Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Firm predicts 2014’s “most dangerous” malware trends


As 2013 comes to a close, an anti-fraud company has begun warning enterprises about the most treacherous  malware threats that are likely to strike in the coming year.

On Thursday, Trusteer, an IBM company, published its predictions on the five “most dangerous malware trends” practitioners and end-users should be aware of in 2014.

Threats that made the list were: source code leaks, which continue to hasten malware release cycles; saboteurs using “old school” techniques to bypass newer detection technologies; and the increased use of malware utilizing evasion tactics to stay off researchers' radars.

In addition, Trusteer predicted that fraudsters leveraging account takeovers via victims' devices, as opposed to from their own machines, should be top of mind. Notably, the firm also said that the use of mobile SMS-forwarding malware would become ubiquitous in 2014.

“The capability to forward mobile SMS messages will be a standard feature in virtually all major malware families with standalone SMS forwarding malware readily available,” an infographic highlighting the findings said.

“Mobile SMS verification is rendered all but useless as an out-of-band authentication method. Furthermore, enterprises must be wary of the real potential for SMS communication compromise with the increasing popularity of BYOD,” the firm advised.

On Friday, Amit Klein, CTO of the company, emailed and addressed some of the “old school” techniques he believes will be most dangerous in 2014.

“We increasingly see attacks by financial malware which prevents the victims from interacting with the genuine financial site, or reroutes such interaction away from the genuine site very early in the session,” Klein said, naming man-in-the-browser (MitB) style HTML injection and pharming attacks – when  the victim interacts with a “completely spoofed site,” – as attack methods.

“…The upside for the attacker is that by preventing the interaction between the user and the site, the genuine site gets no wind of the attack (at least, of the phase of the attack involving the victim),” Klein continued.

In a blog post on the predictions, Klein further added that the trends showcase the resilient nature of cyber criminals faced with advanced security technologies.

“What's needed is a disruptive approach to security – an approach that addresses the root cause of infections and cyber crime,” Klein said. “This approach will need to respond to new cyber crime techniques in real time, while also providing holistic protection."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.