As the usage of PCs, tablets and smartphones become more prominent it is predicted that the cyber threats businesses face are expected to become more complex, according to McAfee.
The security provider company said that it expects to see cyber attacks in form of ransomware, malware, hacktivism and targeted attacks increase over the next 12 months as cyber criminals move further into the local lucrative business market.
- Ransomware – Expect ransomware samples to increase given the financial success the cyber criminals have had with this type of malicious software. Ransomware such as CryptoLocker has typically targeted consumers, but now also targets enterprises.
- Mobile malware – The increasing volume and complexity of malware designed to capture identity and financial information will continue to crossover from desktops to mobile devices; a significant issue for an increasingly mobile workforce.
- Destructive malware – Cyber attackers are leveraging more destructive functions within their attack code. Cyber criminals will continue to drive the unprecedented rise in destructive malware, some of which are designed to damage the victim’s master boot record resulting in complete computer systems being rendered inoperable.
- Hacktivism – Hacktivist groups based in Singapore, Malaysia, Indonesia and Australia will continue to target governments in 2014 and are expected to also spill over and target private enterprise.
- “Next generation” security tools will come under attack – Attackers will continue to develop exploits that will be ‘sandbox aware’ aiming to bypass security systems, demonstrating that sandboxing is a feature and not a complete security solution.
- The Internet of things comes alive – All devices that connect to the corporate network and the internet should be considered endpoints that come with a level of risk as they typically have less security, both by design and through poor security practices, and will be a target for attackers.
- Bypassing digital Signatures – More than 1.5 million samples of malware signed with digital signatures already exist and attackers will continue to circumvent the trust mechanisms upon which our digital ecosystems rely.
- Security vs privacy debate will continue – In 2014, expect to see some government and corporate organisations go dark in response to privacy issues. Consumer privacy demands will impact security architectures, the cloud, and information sharing.
- Threat cycles will be recycled – A significant percentage of successful cyber intrusions do not rely on sophisticated techniques, rather the attackers aim to exploit lax security architecture, policy and skills shortages using tried and true methods.
- Targeted attacks to continue – An increase in targeted attacks on government, large enterprise organisations and small businesses is expected as cyber criminals focus their attempts to financially exploit targets. This does not necessarily mean a correlating increase in advanced malware and advanced persistent threat samples as attackers may use sophisticated or traditional techniques to achieve their ends.
McAfee global CTO for security connection Michael Sentonas said understanding cyber threats and areas of vulnerability in the year ahead is vitally important as more businesses move operations into the cloud and embrace mobile technologies, providing cyber criminals with more entry points into company networks and data.
“Unfortunately, the poor cyber security foundations of many companies will continue to create an environment of high motivation, high opportunity for the attacker in 2014,” he said.
“In 2013, I saw a number of successful high profile attacks that occurred due to poor patching, misconfigurations, out of date security, and a lack of enterprise wide security visibility. Businesses need to understand that lax cyber security could have significant implications on their company data, operations and financial viability.”