IRCRE201312154
Date: 2013-12-17
Ransomware Evolution
2012 and then 2013 showed us the peak of Ransomware and the kind of damage it could do. From being simple psychological games that barely prevent you from continuing use of your computer, to accusing you of crimes and eventually encrypting all the files you hold dear.
Will we continue to see it in 2014 though? Most definitely.
While many people seem to know about the threats of Ransomware and properly protect themselves from it; cyber criminals just change around their attack method to counter our protections.
Seeing as how often it has been used in the wild, we can say that the attack is highly successful and therefore we can expect to see its continued use.
However, if we look at some recent activities made by the criminals using Cryptolocker, we can see that they are getting somewhat desperate. Cryptolocker now offers a “post timer” option to decrypt files, by hosting a site that offers decryption for a higher fee.
Did they do this because they weren’t seeing a very good return in investment from the original infections? Maybe they are just trying to reel in even more cash from users that were unable to pay the original fee.
I predict that for 2014, we will see continued evolution of Ransomware, figuring out new ways to infect users and force them to pay a fee.
We will see Ransomware making more of a presence on previously less targeted platforms, such as OS X and mobile devices.
However, unlike the end of 2012 and early 2013, we will see fewer cyber gangs using Ransomware tactics. For example, there were numerous families in the wild, spreading very similar Ransomware but different enough and originating from different sources, while 2014 will most likely have fewer sources but more advanced, and therefore dangerous, malware.
Mobile and Device based Malware
Speaking of mobile malware, you can expect the continued threat of malicious software and scams targeting your mobile device in 2014.
As mentioned previously, we’ve seen an uptake in mobile malware in 2013 as mobile devices became the primary source of internet use, eCommerce and social interaction for many users.
This user trend is unlikely to go into decline as technology gets even more portable and more powerful, therefore where the users go, the criminals will follow.
Those of us in the west have been lucky that we have not endured the types of mobile threats our friends in the east have, such as Russia. SMS Trojan attacks are far more frequent in that part of the world than they are in the U.S. However, there are plenty of avenues malware authors could take to steal our money.
For example, we could see mobile malware that uses the saved Google Store credentials to buy apps that you don’t want or need. They could also use your device for malicious attacks, such as DDoS, and adding your tablet or phone to a botnet.
In addition, it is not farfetched to think that mobile devices are the next big target for remote access trojans, allowing your phone to become a surveillance camera, microphone and in the case of Bluetooth, a transmission device.
Also mentioned previously was the discovery of malware tactics that infected the desktop as well as the mobile device; you can count on the fact that we will see an increase in that type of threat.
Many online services, banks, stores, etc. are using authentication measures that require codes sent to mobile phones, making it a requirement for cyber criminals to intercept calls, text messages or anything else for the purpose of accessing secured services.
Luckily, many antivirus and Anti-Malware vendors are migrating their already trusted malware protection solutions to mobile devices to counter these threats.
Mac OS Malware
2014 will have more attacks against Mac operating systems, period.
If you’ve kept up with yearly predictions from security companies in the past, we have all said this before and usually the impact isn’t quite what we expected. It’s almost like a “boy who cried wolf” thing, but just like the story goes, those who don’t heed the warnings will inevitably become victims.
Recent history has shown us that Macs are being targeted with similar attacks as PC users. We’ve seen Ransomware, malicious browser plugins, rogue antivirus software and a slew of other malware.
In addition, computer repair scams exist for Mac users just as much as for PC users, a threat that doesn’t even require a malware infection but rather just an unsuspecting and uninformed user.
Finally, many of the plugins, extensions and third-party applications that are exploited on Windows are also used on Mac platforms and therefore susceptible to the same threats when it comes to remote code execution.
New Methods of Privacy
The biggest story in security this year has been the leaks released about the National Security Agency (NSA) and their ability to collect, intercept and decrypt all kinds of electronic communication.
Due to the new concern users may have about their privacy while online, we may very well see an increased development of privacy technologies.
From enhanced biometric software to three factor authentication, 2014 will most surely see the average user taking precautions in securing their personal data online.
As an unintentional bonus, this will in turn protect users from online scams and even malware that would otherwise be able to infiltrate and steal confidential information. Hopefully the fear of government surveillance will be enough to safeguard otherwise unprotected users and therefore starve the cyber criminals.
New Dominant Exploit Kits
As I mentioned when explaining the previous year’s threat from the BlackHole Exploit Kit, there will likely be a successor to the dominant exploit kit throne.
I predict that by the middle of 2014 we will see a new and more powerful exploit kit that possesses similar traits to BlackHole and will either be very cheap for cyber criminals to purchase or be leaked to the underground community to use for free.
However, 2013 was a great year for law enforcement, with arrests of the BEK author, numerous criminals behind the rampant use of Ransomware and even arrest of actors behind DNS Changer. The next year may follow that trend and as soon as we see a new BEK, it won’t take long for it to be taken down.
Hardware Exploits
Attacking software is easy and very effective. Users use the same software across the board, be it different versions. A cyber-criminal has a high probability of success when they target something like Java or Flash.
The other end of the spectrum is hardware attacks, where attackers use specially created software to exploit vulnerabilities in user’s firmware running on some piece of hardware. These attacks are not as common however they are incredibly powerful.
The problem is that so many users use different types of hardware in their systems and predicting what a user has running is a nearly impossible without targeted intelligence. Therefore, we only really see hardware attacks used in state-sponsored operations, where one government is trying to infiltrate the networks of another.
With the migration from PCs to Macs, we may very well see more attacks aimed at certain types of Mac hardware, only because Macs use a standard hardware build for their products.
A clever cyber-criminal might look at the most commonly used Apple product and then investigate possible ways to exploit that particular system. An attack aimed in that direction has a higher chance for success than a similar attack on the PC. The potential for information stealing, disruption and even being undetected is much greater.
The good news is that hardware attacks are very hard to come by, regardless of whether or not intelligence gathering has been performed.
For the average user, there is little likelihood that cyber criminals would target their systems because of time and resources required to develop such a threat.
It is still more likely that hardware attacks would be developed and aimed at state-sponsored entities, though as we continue to adopt new technologies and policies like “bring your own device,” the threat of infection becomes greater.
References:
http://blog.malwarebytes.org
- 2