Expect to receive viruses and other nasty things via social platforms like Facebook, Twitter and Instagram, not just through the computer, but also on your phone. McAfee Labs, the global source for threat research, threat intelligence, and cybersecurity thought leadership, expects threats in 2014 to surface in more areas than ever, especially through the mobile platform.
According to the company's annual 2014 Predictions Report, released end-December 2013, the trends
through its proprietary McAfee Global Threat Intelligence (GTI) service
point to virtual currencies such as Bitcoin fuelling the growth of ransomware* across all platforms, including mobile.
target audiences so large, financing mechanisms so convenient, and
cyber-talent so accessible, robust innovation in criminal technology and
tactics will continue its surge forward in 2014,” said Vincent Weafer,
Senior VP, McAfee Labs.
McAfee Labs foresees the following trends in 2014:
Mobile malware* will drive growth in both technical innovation and the
volume of attacks in the overall malware “market” in 2014. In the last
two quarters reported, new PC malware growth was nearly flat, while
appearances of new Android samples grew by 33%.
businesses and consumers continuing their shift to mobile, McAfee Labs
expects to see ransomware aimed at mobile devices, attacks targeting
near-field communications (NFC) vulnerabilities, and attacks that
corrupt valid apps to extract data without being detected.
Virtual currencies will fuel malicious ransomware attacks around the
world. Virtual currencies provide cybercriminals with a conveniently
unregulated and anonymous payment infrastructure through which to
collect money from victims. Currencies such as Bitcoin will enable and
accelerate new generations of ransomware such as the Cryptolocker threat of 2013.
Criminal gangs and state actors will deploy new stealth attacks that
will be harder than ever to identify and stop. There will be broad
adoption of advanced evasion techniques, such as the use of
sandbox*-aware attacks that do not fully deploy unless they believe they
are running directly on an unprotected device.
4. Social platforms, such as Facebook and Twitter, will be
used more aggressively to target the finances and personal information
of consumers, and the intellectual property and trade secrets of
business leaders. Such information can be used to target advertising or perpetrate virtual or real-world crimes.
In 2014, new PC attacks will exploit application vulnerabilities in
HTML5, a standard which allows websites to come alive with interaction,
personalisation, and rich capabilities. On the mobile platform, McAfee
Labs is predicting attacks that will breach the browser’s “sandbox” and
give attackers direct access to the device and its services.
Cybercriminals will increasingly target vulnerabilities below* the
operating system, in the storage stack and even in the BIOS*.
In 2014, security vendors will continue to add new threat-reputation
services and analytics tools that will enable them and their users to
identify stealth and advanced persistent threats faster and more
accurately than can be done today with basic “blacklisting”* and
7. Deployment of cloud-based corporate applications will create new attack surfaces that will be exploited by cybercriminals.
Because they lack sufficient leverage to demand security measures in
line with their organisational needs, small businesses that purchase
cloud-based services will continue to grapple with security risks that
are not addressed by cloud providers’ user agreements and operating
For a full copy of the 2014 Predictions Report from McAfee Labs, click here.
a lot of functionality 'below' the operating system which controls
fundamental activities such as how data is stored onto a drive, how
bright your display is, and what the computer does when the power switch
is pressed. This is against the activities 'above' the operating
system, such as starting up software like Microsoft Office, playing
music when music file is clicked, etc.
*BIOS refers to the code that controls the chips on the motherboard.
avoids everything in the blacklist as it is not approved, whereas
whitelisting embraces everything in the whitelist as it is pre-approved.
control how data is stored on physical machines so as to create what is
known as a cloud, where data can be stored and delivered anytime,
anywhere, on any device.
*Malware refers to malicious software.
*Ransomware is malicious software that causes a problem which can only be fixed through paying the hackers money.
separate suspicious software from the existing system. The suspect
software is tested in the sandbox, and only introduced into the system if it is found to be harmless.