What security developments can we expect to see in the coming 12 months?
Alex Balan, head of product management at BullGuard, draws from a deep well of experience and nails his 10 security predictions to the mast. Some are predictable, some are intriguing and others are, well, spine chilling.
It’s devious and destructive and it makes hackers money. Ransomware has been around a while, but because it’s so effective it’s going to be around for a lot longer.
Hackers are, by and large, motivated by money and new opportunities. In fact, the potential for making money is so great that much of this underground activity is also driven by well organised criminal organisations. This means that ransomware such as Cryptolocker, and other new variants, which have been doing the rounds for a few months will continue to be used.
As a hacking technology it’s not ground-breaking but it’s certainly effective. Simply, it encrypts your photos and documents and flashes up a message on your screen telling you that you need to pay a ‘ransom’ to get your computer back. If you don’t then you’ve lost your data and there is little anyone can do to help you.
Even police in the US who were infected by Cryptome actually paid the ransom. It’s a devious method for hackers to lock down your computer and many victims often have no choice but to pay up to retrieve their personal information.
2. Mobile malware
If you’re using a mobile device to do some online banking or shopping you’re going to need some protection.
Mobile malware has been something of a bogeyman in the security industry. Today, that is changing. There is a growing body of evidence that shows concerted attacks on mobile devices, with many aiming to steal personal financial details. This is hardly surprising given the explosive growth in smartphones and tablets. The emergence of Android and iOS as leaders in the mobile operating-system wars, makes life easier for hackers. It also means there is more to steal, with the ability to generate revenue through reversed billed text, calls to premium-rate numbers and banking. Back-door Trojans, which steal data without the victim’s knowledge, and malware that goes after banking login information made up the largest portion of all new mobile malware families in Q2 2013. Mobile malware is no longer a bogeyman. It’s here, now, and is set to grow.
3. Shoring up personal security
Increasing numbers of people will be exploring how they can best protect their online communications from prying eyes.
The recent leaks about the NSA and GCHQ monitoring Internet traffic, email communications and mobile calls, is by far the most important cyber security event in the past year for many reasons. At a personal level, the revelations have certainly increased awareness about the need for personal security.
More and more people are now aware of how important online privacy is and are starting to be more cautious about online behaviour and interactions. Until now, people have generally only taken security actions reactively, typically after something has happened. The NSA and GCHQ revelations are making people realise they need to be proactive. This will lead to a growth in privacy-related technologies that offer users safety for their data and privacy in their communications.
4. Forget me not
With so many ‘old’ systems in place there’s a real risk many will be hacked simply because they are not properly secured.
We’re likely to see more attacks that are successful as a result of a lack of awareness about old software and systems that are full of ‘holes.’ For example, Microsoft XP reaches its end of life early next year and will no longer be supported, which means no more updates even if a security problem is found. This popular but creaking operating system is widely used and how many people know that Microsoft is turning its back on it? Of course, hackers are aware of this and you can bet that there will be many attempts to find new exploits in XP – which means there’s sure to be a lot of people who will fall victim to malware as a result. The same can also be said for any operating system that is not upgraded regularly.
5. The Internet of Things
Computer-controlled appliances are on the rise. The majority of them are not protected. More of them will be hacked.
You may or may not have heard about the ‘Internet of Things’. It’s a term used to describe the increasing computerisation of everyday things and it’s steadily becoming a reality. We already have so many Internet-connected devices such as webcams, CCTV systems, televisions, digital video recorders and even baby alarms. If these devices are not protected they’re vulnerable to attack via the Internet.
You’ve probably already heard of webcams being controlled by hackers but as the Internet of Things gathers pace, there will inevitably be a corresponding rise in hacking activities to take control of these devices. It might sound bizarre, but soon we’ll see fridges, toasters and other devices hooked into the Internet. We’ve even heard of clothes with chips in them that let their owner know they need cleaning. And today’s cars are largely dependent on computers. So, don’t be too surprised when you hear of these things being hijacked by hackers.
6. Back it up
If you lose your virtual life you’ll also struggle in the real world.
Never in the history of humankind has an industry grown so rapidly and so pervasively as technology. It reaches into every corner of our lives and is changing the way we live. Film cameras are a thing of the past, physical bank branches and post offices are becoming ‘quaint’ and well-known retailers have disappeared from the high-street because they didn’t get the online thing.
In fact, online shopping today is as common as storing all our personal information on our computers. But what happens when computers crash, as they sometimes do? You can probably hear the shrieks of horror several miles away. Thankfully, more people are aware of the potential damage and the implications, leading to an increase in back-up technologies, whether this is online or external drives that plug into your computer. Expect the arrival of more back-up services, especially in the online space.
7. Biometric authentication
Computers that won’t fire up until you’ve identified yourself with some form of biometric ID will gradually become mainstream.
Biometric authentication is widely regarded as the most secure form of identity control. Early systems were slow and intrusive but were mainly used for guarding access or restricting physical entry to relatively few users. Today, computers are much faster and cheaper than ever and with new, inexpensive hardware, the interest in biometrics has been renewed. There are several types of biometric authentication in use but because of its convenience and ease of use, fingerprint authentication is becoming the biometric technology of widest choice. Expect to see growing numbers of notebook PCs, mobile devices and computer peripherals coming to market with built-in fingerprint readers and more sophisticated models that read your eye.
8. The deep web gets deeper
Anonymous services ‘hidden’ on the deep web are being targeted by law enforcement. As a result, they’ll respond with even tougher protection.
Law enforcement agencies have scored some significant ‘deep web’ successes the past year, most notably the taking down of the Silk Road web site. Silk Road was notorious for its merchandise; heroin, cocaine, hash, guns, counterfeit currency and so on. Crime busters both sides of the pond are also enlisting the help of intelligence services such as the NSA and GCHQ to crack encryption codes used to mask all sorts of nefarious things on the deep web such as child abuse images.
Inroads will continue to be made into the deep web in 2014 but the odds are that other anonymous deep web services will simply ratchet up their protection and will become even harder to compromise and take down. There’s already been a taste of this trend evident when the FBI shut down file sharing service Megaupload and arrested Kit Dotcom, its founder. A short time later Mega, the son of Megaupload, was launched protected by tough encryption. With Mega, there’s no way to retrieve lost passwords and Mega has no idea what it is hosting, but it’s a certainty that it includes illicit content such as child pornography.
9. Smartphones in the workplace
Think twice about plugging your smartphone into your work computer – you never know what might happen.
You may not realise it, but when you take your smartphone into the workplace and hook it up to the desktop or laptop you work on, you’re committing a security faux pas. If your device has some malware on it and you’re not aware of it, you’ve probably just released it into the company network.
Hackers love breaking into company networks because they are virtual treasure troves. If the hackers are malicious they can simply cause damage, but more often they want to get their hands on things like databases full of customer information which they sell on the dark web.
Because smart phones are now so popular, hackers are targeting them as a means to access corporate networks. We’ll steadily see an increase in this type of activity in the coming year, so it pays to be aware.
10. Service provider hacks
Criminals love a successful ISP hack – it provides them with access to millions of account details. Watch out for more of the same.
When a service provider gets hacked it resonates long and loud. In April this year UK telco giant BT dumped Yahoo as its email provider to six million customers. Customers had been complaining for months that hackers had taken control of their email accounts.
Many hackers break into service provider systems simply to get free broadband, but at the organised crime end of the spectrum it’s done to launch large scale spam and malware attacks. Don’t be surprised to see more ISP hacks in the coming year to hijack email accounts and launch mega-scale spam attacks.