Firstly though how did threats evolve in 2012? Well I would say largely in line with our previous predictions: social media scams increased, more sophisticated malware ‘toolkits’ appeared, there was a significant rise in mobile malware, spam, phishing and fraudulent websites continued to blight email and web users, and Trojan horse programs remained the largest category of malicious code.
In 2013, such ‘traditional’ threats will continue to target businesses and consumers, but they will be accompanied by more recent developments in cyber-security, such as attacks on virtualized cloud infrastructure, and threats to privacy from both legitimate and criminal sources as they seek to monetize personal data.
Our lives are becoming more closely intertwined with online services and so the potential rewards for cyber-criminals in that area grows too. Most cyber-criminals are motivated by financial rewards, so this is the key to where their activity will be concentrated in 2013.
I expect to see more attacks on the cloud services that businesses and consumers rely on day-to-day, both to cause disruption and to steal personal and financial data.
However, not all threats are as black and white and can be attributed to cyber criminals. We expect that consumers will also find their privacy under attack from legitimate businesses seeking to maximize profits by using personal data without users’ consent.
Here’s my top five digital threats that businesses and consumers will face in 2013:
- Privacy: Online advertising on PCs, tablets and smartphones will become even more aggressively personalized as businesses seek to increase monetization by compromising users’ privacy. Advertisers will use browser tracking, social media trawling and geo-location data to identify individual users, and then serve them a customized programme of adverts, all without the users’ consent.
- Cloud security: Attacks against virtualized cloud infrastructure will expose the risk in public cloud services and the large additional investments needed to better secure them. Well-known cloud systems such as Dropbox, SkyDrive, Cloud Drive (Amazon) and Google Drive have reportedly been attacked by malware, and we will see an increase in attacks against such systems from DoS/DDoS attacks.
- Mobile threats: As the world’s most popular mobile operating system, Google’s Android OS is now the prime target for smartphone and tablet malware. Due to security enhancements in Android 4.2, threats will become more sophisticated and go polymorphic in order to avoid detection by traditional app store security. Taking advantage of device mobility, threats are becoming more bot-style with local infection techniques rather than taking app form.
- PC threats: The steady increase in popularity of Windows 8 will inspire hackers to reveal new vulnerabilities, develop new-style malware and fraudware, and present new proof-of-concept exploits. The number of infected websites targeting PCs will also increase with the growing popularity of ‘commercial’ exploit kits such as Blackhole, while users’ problems will be compounded by an increased reliance on built-in security systems.
- Mobile-to-PC threats: Increased connectivity between mobile devices and PCs, combined with the growing Bring Your Own Device trend will make it much easier for malware and viruses to spread across business and home networks. We also expect to register more MITMO (Man-In-The-Mobile) attacks that target PC and mobile internet banking apps. These multi-factor authentication attacks will be stealthier, more polished and more location-oriented.
As CTO of AVG Technologies I would say this, but make sure you have the best chance of beating the cyber criminals this year by having an up-to-date antivirus product on your PC or mobile device. Take a look at what AVG has to offer on AVG.com and get protected.
In the meantime, I would like to wish you all a Happy New Year and a safe and secure 2013.