Malware is always changing, adapting, being rewritten and re-released in a seemingly infinite number of ways, with the express intention of making your life difficult – and making the writers or owners of the code as much money as possible. Security threats have increasingly come from new directions and that won’t change in 2013, as exploits of popular applications, increasingly sophisticated phishing attacks, malware, and scams targeting our love of social networks and photo sharing, and threats associated with viewing online videos grow.
“Internet security violators in 2012 ranged from teen ‘hacktivists’ to Big Data companies, foreign governments, and corporate employees,” says Simon campbell-Young, CEO of Phoenix Distribution. “The threats will just keep on coming this year. As long as there is digital technology and money, cybercriminals will attempt to use one to get their hands on the other.”
According to research and predictions from leading security vendors such as Kaspersky and Symantec, the volume of advanced malware that evades signature-based detection increased by almost 400 percent in 2012, and attackers will continue to remain a step ahead of traditional defences. “Organisations must rethink their IT security architecture and implement appropriate security measures to prevent advanced cyber attacks such as zero-day attacks and advanced persistent threats (APTs). Since on-premise IT infrastructure is more likely to be attacked than cloud-based infrastructure, this is more important than ever,” says Campbell-Young.
In addition, cybercriminals are increasingly targeting mobile devices. “Cybercriminals are changing their tactics to target fast growing mobile platforms and social networks where consumers are less aware of security risks,” says Campbell-Young. “According to research, more than one in six mobile apps have high-risk code that can compromise user security, and 44 percent of adults aren’t aware that security solutions for mobile devices exist. The integrity of mobile apps can be easily compromised through new tampering/reverse-engineering attack vectors, so mobile device owners must be increasingly aware of these vulnerabilities.”
He adds that the Bring Your Own Device (BYOD) trend is fuelling the vulnerabilities on mobile devices. “Attackers are beginning to launch so-called ‘blended attacks’ involving the exploitation of employees’ phones. Cybercriminals are going to the Android Marketplace, pulling down an app, building a backdoor into it and selling it in another Android app store for a lower price. Or they’ll take the backdoor, grab an icon from an application someone wants to buy, and sell it in another app store for a lower price. While it’s typically harder to sneak an app into Apple’s App store, it can be done.”
According to Campbell-Young, awareness is your first and best tool. “Antivirus, anti-malware and anti-spam tools are just that: tools to help you remove any infection or threat. Apart from the traditional methods of detecting and blocking particular malware samples based on their signatures, new, smart techniques are constantly being developed to block even previously unknown exploits or those that utilise newly discovered, or ‘zero-day’, software vulnerabilities, but staying aware is the first step to keeping the cyber criminals at bay.”