Ransomware, mobile device attacks, exploit kits and phone scammers who pose as technology giants -- times have moved on from SMS scams and phishing emails telling you you've won the Spanish lottery. Sadly, there's more to come -- and we have to educate ourselves about modern digital threats, or run the risk of losing valuable data and our money.
To summarize the year in threats, Malwarebytes has released the 2013 threat report, documenting the increasing popularity of malware, kits and scams aimed at fooling the average consumer. As we more often now have an online life filled with our data, financial transactions and the use of the Web as a communication link between companies we associate with, each of these branches are potentially ways for cybercriminals to tap into our lives -- and take what they want from us.
But what were the biggest threats we faced this year?
Ransomware is a type of malware that locks computer systems and demands either money or, more recently, Bitcoins in order to unlock the system. These software programs often pose as government agencies, such as the FBI, and accuse computer users of committing a number of crimes -- and the pressure comes from the belief that they may have done something wrong by accident.
This type of malware is usually spread through exploit kits that can be purchased online.
2. Phone scams
In the same manner as fake antivirus notices that tell a user they have malware which needs to be cleaned up -- and you have to pay for software as a result -- the next generation of phone scams appears to be rising. In 2013, the research firm has seen criminals pose as Microsoft, law enforcement and BT, and also pretend they can remove Mac-based malware or are an antivirus firm offering services.
3. Android malware
As mobile device use rose, malware to exploit the technology emerged. A large portion of this specific type of malware consists of SMS trojans -- malicious software that sends premium cost text messages or makes phone calls without the user's permission.
Another threat which has appeared is the Perkle crimeware kit. Posing as an authentication measure for a bank, it requires the scan of a QR code which then downloads malware on to the mobile device. The mobile malware then waits for confirmation texts sent by the bank, intercepts the codes and sends them back to the desktop to gain access to the victim’s bank account.
4. The Blackhole Exploit Kit
In 2012 and 2013, the BlackHole Exploit Kit was a popular method of malware delivery looking to set up drive-by cyberattacks. It hosts an assortment of malware including the Zeus Trojan, ZeroAccess Rootkit and Reveton Ransomware. The kit users define which payload was to be loaded (the malware) and what exploit to use, before hosting the file on a compromised site. Visitors then run the risk of finding themselves downloading malware. The exploit kit is often rented to criminals for a fee.
However, after the alleged creator of the kit, "Paunch," was arrested in October, use of the kit has decreased due to the lack of updates.
5. DDoS attacks against banks
In 2013, a number of baks worldwide were targeted through digital means. The main example that comes to mind took place in August, where a number of U.S. banks were hit with distributed-denial-of-service (DDoS) attacks, in some cases preventing standard service to customers. This also allowed hackers to infiltrate the banking systems and make off with stolen funds.
PUPs -- otherwise known as 'potentially unwanted programs' -- are usually the less harmful cousins of malware. PUPs may include toolbars and search agents; installing software on your system that you don't want or need, and consuming high levels of resources. While usually more of an irritant than harmful, a recent PUP toolbar was found to include a Bitcoin miner.
But what about next year? The security firm believes while ransomware begun to make an appearance in past years, in 2014, the true extent of the damage the malware can cause will become apparent. Ransomware is expected to evolve further, going beyond simple psychological games to tapping into the fear of being accused of crimes and creating times in order to apply pressure for us to separate from our money. Malwarebytes said:
"We will see ransomware making more of a presence on previously less targeted platforms, such as OS X and mobile devices.
However, unlike the end of 2012 and early 2013, we will see fewer cyber gangs using ransomware tactics. For example, there were numerous families in the wild, spreading very similar ransomware but different enough and originating from different sources, while 2014 will most likely have fewer sources but more advanced, and therefore dangerous, malware."
In addition, the company believes that more malicious software and scams will target your smartphones and tablets next year. As mobile devices are now so often used to access the Web, this user trend is unlikely to go into decline. While SMS-based scams are more virulent in countries such as Russia, in the West, we are likely to see a surge in malware that could add your device to botnets for DDoS attacks, or types which save store credentials to purchase apps you do not want.
"In addition, it is not farfetched to think that mobile devices are the next big target for remote access trojans, allowing your phone to become a surveillance camera, microphone and in the case of Bluetooth, a transmission device," the firm says.
Mac operating systems are also expected to become the targets of more cyberattacks.
However, it is not all doom and gloom. Malwarebytes also predicts that due to the leaks released about the National Security Agency (NSA) and their ability to collect, intercept and decrypt all kinds of electronic communication, this is likely to spur the development of new privacy technologies.