Mobile attacks top the list of 2013 security threats

Last year, the tech world saw a large number of high-profile attacks and data breaches, and security experts say threats will evolve and escalate in the coming year. BYOD, cloud and advanced persistent threats (APTs) remain top of mind for many, and experts agree that those threats will continue to play a significant role in the threat landscape in 2013. But will this finally be the year that mobile malware leaves its mark? What other new threats lay on the horizon?

Mobile Threats

For years, security experts have predicted the rise of mobile malware, and this year is no exception. Many experts expect mobile threats to escalate in 2013.

"We will see the first major malware on a mobile platform," Seth Goldhammer, director of product management at LogRhythm, provider of a security information and event management (SIEM) IT platform. "There has already been malware that has made it into the Android Play Store and even Apple's App Store. Given that the large majority of mobile devices run without any type of malware detection, it is inevitable that we are prone for a major, disruptive malware possibly posing as an update for a popular application."

"The BYOD phenomenon--that tablets and smart phones outpace laptops in sales--means it is very likely these devices are participating on corporate networks even though IT may have put up safety guards to prevent their use," Goldhammer adds.

"For enterprises, this means that IT needs greater visibility into how these devices are interacting with the environment and the specific behavior of these devices to recognize when communications alter," Goldhammer says. "A significant deviation in communication patterns may reflect malware spread. If these devices are participating inside the corporate network, this could prove to be very disruptive, not only due to the increase in network activity but malware moving from mobile to standard operating systems."

The popular Android mobile operating system, with its open ecosystem, may prove an especially attractive target to cybercriminals. Trend Micro predicts that the number of malicious and high-risk Android apps will increase three-fold from about 350,000 in 2012 to more than 1 million in 2013, broadly in line with the predicted growth of the OS itself.

"In terms of market share, Android may be on its way to dominating the mobile space the same way that Windows dominated the desktop/laptop arena," Trend Micro notes in its Security Threats to Business, the Digital Lifestyle and the Cloud: Trend Micro Predictions for 2013 and Beyond report. "Malicious and high-risk Android apps are becoming more sophisticated. An "arms race" between Android attackers and security providers is likely to occur in the coming year, much as one occurred a decade or more ago over Microsoft Windows."

One particular area of concern is malware that buys apps from an app store without user permission. McAfee points to the Android/Marketpay.A Trojan, which already exists, and predicts we'll see criminals add it as a payload to a mobile worm in 2013.

"Buying apps developed by malware authors puts money in their pockets," McAfee Labs suggests in its 2013 Threats Predictions report. "A mobile worm that uses exploits to propagate over numerous vulnerable phones is the perfect platform for malware that buys such apps; attackers will no longer need victims to install a piece of malware. If user interaction isn't needed, there will be nothing to prevent a mobile worm from going on a shopping spree."

McAfee also has concerns about the near-field communications (NFC) capabilities that are appearing on an increasing number of mobile devices.

"As users are able to make "tap and pay" purchases in more locations, they'll carry their digital wallets everywhere," McAfee Labs says. "That flexibility will, unfortunately, also be a boon to thieves. Attackers will create mobile worms with NFC capabilities to propagate (via the "bump and infect" method) and to steal money. Malware writers will thrive in areas with dense populations (airports, malls, theme parks, etc.). An NFC-enabled worm could run rampant through a large crowd, infecting victims and potentially stealing from their wallet accounts."

McAfee also reports that malware that blocks mobile devices from receiving security updates is likely to appear in 2013.

Mobile Ransomware

Ransomware-in which criminals hijack a user's capability to access data, communicate or use the system at all and then forces the user to pay a ransom to regain access-spiked in 2012 and is likely to keep growing in 2013, says McAfee.

"Ransomware on Windows PCs has more than tripled during the past year," McAfee Labs reports. "Attackers have proven that this 'business model' works and are scaling up their attacks to increase profits."

McAfee Labs says it expects to see both Android and Apple's OS X as targets of ransomware in 2013 as ransomware kits, similar to the malware kits currently available in the underground market, proliferate.

"One limitation for many malware authors seeking profit from mobile devices is that more users transact business on desktop PCs than on tablets or phones," McAfee Labs says. "But this trend may not last; the convenience of portable browsers will likely lead more people to do their business on the go. Attackers have already developed ransomware for mobile devices. What if the ransom demand included threats to distribute recorded calls and pictures taken with the phone? We anticipate considerably more activity in this area during 2013."

AlienVault, provider of a unified security management solution, agrees, "We will see new ransomware tactics in 2013 as a result of the poor economy and the success of this type of attack (reportedly, cybercriminals raked in $5 million using ransomware tactics in 2012)."

Windows Still a Target

On the Windows front, Trend Micro reports that Windows 8 will offer consumers key security improvements-especially the Secure Boot and Early Launch Anti-Malware (ELAM) features&#8212. However, enterprises are unlikely to see these benefits in the coming year. Analysts from research firm Gartner believe most enterprises won't begin to roll out Windows 8 in large numbers until 2014 at the earliest.

McAfee suggests that attackers targeting Windows of all varieties will expand their use of sophisticated and devastating below-the-kernel attacks.

"The evolution of computer security software and other defenses on client endpoints is driving threats into different areas of the operating system stack, especially for covert and persistent attackers," McAfee Labs says.

"The frequency of threats attacking Microsoft Windows below the kernel are increasing. Some of the critical assets targeted include the BIOS, master boot record (MBR), volume boot record (VBR), GUID Partition Table (GPT) and NTLoader," McAfee Labs says. "Although the volume of these threats is unlikely to approach that of simpler attacks on Windows and applications, the impact of these complex attacks can be far more devastating. We expect to see more threats in this area during 2013."

HTML5 Creates a Greater Attack Surface

This year will see continuing adoption of HTML5. McAfee notes that it provides language improvements, capabilities to remove the need for plug-ins, new layout rendering options and powerful APIs that support local data storage, device access, 2D/3D rendering, web-socket communication and more. While HTML5 offers a number of security improvements-McAfee believes there will be a reduction in exploits focused on plug-ins as browsers provide that functionality through their new media capabilities and APIs-it also suggests the additional functionality will create a larger attack surface.

"One of the primary separations between a native application and an HTML application has been the ability of the former to perform arbitrary network connections on the client," McAfee Labs says. "HTML5 increases the attack surface for every user, as its features do not require extensive policy or access controls. Thus they allow a page served from the Internet to exploit WebSocket functionality and poke around the user's local network."

"In the past," McAfee reports, "this opportunity for attackers was limited because any malicious use was thwarted by the same-origin policy, which has been a cornerstone of security in HTML-based products. With HTML5, however, Cross Origin Resource Sharing will let scripts from one domain make network requests, post data, and access data from the target domain, thereby allowing HTML pages to perform reconnaissance and limited operations on the user's network."

Destructive Attacks

Experts also expect a rise in destructive attacks in 2013 by hacktivists and state actors.

"In 2013, we will see further destructive attacks (cybersabotage and cyberweaponry) on utilities and critical infrastructure systems," says Harry Sverdlove, CTO of security firm Bit9. "We saw Shamoon wipe out the systems of a major oil company in the Middle East, and that company's cybersecurity was no more lax than comparable companies in the United States or Europe. We know the bad guys have the ability to disrupt these systems, all they need is motive."

LogRythm's Goldhammer agrees: "We should also expect to see an increase in nation state attacks and hacktivism. It might be hard for some people to believe that we'll see an increase in 2013 after so many well-documented and publicized attacks, but I expect we'll see hacktivists take much more aggressive measures."

While earlier attacks may have just embarrassed a country or company via website defacement or exposing their databases publicly, Goldhammer says he expects that to change: "I can see splinter cells of hackers take more aggressive means to cripple networks or corrupt data, or use ransom tactics, in order to financially punish or tactically weaken. In 2012, more and more evidence shows nation states using malware or using exploits to gain information or to attack infrastructure. In 2013, I expect to see headlines talking about a growing number of nation states building exploits against each other, both for data retrieval, data corruption and damage to infrastructure."

McAfee and Trend Micro both concur.

"Destructive payloads in malware have become rare because attackers prefer to take control of their victims' computers for financial gain or to steal intellectual property," McAfee Labs says. "Recently, however, we have seen several attacks-some apparently targeted, others implemented as worms-in which the only goal was to cause as much damage as possible. We expect this malicious behavior to grow in 2013."

"Whether this is hacktivism taken to a new level, as some claim, or just malicious intent is impossible to say, but the worrying fact is that companies appear to be rather vulnerable to such attacks," McAfee adds. "As with distributed denial of service (DDoS) attacks, the technical bar for the hackers to hurdle is rather low. If attackers can install destructive malware on a large number of machines, then the result can be devastating."

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline and on Facebook. Email Thor at

Read more about security in CIO's Security Drilldown.

Join the CSO newsletter!

Error: Please check your email address.

Tags advanced persistent threatTechnology TopicsmobilemalwareBYODAPTAppleTechnology Topics | Securityhacktivismmobile malwareinformation securitysecuritymobile securitylegalransomwarecybercrime

More about AppleFacebookGartnerIT SecurityLogRhythmMcAfee AustraliaMicrosoftNFCOriginTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts