The next year will hit you harder than ever before. Based on trends of malware spread, advances in technology and new, cunning methods of attack, 2015 is set up to be one of the most dangerous years for not only your PC but also your mobile devices and cloud storage.
2014 has already shown us how effective the employment of software exploits can be, and based on their common use as a standard in the spreading of malware, we know that the bad guys are focusing a lot of attention on how to make this form of attack even more effective. In addition, our reliance on mobile devices and the ever-growing capabilities they possess make them a shiny target for the bad guys, who are now focusing on not only the attention we give the devices but also the external storage we use to preserve our online lives.
Exploits in 2014 have only increased in number, and attack methods, like malicious advertising, have made it possible for drive-by exploits to hit users wherever they are, not just the shady parts of the net. Our saving grace has been the diligence and creativity of the security community, using anti-virus and anti-malware software to detect new variants of malware and preventing them from getting very far on the system after an exploit has launched.
In an effort to circumvent detection and more complex obfuscation techniques, new types of malware have been created that don’t leave a physical file on the system but rather only run in memory, making it difficult to detect and especially difficult to remove. The security community has countered this threat with the creation of anti-exploit technology, making it more difficult for the exploit to succeed in its attempts to drop malware on the system. In addition, serious changes are being made to our traditional detection engines. These changes are designed to defeat new and upcoming methods of malware infection and will be a major weapon against threats in 2015.
Our mobile devices make our lives easier and do it while we are on the go. We take pictures, have conversations, pay our bills and entertain ourselves, all from these small and powerful devices. Despite this, however, the attitude toward physically and digitally securing our phones will remain the same, with few users making the required effort to do so. This alarming trend among users is made worse by the development of mobile malware that not only copies malware seen on the PC but also works in conjunction with PC malware for a greater payoff.
We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve. Pre-existing phone backup options will make this threat less severe. However, many users still might be willing to pay to get their data back. Despite this, the phone’s storage might not even be the true target with some attacks.
With more people using mobile devices to bank, this platform is becoming more popular for malware authors to exploit. Creating a fake site that looks like a mobile banking site may be a bit easier for malware authors since many legitimate banking sites are limited in their sophistication in order to keep the data processing low. This form of phishing has been seen in droves on the PC side, but not as much with mobile – which will change.
Finally, threats against cloud storage is becoming more important than ever before. This is due to the fact that users are uploading tons of personal data, like images or documents, to cloud storage, a storage mechanism available anywhere in the world. This makes it easy for an attacker to gain access if they are able to compromise the account – accounts which are usually linked to mobile devices. In addition, with the trend of users making purchases, downloading games, songs, movies, etc., through cloud services, the attractiveness of these accounts has increased and we will likely see more of an effort against gamers and video/music streamers in the coming year.
How do we fight back?
2015 will be a wakeup call for users who refuse to accept there are problems that they can solve. All of the security software in the world can be overridden by the careless actions of a user and because of this, knowledge is always going to be the best weapon in the fight against cybercrime.