When Websites Attack - Windows threats like Cryptolocker and ZeroAccess get all of the attention, but malware targeting (Linux) Web servers continues to evolve Malware became even smarter, stealthier, and shadier in 2013, according to the latest Sophos Threat Report. Nowhere was this more evident than in the use of the Web as a vector for spreading malware to unsuspecting users.
Sure, the payloads -- from the disruptive Cryptolocker ransomware to the silent but deadly ZeroAccess botnet -- were more sophisticated this past year, but the unsung "heroes" of cybercrime are the 20,000 to 30,000 new malicious URLs that come online each day. Those malicious URLs -- 80 percent of which are on compromised, legitimate websites, according to a SophosLabs estimate -- can serve a number of purposes. That coordination, and the delivery of the payloads, is handled by exploit kits. Hosting the exploit kits are infected Web servers. For organizations, the implications are clear. More Insights. Labs Forecasts Growth in Mobile Ransomware and Security-Aware Attacks in 2014 | McAfee Online Newsroom. McAfee Labs today released its annual 2014 Predictions Report, analyzing 2013 trends through its proprietary McAfee Global Threat Intelligence (GTI) service to forecast the threat landscape for the coming year.
In 2014, McAfee Labs expects to see the rapidly growing mobile platform draw the lion’s share of threat innovation. Ransomware is expected to proliferate on mobile devices, as virtual currencies such as Bitcoin fuel the growth of ransomware across all platforms. Attacks using advanced evasion techniques will come of age, with enhanced capabilities to identify and bypass some sandboxing and other local security measures. Social platforms will be used more aggressively to target the finances and personal information of consumers, and the intellectual property and trade secrets of business leaders.
McAfee Labs foresees the following trends in 2014: 1. 2. 3. 4. 5. 6. 7. For a full copy of the 2014 Predictions Report from McAfee Labs, please visit: About McAfee Labs. 7 Cybersecurity Risks for 2014. With each new year, comes a new round of cybersecurity risks. To help businesses best prepare for the year ahead, risk mitigation and response solutions firm Kroll has identified seven trends that indicate a changing tide in cyber standards. These changes will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks. "Most organizations have invested in preventative security technologies, but remain unprepared to launch an effective response to a leak or intrusion," said Tim Ryan, a Kroll managing director and Cyber Investigations practice leader.
"Without the right tools and policies in place beforehand, they find themselves suddenly under intense pressure to investigate, track and analyze events. " Kroll predicts that the new cybersecurity issues for 2014 will include: "Companies should know who they are giving their data to and how it is being protected," Ryan said. 8 Security Habits Putting Businesses at Risk. Security breaches are detrimental to any business. In addition to the financial costs involved, a tarnished reputation is difficult to overcome — and customer trust is undoubtedly tough to regain once personal information has been compromised. To prevent breaches, security measures must meet all sorts of regulations, such as those set forth by federal and state laws and by industry organizations. For instance, all businesses need to comply with Payment Card Industry (PCI) standards to securely accept credit card payments and keep their customers' information safe.
Privacy guidelines also govern emails, personal data and other types of information that must remain secure. Nonetheless, no small business is perfect. . [3 New Cyberthreats You Don't Know About Yet] 1. In small businesses, technical expertise is generally not deep. 2. Many small companies believe their size means they are immune to break-ins, IP theft or other issues; they may feel only bigger organizations will be targeted. 3. Cybersecurity is for the C-suite, 'not just the IT crowd' By Clay Dillow FORTUNE -- "Ninety-seven percent of Fortune 500 companies have been hacked," says Peter W. Singer, "and likely the other 3% have too, they just don't know it. " Such is the less-than-rosy picture painted by Singer -- director of the Center for 21st Century Security and Intelligence at D.C. think tank Brookings Institution and bestselling author of 2009's Wired for War -- and co-author Allan Friedman in the opening pages of their new book Cybersecurity and Cyberwar: What Everyone Needs to Know (Oxford University Press).
It's not the most optimistic introduction to cybersecurity that one might hope for, but following a banner year for massive data breaches within both the U.S. government and private industry, an honest appraisal of the cybersecurity landscape is particularly appropriate. "This is now a very real problem, one that we have to recognize, that we have to manage," Singer says in a conversation with Fortune. That same gap exists in the public policy world. 7 Cybersecurity Risks for 2014. Www.sophos.com/en-us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf. 2014: The year of encryption. 9 January 2014Last updated at 19:05 ET By Paul Rubens Technology reporter Companies are under pressure in the current environment to make sure their encryption is up to scratch "The solution to government surveillance is to encrypt everything.
" So said Eric Schmidt, Google's chairman, in response to revelations about the activities of the US National Security Agency (NSA) made by whistle-blower Edward Snowden. Schmidt's advice appears to have been heeded by companies that provide internet-based services. Microsoft, for instance, says it will have "best-in-class industry cryptography" in place for services including Outlook.com, Office 365 and SkyDrive by the end of the year, while Yahoo has announced plans to encrypt all of its customers' data, including emails, by the end of the first quarter of 2014.
For many smaller businesses too, 2014 is likely to be the year of encryption. Diamonds and paperclips Keeping the regulator happy 'Back doors' Continue reading the main story “Start Quote. The 5 mobile technologies to watch in 2014 | Mobile Technology. Credit: iStockphoto Take a step back from your iPad, iPhone, Galaxy, or whatever for a moment. What you hold in your hand today should undergo serious improvements in 2014, given the groundwork laid in 2013. For some people, taking advantage of those improvements will mean getting new devices, but many current device owners -- especially those who bought Apple's latest models -- will access them in what they already own. 1. 64-bit appsiOS 7 debuted with the 64-bit Apple A7 processor in the iPhone 5s, iPad Air, and iPad Mini with Retina display.
Apple's Xcode 5 IDE allows creation of 64-bit apps from existing code, so the iOS world will see 64-bit apps become common in 2014. After Apple debuted the A7 in September, several Android smartphone makers said they too would ship 64-bit devices, likely using a recent ARM reference design. 2. 3. Instead, they're location-specific points of contact. Seven technology predictions for 2014. The year 2014 will be where current trends will accelerate the transformation already underway in how we consume information and do business and live. Organisations will need to evaluate their information strategy to take advantage of the emerging opportunities. Here are seven trends to consider in the New Year: Trend # 1 – the era of personal cloud The cloud has exploded in popularity over the past few years, as companies exhaust backup, storage, network, security, and management systems.
Consumer awareness of cloud storage is now increasing and usage is following suit. Despite concerns that many industries have about cloud storage ability and their willingness to keep information secure, consumers will have little choice but to keep more information on these systems as opposed to their hard drives. The push for more personal cloud technologies will shift toward services and away from devices. For 2014: Consider how personal and organisational cloud will interact for your business. Biggest security threats in 2014. Sophos released its latest Security Threat Report on 10 December 2013, predicting a greater focus from cybercriminals on high quality and convincing phishing and social engineering. The report outlines the significant changes in cyber-criminal behavior over the course of last year and a forecast for their preferred methods of attack in 2014.
“This year cyber criminals continued the theme of professionalization of their ‘industry’, offering easy to buy and use services that amplified the scale of cybercrime to never before seen levels,” said Sophos. “While many security experts are aware of the high level trends, few have recognized their significance” said James Lyne, global head of security research at Sophos. “If 2013 has taught us anything, it is that traditional security controls are struggling. These new behaviors are forcing the industry to adapt and change, and widely held best practices must be reconsidered.” Trends to Watch in 2014 Websense 2014 security predictions More on security. Five predictions for information security and cybercrime in 2014 | Media Network | Guardian Professional.
Ransomware attacks – where victims are asked to pay a ransom in the guise of a fine – will continue to rise in 2014. Photograph: Nicholas Rigg/Getty Images Eugene Kaspersky, chairman and CEO, Kaspersky Lab Fragmentation of the internet: 2014 is likely to become the year when fragmentation of the internet will become fully visible. The loss of international trust in the field of global communications that has followed Edward Snowden's disclosures will result in the emergence of more cyber-borders and new parallel secure networks. The new networks will be run by governments to protect their communications and national infrastructure from any sort of foreign intrusion.
This will increase the security and reliability of cyber-infrastructure, but also siphon resources away from public initiatives and global internet projects and businesses, and ultimately possibly pose a threat to the very existence of the borderless internet as we know it today. Marcin Kleczynski, CEO, Malwarebytes.