The top 5 security threats to watch for in 2014

We're already knee-deep in data breaches, and this year also brings the imminent demise of Windows XP support

The year's barely started, and we've already had enough data breaches at major retailers to make a barter economy seem like a good idea. Unfortunately there are yet more security threats to look forward to in 2014. Here are the biggest ones we anticipate.

Mobile malware: The absence of any notoriously successful mobile exploit has lulled users into a false sense of confidence about the level of danger they face. Meanwhile, attackers have had a few years to test the best ways to spread mobile malware.

James Lyne, global head of security research for Sophos, notes that mobile malware is adapting and evolving faster than security tools can learn to detect and evade the threats. Variants are adopting tactics from PC malware--employing encrypted command and control servers, and polymorphism, among other techniques. The perfect storm is on its way.

The Internet of things: Connected devices can make life more convenient, but they also create additional opportunities for the bad guys. If you can access your home security system or baby monitor camera from your smartphone, an attacker may be able to do so as well. Think about that before you rush to connect your car, refrigerator, watch, camera, alarm system, and whatever else.

Virtual currencies under siege: Though they remain a fringe phenomenon, virtual currencies like Bitcoin have achieved a level of success and growth that can't be ignored. Cybercriminals are eager to go after such holdings, so if you own any virtual currency you had better take every possible precaution to keep it safe.

Because virtual currencies are unregulated and anonymous, they enable cybercriminals to collect payments for ransomware threats such as CryptoLocker with less fear of being traced. McAfee Labs predicts that cybercriminals will continue to embrace virtual currencies in the future.

Windows XP: The ancient operating system retains significant market share in the desktop OS category, and it powers a wide spectrum of kiosks and embedded devices. As of April, Microsoft will no longer support Windows XP, which means no more patches and no more security updates. (Microsoft will support Microsoft Security Essentials antimalware protection on Windows XP through July 14, 2015.)

Some security experts believe that attackers are hoarding Windows XP exploits and biding their time until April. Then the gloves will come off, and it will be open season on Windows XP systems. Many software developers will stop updating their Windows XP applications, too, which will provide more opportunities for attackers, and the security software for Windows XP will become a prime target for exploits as well.

More data breaches: The data breaches keep coming, and there's no reason to believe they will subside anytime soon. The Target debacle that closed out 2013 continues to grow in scope as the investigation continues. The original estimate of 40 million has been revised to 110 million, and now additional retailers such as Neiman Marcus are discovering that their customer data storage systems have been breached.

In some areas, such as connected devices and virtual currencies, you may not be able to do much beyond staying vigilant.

As always, you should be cautious about opening file attachments or clicking suspicious links or links from unknown sources. Protect your mobile devices against malware and exploits by using security software. Finally, use two-factor authentication wherever possible, and be sure to set up strong, unique passwords for the various sites and services you visit and rely on, so that a data breach at one site doesn't compromise your entire online identity.

Join the CSO newsletter!

Error: Please check your email address.

Tags sophossecurityphishingmalwareantivirus

More about McAfee AustraliaMicrosoftSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place