the subversion of valid apps to target user data. VIRTUAL CURRENCIES Virtual currencies like Bitcoin fuel an increase in ransomware attacks across all platforms. IN 2014 IN 2013 The combination of anonymity and lack of regulation made these currencies a perfect tool for cybercriminals. 45x Expect to see continued CryptoLocker attacks, as long cybercriminals reap big rewards. The value of Bitcoin climbed 45-fold between January and November.1 Expect corporate assets to be held for ransom. STEALTH ATTACKS SOCIAL ATTACKS IN 2013 IN 2013 New stealth attacks become harder to find and freeze. Expect social platforms to attract new threats as more cybercriminals learn to exploit user and platform weaknesses. 30,000 2 MILLION hard drives were wiped clean on March 20 by Operation Troy, a cyber espionage attack on South Korea—discovered by McAfee Labs.2 Facebook, Google, and Yahoo passwords were stolen using the Pony botnet.3 IN 2014 IN 2014 Expect increased use of social platforms to deliver malware. Expect attack techniques like sandbox-aware attacks, returnoriented programming attacks, and self-deleting malware. Expect exploitation of “sharing” features to gather data required for social engineering attacks on personal, corporate, and government assets. NEW ATTACKS ABOVE AND BELOW THE OPERATING SYSTEM Expect attacks on PCs and servers through HTML5 vulnerabilities and the master boot record (MBR)—an area below the OS that performs key start-up operations. APP IN 2013 ! 52% BOOT RECORD UNDER ATTACK >600,000 Q4 of 2012 and Q1 of 2013 saw record highs for MBR threats, at 600,000 and 800,000, respectively.5 New attack surfaces opened up as 52 percent of developers used HTML5 to create mobile apps.4 IN 2014 Expect PCs to be attacked through interaction and personalization features of HTML5. Expect mobile devices to be attacked through HTML5-based apps that allow breaches of browser “sandboxes.” Expect assaults on PCs and servers that target the storage stack and even the BIOS. CLOUD EXPOSES NEW ATTACK SURFACES Expect cloud-based corporate apps to offer up new attack surfaces: Multitenant infrastructure Hypervisors Provisioning/monitoring management tools GET AHEAD OF THE BAD GUYS: READ THE MCAFEE LABS 2014 THREATS PREDICTIONS REPORT. Visit http://mcaf.ee/gdn2b to learn more. Bloomberg. “Bitcoin Gaining Validity Fuels Rally in Virtual Currency: Tech.” November 2013. http://www.bloomberg.com/news/2013-11-19/bitcoin-gainingvalidity-fuels-rally-in-virtual-currency-tech.html. 1 2 McAfee. “Dissecting Operation Troy: Cyberespionage in South Korea.” July 2013. http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf. 3 McAfee. “‘Pony’ Botnet Gallops Off With 2 Million Passwords.” December 2013. https://blogs.mcafee.com/consumer/pony-botnet-steals-2-million-passwords. 4 Developer Economics. “The Kaleidoscope of HTML5 App Development.” 2013. http://www.developereconomics.com/report/q3-2013-html5-app-development. 5 McAfee. “McAfee Threats Report: First Quarter 2013.” http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2013.pdf. McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2013 McAfee, Inc.