2013: a look at four malware predictions

With the year drawing to a close, security predictions for 2013 are flowing freely. CSO Online Australia has selected a few interesting takes on how malware threats will play out next year.

More nation-state malware to benefit cybercriminals

Two years on from the discovery of Stuxnet, the malware thought to have damaged equipment at an Iranian nuclear facility, the spectre of nation-state malware continues to capture the public imagination.

Further discoveries, such as Flame, Guass and Duqu, and theories that Stuxnet was created by the US and Israeli governments, have spawned questions over what makes cyber-war and what are cyber-weapons. But Microsoft's director of Trustworthy Computing Tim Rains sees another dimension to the debate.

One vulnerability used by Stuxnet helped cybercriminals behind the Sality worm improve their wares and Rains is predicting the “unintended consequences” of these government investments will make cybercriminals lives easier.

“The barriers to entry for criminals to leverage highly sophisticated techniques in their attacks are lowered each time the malware and vulnerabilities that highly skilled professionals develop and use, are discovered. This is likely to amplify the unintended consequences of espionage in the coming years,” says Rains.

Microsoft’s data shows that CVE-2010-2568, a Shortcut Icon Loading .LNK vulnerability first used in Stuxnet accounted for “more than 85 percent of operating system exploit detections worldwide in the first half of 2012".

And more of this type of malware is expected, according to Finnish security vendor F-Secure. Citing the “cyber arms race” that is well underway, it predicts more government malware will be leaked from countries not previously thought to have developed these tools.

Ransomware gets a dose of vendor marketing

Does ransomware encrypt victim’s files or is it just a scam that makes victims believe their computer has been locked by law enforcement?

In 2012, two styles of ransomware attacks emerged: one where an attacker hunts a victim, typically a small business, and encrypts their files until a ransom payment is made; another employs local law enforcement logos and locks a victim’s screen. The latter ransomware does not use encryption and is aimed at the general masses.

McAfee conflated the two in an Australian press release last week warning that ransomware will “start to impact Australia” in 2013.

“Ransomware will be prevalent in 2013. It is operated by encrypting files on a victim’s computer which can only be unlocked by paying the criminals a "fine”,” the vendor said, pointing to the recent fake Australian Federal Police ransomware “as an example of this type of attack”.

Fortunately for potential victims, that’s not exactly true. Being hit with a police ransomware screenlock is a sticky situation to get out of, but there are freely available tools from rivals Symantec, F-Secure and Kaspersky.

Malware removal tools won't work for victims that fall prey to an attack of the type that hit a Byron Bay school recently. Its files were actually encrypted.

Symantec has labelled “ransomware the new scareware” and pointed out that although encryption was used in earlier versions of ransomware, the type most consumers face today is a locked screen.

The change that made mass ransomware a more viable model was the emergence of online payment methods, and a common service for police-themed ransomware across Europe and in Australia is UK service Ukash. In the US, the preferred payment system is MoneyPak.

Symantec’s prediction for 2013 is more professional ransom screens.

Malware will probably kill someone

Stuxnet was the first malware to have a physical payload, but that was in a nuclear facility. Toasters, fridges, TVs and pacemakers are coming in to focus as more things become connected to the internet and security observers are predicting a human death.

Security vendor WatchGuard notes that “digitally dealt death is not only possible, it's plausible”, pointing to the recent demonstration by security researcher Barnaby Jack who demonstrated how he could remotely cause a pacemaker to deliver a 830-volt shock.

Josh Corman, director of security at CDN provider Akamai, fears that the world’s dependence on software is growing faster than its ability to protect it.

“If you have a toaster, there’s a certain risk that it will burn your house down. If you put software on it, it’s a vulnerable toaster. If you connect it to the Internet, it’s a vulnerable and exploitable toaster,” he said.

Android malware to grow by how much?

Every vendor with an Android security product is predicting explosive growth in malware for the platform.

According to Lookout, the global likelihood of encountering malware in October 2012 was 0.84 per cent, and based on this it extrapolates that between the beginning of 2012 and the end of 2013, 18 million Android users may encounter mobile malware.

Trend Micro is predicting it will be able to detect around a million variants of Android malware by the end of 2013, up from a projected 350,000 by the end of 2012.

The security vendor does not say much about how it’s calculating its figures, but they’re a lot higher than Fortinet’s count of 55,000.

According to figures by App Brain, there were only around 600,000 Android apps in Google Play by the end of 2012. Of course, it’s possible there are more malicious Android apps outside Google’s official store.

But Trend Micro is not alone in predicting a surge in Android malware. ESET recorded 17 fold increase in Android malware variants -- as opposed to their root families -- in 2012 and predicts that will accelerate next year since it underestimated growth the previous year. The most common threats are premium SMS fraud trojans.

Perhaps the most concerning threat to Android is not the number of variants but the method of infection.

Kaspersky Lab is predicting “drive-by download” threats to emerge for Android next year. Thanks to flaws in popular software like Adobe Flash Player and Oracle’s Java and exploit kits like Black Hole, that method of infection has proved effective on the desktop.

F-Secure predicts Android’s popularity and the commodotisation of mobile malware will ensure similar tools are built to attack Android devices.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

Tags Androidcybercriminalsransomwaremalware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts