Firm predicts 2014's "most dangerous" malware trends

Share this article:

As 2013 comes to a close, an anti-fraud company has begun warning enterprises about the most treacherous  malware threats that are likely to strike in the coming year.

On Thursday, Trusteer, an IBM company, published its predictions on the five “most dangerous malware trends” practitioners and end-users should be aware of in 2014.

Threats that made the list were: source code leaks, which continue to hasten malware release cycles; saboteurs using “old school” techniques to bypass newer detection technologies; and the increased use of malware utilizing evasion tactics to stay off researchers' radars.

In addition, Trusteer predicted that fraudsters leveraging account takeovers via victims' devices, as opposed to from their own machines, should be top of mind. Notably, the firm also said that the use of mobile SMS-forwarding malware would become ubiquitous in 2014.

“The capability to forward mobile SMS messages will be a standard feature in virtually all major malware families with standalone SMS forwarding malware readily available,” an infographic highlighting the findings said.

“Mobile SMS verification is rendered all but useless as an out-of-band authentication method. Furthermore, enterprises must be wary of the real potential for SMS communication compromise with the increasing popularity of BYOD,” the firm advised.

On Friday, Amit Klein, CTO of the company, emailed SCMagazine.com and addressed some of the “old school” techniques he believes will be most dangerous in 2014.

“We increasingly see attacks by financial malware which prevents the victims from interacting with the genuine financial site, or reroutes such interaction away from the genuine site very early in the session,” Klein said, naming man-in-the-browser (MitB) style HTML injection and pharming attacks – when  the victim interacts with a “completely spoofed site,” – as attack methods.

“…The upside for the attacker is that by preventing the interaction between the user and the site, the genuine site gets no wind of the attack (at least, of the phase of the attack involving the victim),” Klein continued.

In a blog post on the predictions, Klein further added that the trends showcase the resilient nature of cyber criminals faced with advanced security technologies.

“What's needed is a disruptive approach to security – an approach that addresses the root cause of infections and cyber crime,” Klein said. “This approach will need to respond to new cyber crime techniques in real time, while also providing holistic protection."

Share this article:

Sign up to our newsletters

More in News

Firefox 32 feature could cut undetected malware downloads 'in half'

Mozilla plans to introduce a feature in Firefox 32 that, based on preliminary testing, could cut the amount of undetected malware downloads in half.

EFF asks court to find NSA internet spying a violation of Fourth Amendment

EFF asks court to find NSA internet spying ...

Complete with a colorful graphic, the EFF showed a federal court how the NSA essentially runs a digital dragnet that can pick up innocent Americans.

Study: Asian Android users at higher risk of malware exposure

Cheetah Mobile's new study showed that Asian Android users have a two to three times greater risk of downloading malware onto their devices.