Expect attackers to up their creativity game in 2013
Expect attackers to up their creativity game in 2013

With the growing popularity of new consumer technologies, the face of the information security landscape has changed drastically in recent years. Mobile devices provide users with quick access to data, and internet users are turning more and more to cloud-based applications for online data storage.

Business professionals are also starting to recognize the conveniences of these technologies, and companies are beginning to implement policies that allow for the use of them in the corporate environment. However, as such technologies become more prevalent, the threat to information security becomes more complex.

These threats are documented by the Georgia Tech Information Security Center and the Georgia Tech Research Institute's Cyber Technology and Information Security Laboratory in their annual "Emerging Cyber Threats Report" (PDF) for 2013.

Issued Nov. 14, the report serves as a resource for security professionals in the academic, government and private sectors.

Malicious software, often designed to steal or corrupt sensitive data, is one of the biggest threats to information security. Throughout 2012, numerous high-profile malware attacks were discovered, many of which involved new and sophisticated methods of avoiding detection.

Cari Cistola, cyber researcher, Georgia Tech Research InstituteTwo notable cases were the Flashback and Gauss trojans. Discovered in late 2011 and 2012, these trojans both made use of unique encryption techniques, similar to those used in digital rights management, to bind the processes of the malware to a specific system. When run in a different system, these malware samples would remain inert, complicating automated analysis systems designed to study malware during run-time.

Despite increasingly complex malware variants, researchers have noted that information security trends in 2012 are not all bad. Although mobile malware appears to be growing in the wild, Georgia Tech researchers found that only a small percentage of devices in the United States show evidence of malware infection, perhaps as low as 0.002 percent.

In contrast, many security firms have found evidence of much higher mobile infection rates in foreign countries, such as China and Russia, possibly as high as 40 percent. Comparatively low infection rates in the United States may be a result of well-vetted app stores, which act as a strong preventative measure.

Yet although infection rates for mobile devices in the United States are currently low, researchers have noted that such devices are becoming more complex, and may provide an increasingly attractive target for more creative malware authors.

Mobile malware authors currently emphasize monetization; however, mobile devices have significant capacity for information-gathering functionality. Researchers at the University of Indiana, for example, have already demonstrated a program that is capable of taking opportunistic photos of a user's surroundings, from which a 3-D representation of the room could be built.