Some weeks ago we were talking about what security lessons we’ve learned from 2012’s tumultuous malware and hack attacks. But with devices such as smartphones and tablets becoming ever more prevalent, cybercrooks are on the lookout for new ways to steal data, and with many users slow to adopt security measures for their new devices, it’s more important than ever to be aware of the nature of new threats.
So looking back at last year’s tech developments, threat evolution and statistics on consumer behaviour, we give you our own take on what security and privacy threats you can expect to run into in 2013.
Without further ado, here are Bullguard’s security predictions for 2013:
- More mobile malware than ever before, Android the main target
With Android’s popularity booming – it is now globally the most popular operating system for smartphones and tablets with over 1 million new devices activated daily – we can expect to see it being targeted in increasing numbers in 2013. Due to Android’s open-source nature, it’s easier for cybercriminals to find and exploit platform flaws, and at the same time, Android apps can be put up for download on third-party stores that are poor at screening apps for suspicious behaviour. Google Play, the official Android app store, has struggled with security issues in the past and recent research shows that Google's App Verification Service in the latest Android version, Jelly Bean, detects just 15.32% of known malware compared to existing third-party apps from dedicated mobile security companies.
As Android users will look for more apps to download and make their mobile lives easier and more fun, in 2013 they are more likely to run into malicious software and to get infected if they only rely on Google’s security measures.
- Mobile adware will become more aggressive, flooding notification bars and invading user privacy
Smartphone and tablet users love “free” apps, but in order to produce them, developers often turn to adware in order to raise the necessary funds. Around 90% of all free Android apps come bundled with adware, which often sends pop-up ads to the notification bar. The more aggressive kind can add icons, change browser settings and even legitimately (since an app requires certain permissions to be granted by the users before installing them) collect private information such as: email addresses, device IDs, your location, browsing habits, and even phone numbers. This information can then be sent to remote servers belonging to ad networks who can use this data for targeting purposes. While not necessarily malicious, this ad behaviour is highly invasive and next year we expect advertising companies to push even more in-app ads while trying to find ways to counter any privacy-related complaints.
- Malware privacy breaches will make headlines and the online privacy debate will go to higher peaks
2012 saw a new type of malware enter the stage of data-snatching – the image-snaffling Trojan, which uploads .jpg, .jpeg and .dmp files from infected systems to a remote FTP server. Stolen images can be used in targeted attacks on important individuals for purposes such as blackmail and identity theft. If, up to now, privacy advocates have been advising web users to be careful about the photos they share on social networks, in 2013 users should also be mindful of the images they have stored on their machines and look for ways to properly secure them. In particular, apps that allow photos to be automatically uploaded to online accounts such as Facebook should be treated with particular care. Additionally, expect to see private data-harvesting social apps such as Facebook and Instagram, stealthy automated man-in-the-middle attacks and targeted attacks based on user information (IP, location, language, personal interests) gathered from various online media.
- Online fraud remains rampant
All types of real-life fraud have moved to the online world. Clairvoyant scams, charity donations, fake auctions, lottery scams, fake work-from-home job offers and fake freebies are all ways for cybercriminals to con people by exploiting emotional weaknesses.
In 2013 we’re expecting to see more of one particular type of online fraud – ransomware, which combines malicious code creation with scaremongering. Usually a Trojan, ransomware is designed to restrict access to an infected system and demand that a ransom be paid to the creator of the malware in order for the restriction to be removed. Some forms encrypt files on the system's hard drive, while others may simply lock the system and display messages to coax the user into paying via Ukash, PaySafe or other payment methods. We’re also expecting Social Media to become the main channel to deliver most of the online fraud, phishing attempts and viruses. With more and more people joining social networks, the pool of potential victims only gets larger.
- Mobile shopping on the rise, but not risk-free
Smartphones have become indispensable items with a multitude of useful functions and features. One of these is online shopping, and it’s easy and convenient to use your phone as an e-wallet to pay for things or go online and buy a gift for a friend and immediately have it shipped to them. As convenient as that may sound, mobile shopping is not risk-free.
In 2013 mobile hacks will be rampant, mobile payment systems compromised and more Wi-fi networks exploited by criminals.
- The need for identity protection will be more important than ever
User identity is a precious commodity these days. Your full name, credit card numbers, medical records, every piece of information that can be tracked back to you can be a magnet for identity thieves. And the tendency to digitalize every piece of data, from banking to medical records is just lending them a hand.
In 2013 they’ll try just about anything they can to get your private information: trick you into revealing your information, collect it from social networks or downright steal it using phishing emails, or by using keylogger software and other malware. But what we’ll hear about most is hacker attacks on corporate and government databases, and even databases of non-profit organizations. Just imagine how precious the personal data of a wealthy donor is. Not only can it be sold on the black market for good money but it can also be used in bigger scams such as illegal impersonation or extortion.
- More advanced persistent threats (APT) will be discovered.
Also known as discreet malware, computer worms like Stuxnet are known to infect a system and then gradually perform the actions it was programmed to take – stealing sensitive information from a system or sabotaging industrial activities. It can be used for cyber-espionage and/or hacktivism. In short, cyberwarfare. Noteworthy is that several years can pass before it is discovered. And we’re expecting to hear of more such APTs, either new ones or strains of already known ones.
All the security and privacy threats predicted above may give you a very gloomy feeling about the year we’ve just started. But you can avoid stormy experiences by making sure that you have the best protection installed and letting the security experts help keep you safe online in 2013.
Choose BullGuard’s easy-to-use security products for your devices. Because security is too important to be complicated!