2013: a look at four malware predictions
- — 18 December, 2012 10:51
With the year drawing to a close, security predictions for 2013 are flowing freely. CSO Online Australia has selected a few interesting takes on how malware threats will play out next year.
More nation-state malware to benefit cybercriminals
Two years on from the discovery of Stuxnet, the malware thought to have damaged equipment at an Iranian nuclear facility, the spectre of nation-state malware continues to capture the public imagination.
Further discoveries, such as Flame, Guass and Duqu, and theories that Stuxnet was created by the US and Israeli governments, have spawned questions over what makes cyber-war and what are cyber-weapons. But Microsoft's director of Trustworthy Computing Tim Rains sees another dimension to the debate.
One vulnerability used by Stuxnet helped cybercriminals behind the Sality worm improve their wares and Rains is predicting the “unintended consequences” of these government investments will make cybercriminals lives easier.
“The barriers to entry for criminals to leverage highly sophisticated techniques in their attacks are lowered each time the malware and vulnerabilities that highly skilled professionals develop and use, are discovered. This is likely to amplify the unintended consequences of espionage in the coming years,” says Rains. Microsoft’s data shows that CVE-2010-2568, a Shortcut Icon Loading .LNK vulnerability first used in Stuxnet accounted for “more than 85 percent of operating system exploit detections worldwide in the first half of 2012".
And more of this type of malware is expected, according to Finnish security vendor F-Secure. Citing the “cyber arms race” that is well underway, it predicts more government malware will be leaked from countries not previously thought to have developed these tools.
Ransomware gets a dose of vendor marketing
Does ransomware encrypt victim’s files or is it just a scam that makes victims believe their computer has been locked by law enforcement?
In 2012, two styles of ransomware attacks emerged: one where an attacker hunts a victim, typically a small business, and encrypts their files until a ransom payment is made; another employs local law enforcement logos and locks a victim’s screen. The latter ransomware does not use encryption and is aimed at the general masses.
McAfee conflated the two in an Australian press release last week warning that ransomware will “start to impact Australia” in 2013.
“Ransomware will be prevalent in 2013. It is operated by encrypting files on a victim’s computer which can only be unlocked by paying the criminals a "fine”,” the vendor said, pointing to the recent fake Australian Federal Police ransomware “as an example of this type of attack”.
Fortunately for potential victims, that’s not exactly true. Being hit with a police ransomware screenlock is a sticky situation to get out of, but there are freely available tools from rivals Symantec, F-Secure and Kaspersky.
Malware removal tools won't work for victims that fall prey to an attack of the type that hit a Byron Bay school recently. Its files were actually encrypted.
Symantec has labelled “ransomware the new scareware” and pointed out that although encryption was used in earlier versions of ransomware, the type most consumers face today is a locked screen.
The change that made mass ransomware a more viable model was the emergence of online payment methods, and a common service for police-themed ransomware across Europe and in Australia is UK service Ukash. In the US, the preferred payment system is MoneyPak.
Symantec’s prediction for 2013 is more professional ransom screens.
Malware will probably kill someone
Stuxnet was the first malware to have a physical payload, but that was in a nuclear facility. Toasters, fridges, TVs and pacemakers are coming in to focus as more things become connected to the internet and security observers are predicting a human death.
Security vendor WatchGuard notes that “digitally dealt death is not only possible, it's plausible”, pointing to the recent demonstration by security researcher Barnaby Jack who demonstrated how he could remotely cause a pacemaker to deliver a 830-volt shock.
Josh Corman, director of security at CDN provider Akamai, fears that the world’s dependence on software is growing faster than its ability to protect it.
“If you have a toaster, there’s a certain risk that it will burn your house down. If you put software on it, it’s a vulnerable toaster. If you connect it to the Internet, it’s a vulnerable and exploitable toaster,” he said.
Android malware to grow by how much?
Every vendor with an Android security product is predicting explosive growth in malware for the platform.
According to Lookout, the global likelihood of encountering malware in October 2012 was 0.84 per cent, and based on this it extrapolates that between the beginning of 2012 and the end of 2013, 18 million Android users may encounter mobile malware.
Trend Micro is predicting it will be able to detect around a million variants of Android malware by the end of 2013, up from a projected 350,000 by the end of 2012.
The security vendor does not say much about how it’s calculating its figures, but they’re a lot higher than Fortinet’s count of 55,000.
According to figures by App Brain, there were only around 600,000 Android apps in Google Play by the end of 2012. Of course, it’s possible there are more malicious Android apps outside Google’s official store.
But Trend Micro is not alone in predicting a surge in Android malware. ESET recorded 17 fold increase in Android malware variants -- as opposed to their root families -- in 2012 and predicts that will accelerate next year since it underestimated growth the previous year. The most common threats are premium SMS fraud trojans.
Perhaps the most concerning threat to Android is not the number of variants but the method of infection.
Kaspersky Lab is predicting “drive-by download” threats to emerge for Android next year. Thanks to flaws in popular software like Adobe Flash Player and Oracle’s Java and exploit kits like Black Hole, that method of infection has proved effective on the desktop.
F-Secure predicts Android’s popularity and the commodotisation of mobile malware will ensure similar tools are built to attack Android devices.