The year 2012 was a big year for security.
The Flame and Gauss viruses demonstrated the potentially devastating, threat of cyber warfare, Anonymous showed the world just how powerful hacktivists can be, and the first ever virus found in the iTunes app store made us realise that not even Apple is safe from cyber-attack.
The most recent James Bond film, Skyfall, which has made $1.9m in its opening weekend in the box office alone, showcases the scary possibilities of cyber espionage and warfare.
But these aren’t just farfetched concepts from a Bond movie - cyber security is a very real threat.
As we move into 2013, Kaspersky Lab reminds both consumers and businesses not to be complacent about online security, with the top 13 issues to look out for.
1. Critical infrastructure:
In 2012, Kaspersky Lab discovered three new major malicious programs that were used in cyber warfare operations: Flame, Gauss and miniFlame.
During next year more countries will develop their own cyber programs for the purposes of cyber-espionage and cyber-sabotage.
These attacks will affect government institutions, businesses and critical infrastructure facilities with governments expected to create more monitoring tools to enhance the surveillance of individuals, which will enable secret access to targeted mobile devices
2. Exploit kits:
Exploit kits will continue to be one of the most popular weapons in the cybercriminals’ arsenal for 2013.
To increase the risk of infection, malware writers create and sell exploit kits – packages of malicious programs that simultaneously target several vulnerable points in the system.
Cybercriminals use kits to access a large number of computers, with the aim of spreading malware and accessing information, targeting the most vulnerable application platforms like Java or Adobe flash.
The kits sell on the black market for anything for several thousands of dollars
3. Targeted attacks:
The opposite to exploit kits, which cast a wide net in search of multiple victims, targeted attacks focus in on one person, such as an important CEO.
Hackers may get access to this person’s Facebook page, for example, or create a false one, with the aim of making contact with other people within that organisation.
By ‘friending’ the CEO’s co-workers, the hacker can gain access to personal information, which can be used for various purposes, including cracking passwords.
Cyber criminals are taking over the internet in more sophisticated ways each year.
With the increase in online shopping, we predict to see more DNSChanger attacks – this is malicious software that changes domain name settings and tricks consumers into thinking they’re on a legitimate website, when in fact they’ve been redirected to a fake website.
The fake sites look exactly the same – they even have the same URL in the address bar – and allow hackers to steal personal information and credit card details. A good anti-virus software that’s kept up to date should be able to detect whether a website is real or fake
In 2013 we’re likely to see smaller botnets than in previous years. While botnets have traditionally infected computers to create large zombie networks to launch DDoS attacks, we’re expecting botnet sizes will drop in 2013 because smaller networks are harder for governments to detect.
The smaller botnets will be focused on data mining and corporate espionage, rather than sending bulk spam and DDoS attacks
Modularisation, where hackers add their own plug-ins to web browsers, is on the rise and will continue into next year. When accessing an infected website, you can inadvertently download malicious software which allows hackers to take over your computer.
This form of attack is especially targeting computers that are left on overnight.
Hackers can use your unattended computer to search important files, send spam, or do anything they like. Do you turn your computer off when you leave the office every night?
7. Mobile attacks:
With the continuous rise of Android devices, and its easy-to-hack open source operating system, Android based malware is still going to be the biggest mobile threat facing consumers in 2013.
Zitmo and Spitmo remain the most popular phone malware used for mobile attacks. However, with 390 different types of mobile malware discovered in 2012, we should expect the number of mobile malware to rise for 2013
8. Rogue certificates:
In addition to mobile malware, malicious apps continue to be an issue for smartphone and tablet users. Hackers are creating rogue certificates that allow them to bypass even Apple’s very strict guidelines.
Notably, the first infected Apple app, ‘Find and Call’, was discovered in 2012 and we predict there will be more infected apps in 2013 thanks to more sophisticated rogue certificates
9. NFC malware:
As mobile phone companies and banks make the push to enable NFC payment systems via smartphones, the hackers will surely follow. With consumers linking their credit card details directly to their phones, hackers will be more tempted than ever to infect phones with malware so they can steal them.
For anyone planning to purchase smartphones with NFC payment capabilities, installing mobile security on your smartphone is going to be crucial
10. Share baiting:
Social networks are as popular as ever, and one of the biggest growing scams on social networking sites is share baiting. This often comes in the form of a friend ‘recommending’ a video, which opens up a web page where you need to fill in your details and answer questions.
The cyber scammers pushing these video links make money for every survey that gets filled out – which is why they make the videos as enticing as possible
11. Online privacy:
Development of social networks, and, unfortunately, new threats that affect both consumers and businesses have drastically changed the perception of online privacy and trust.
As consumers understand that a significant portion of their personal data is handed over to online services, the question is whether or not they trust them.
Such confidence has already been shaken following the wake of major password leaks from some of the most popular web services such as Dropbox and LinkedIn.
The value of personal data – for both cybercriminals and legitimate businesses – is destined to grow significantly in 2013
Despite the benefits of HTMLs most recent version, the fact that all programs can now be integrated with the one browser makes creating a breach a cake walk for hackers.
With vulnerable systems like Adobe now being integrated directly into a browser, it makes it easier for hackers to access everything else within the same page.
As Web threats evolve, it is more important than ever to ensure you’re never even browsing the Internet without adequate protection
13. Unregistered markets:
Hosting service providers in New Zealand are regulated, but there are unregistered markets outside of New Zealand that don’t play by the same rules.
Many illegal P2P torrent downloading sites are hosted in unregistered markets – the same places where many spoof and phishing websites originate from.
Given the ease of setting up these sites and the amount of money that can be made, we expect hosted services from unregistered markets to grow in 2013, with copyright taking the biggest hit
“Every day new viruses, worms, Trojans and other malicious attacks and scams are being developed, so it’s more important than ever to update your internet protection regularly, as hackers will always find vulnerabilities," says Wayne Kirby, product specialist, Kaspersky Lab ANZ.
“Remember not to be complacent about your own security. Change your passwords regularly, and don’t use easy to obtain information, such as a pet or family member’s name.
“Finally, if you’re a Mac user and think you’re safe – think again. In 2013 we expect to see more Mac viruses than ever before.”
What do you think will be the biggest threat to security next year? Tell us your thoughts below