The biggest threats of 2013.
Malware has been ever present since the first modems began blinking, but 2013 marked a year in which we’ve seen a wide and varied range of cyber threats, from social engineering to the relatively new trend of ransomware hacks.
Here CBR takes a look at five of the biggest threats to your company.
US police were stunned recently to find all of their data encrypted on their network by Cryptolocker recently.
The new and sophisticated virus is a good example of ransomware, which experts have deemed one of the biggest threats around to company security, because of the lack of defences available against it and the fact that it can be used to extort money.
The Massachusetts force ended up paying two Bitcoins to obtain the key that decrypted their data, at the time equivalent to £832, but the price to pay is arbitrarily set, and could hit SMBs with the recent rise in the value of the virtual currency to more than $1,000.
The reason ransomware is so dangerous, though, is the nature of its disguise: it is nearly always hidden as an innocuous-looking attachment within an email, and once opened pretty much the only available defence is to unplug the infected computer as quickly as possible from the rest of the network.
Socially engineered threats
These are similarly dangerous to ransomware, but target a firm’s weakest link – its employees.
Former hacker Kevin Mitnick slammed anti-virus software‘s inability to cope with such threats at this year’s IP Expo, saying: "You do the attacks surgically. What’s my favourite tool to build my target list? LinkedIn. I can put a company name, search for titles and positions; network engineer, systems administrator, or whoever I want in the company.
"Once that target opens it, game over."
The malware is disguised as an applet or official-sounding document, but spreads throughout the computer system as soon as it’s opened, granting the hacker access to all kinds of data and privileges.
Mobile devices are the perfect way in for hackers looking to gain access to corporate networks. Companies that have allowed the trend of BYOD to grow without proper or properly observed user policies in place might find employees’ own devices becoming a point of entry, with unencrypted corporate data vulnerable from personal use which may involve downloading unsecured or even infected programmes.
The malware targeting smartphones and tablets is similar to those targeting desktops and laptops and consists commonly of Trojans and Trojan-Spies.
One such threat is Obad, which sends messages to premium rate numbers, downloads other malware and uses Bluetooth to jump to other devices.
CBR recently reported that 80 of the top 100 iOS and Android apps are not secure from threats, either, according to Arxan, having been hacked in the last year.
Banks underwent a series of stress tests to see how they would stand up to cyber threats this year as malicious attacks on banks grow more sophisticated.
Banking Trojans such as the Zeus Trojan are incredibly pervasive. Zeus can be distributed through spam messages and records keystrokes to discover passwords to people’s accounts.
A new threat, called Neverquest, was discovered by Kaspersky earlier this year, and is claimed to be able to bypass online banking systems, targeting investment funds.
Yes, that’s right. If you want complete privacy, as a company or an individual, it’s best to turn off your WiFi and unplug your Ethernet cable. The Snowden revelations have taught us that the government is spying on its own citizens. This is certainly true of the US and UK, and may well be the case for other countries besides.
In September, Belgian telecoms firm Belgacom announced that it was hacked. Staff identified an unknown virus affecting a number of servers and computers, with widespread speculation that GCHQ was behind it, in an attempt to get details of the infrastructure of the company.