Firm predicts 2014's "most dangerous" malware trends

Share this article:

As 2013 comes to a close, an anti-fraud company has begun warning enterprises about the most treacherous  malware threats that are likely to strike in the coming year.

On Thursday, Trusteer, an IBM company, published its predictions on the five “most dangerous malware trends” practitioners and end-users should be aware of in 2014.

Threats that made the list were: source code leaks, which continue to hasten malware release cycles; saboteurs using “old school” techniques to bypass newer detection technologies; and the increased use of malware utilizing evasion tactics to stay off researchers' radars.

In addition, Trusteer predicted that fraudsters leveraging account takeovers via victims' devices, as opposed to from their own machines, should be top of mind. Notably, the firm also said that the use of mobile SMS-forwarding malware would become ubiquitous in 2014.

“The capability to forward mobile SMS messages will be a standard feature in virtually all major malware families with standalone SMS forwarding malware readily available,” an infographic highlighting the findings said.

“Mobile SMS verification is rendered all but useless as an out-of-band authentication method. Furthermore, enterprises must be wary of the real potential for SMS communication compromise with the increasing popularity of BYOD,” the firm advised.

On Friday, Amit Klein, CTO of the company, emailed SCMagazine.com and addressed some of the “old school” techniques he believes will be most dangerous in 2014.

“We increasingly see attacks by financial malware which prevents the victims from interacting with the genuine financial site, or reroutes such interaction away from the genuine site very early in the session,” Klein said, naming man-in-the-browser (MitB) style HTML injection and pharming attacks – when  the victim interacts with a “completely spoofed site,” – as attack methods.

“…The upside for the attacker is that by preventing the interaction between the user and the site, the genuine site gets no wind of the attack (at least, of the phase of the attack involving the victim),” Klein continued.

In a blog post on the predictions, Klein further added that the trends showcase the resilient nature of cyber criminals faced with advanced security technologies.

“What's needed is a disruptive approach to security – an approach that addresses the root cause of infections and cyber crime,” Klein said. “This approach will need to respond to new cyber crime techniques in real time, while also providing holistic protection."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.