2013 in Review: This year’s biggest security, scam, and malware threats
2013 has been an interesting year for the IT security world, with several new types of attacks surfacing, along with the growing popularity of some well-established threat vectors. High profile data breaches this year included Evernote, Adobe, Twitter, Facebook, the Federal Reserve, and even the Department of Homeland Security among many – many others.
As many of you know – the potential impact of a serious security breach on our daily lives has been growing, and will only continue to grow is we increasingly depend on the internet to handle our private data, financial transactions, and personal interactions with the world around us.
Summarizing this year of computer / information security threats – Malwarebytes has released their 2013 Threat Report documenting the most popular attacks used this year, and makes some predictions about what is likely to happen next year.
So what were the biggest security threats we faced this year?
For those of you who don’t know – Ransomware is a form of malware that attempts to lock users out of their system (for example by encrypting files), while claiming they need to take some special action (usually a credit card payment) in order to free the system.
Another form includes what Malwarebytes dubs “assumed guilt” scams – where the ransomware poses as a government agency (like the FBI) and accuses you of some crime (such as software piracy). The malware then demands you “pay a fine” to “make the whole thing go away”.
In an interesting yet beneficial twist of events – you may have heard of this guy who turned himself in for possession of child porn, all because his computer was infected with this type of malware.
Here is the important thing to keep in mind though – in many cases, there is absolutely nothing wrong with your system. Of course you will need to cleanse your system of this malware, and you can use your favorite search engine to find an uninstall guide.
Such malware is normally spread via exploit kits, which can only make it in to your system via compromised websites or other forms of spam. So if you find yourself often under this form of attack, perhaps you should consider cleaning up your surfing habits.
Ransomware has had such a big impact this year, Malwarebytes made a special entry just for the encryption-based variant of this attack type. While the Reveton and Urausy malware groups were some of the biggest players of this past year – they pale in comparison to the damage caused by Cryptolocker.
Cryptolocker is different from other ransomware of this type. For one they actually do encrypt your files, and then demand an exorbitant amount of cash to decrypt your files. A particularly nice touch with this malware is the countdown timer, which claims your unique decryption key will be destroyed within a set time if you do not pay – essentially locking your files forever.
Security professionals are still working on a better solution to this threat. However current antimalware software can already detect and remove the malware, though sadly you will still be unable to decrypt your files. Such is the insidious nature of Cryptolocker.
The best way to protect yourself from this and all other forms of this malware is to keep a regular backup of your files somewhere away from your computer i.e. be proactive. Network drives or external hard drives are not secure enough for this purpose, so you should seriously consider a cloud-based solution instead.
3. Phone Scams
Phone scammers are nothing new, though this seems to be an increasingly popular form of attack when comparing 2013 to previous years. Phone scams work in the same manner as fake antivirus notices, except someone will actually call you up – and then claim your system is full of malware which they will “helpfully” clean up for you for a “small fee”.
The best protection against this type of threat is common sense. A real antivirus / software company is extremely unlikely to call you about malware they have detected on your system. It is even more unlikely that a law enforcement or tech support agency will do something similar, like asking for your password or other access privileges.
For one there are these things called warrants, for two – a real IT support person will never ask you for your password. If they do as standard practice in your company, then you should seriously consider changing your security policies.
4. Mobile malware
This was a development that had been expected for some time, which is not surprising when you consider the growing popularity and sophistication of smart devices. While so far a greater number of attacks and exploits have been detected on the Android platform, there is growing evidence that Apple users are, and will be increasingly targeted in the future.
5. Blackhole Exploit Kit
The Blackhole exploit kit has been the most prevalent method for distributing malware in 2012 and much of 2013. There is good news on this front however, as the creator of Blackhole was arrested in October and as the use of this kit has steadily declined – though it is unlikely to disappear entirely.
6. DDoS Attacks against Banks
Robbing a bank nowadays is very different from what we used to see in the movies, and this new method has so far been quite effective.
Essentially what happens is that the criminals first flood the bank’s systems with massive traffic, and while the IT staff is responding to / distracted by this attack – the attackers then infiltrate the bank network to make off with significant sums of cash.
We can expect more of these attacks in the next year, though we can at least be assured that each attack comes with new lessons learned.
Such a cute name belies the annoyance that this form of “attack” generates. PUPS stands for “Potentially Unwanted Programs” and many of you are probably familiar with this form of computer infiltration.
These are your Toolbars, Search Agents, and Value Finders etc. that find their way on your system via a few seconds on inattention (some technically legal, others definitely malicious). They clog your system, use up computer resources, and generally try to be annoying as possible (e.g. throwing more advertising in your face) – or at the very least attempt to manipulate you into using it.
A recent evolution of PUPs includes a Bitcoin miner, which just seems like an extra slap on the face considering how profitable PUPs generally are already. Technically this type of software is “less harmful” that other types of viruses / malware – but I think we can all agree that the world would be a better place without this type of software.
If there is anything to take away from this list above, it is that knowledge and preparation are the best methods for preventing this type of exploitation. If we can make these types of activities less lucrative (because otherwise why would someone be doing it) – then we can dramatically reduce the number of threats we can and do experience.
Stay safe everyone!