McAfee's comprehensive 2014 security report, released at the end of December, goes beyond rehashing the same set of threats in ever-increasing volume to instead reflect the impact of digital currencies, NSA leaks and social media. Going through the report, one thing becomes eminently clear: We are in no way prepared for what's coming in 2014.
I'll cover the report's main elements, but I suggest you read it thoroughly yourself - perhaps after a couple glasses of good brandy.
Expect a Mobile Malware Tsunami
At a McAfee event in 2012, I watched then-CTO Mike Fey demonstrate how to take over an iPhone or Android phone. He actually caused the Android phone to self-destruct by overclocking it to fail remotely.
This was unprecedented. Since then, mobile devices have become even bigger targets. While security has increased from source vendors, it hasn't kept up and, in fact, is falling further and further behind, according to McAfee. The report concludes that attacks will increase sharply in 2014 - particularly those designed to expropriate data without being detected. Such attacks grew a whopping 33 percent in 2013, while PC attacks were flat, showing that malware creators have largely shifted to more-vulnerable mobile operating systems.
Virtual Currencies Will Fuel New Crimes
While the section of the report on virtual currencies focuses on ransomware, there are broader implications to this trend. Virtual currencies are believed to be untraceable — which in theory makes them ideal for funding criminal activities, including blackmail, kidnapping and even assassinations (though that was recently proven untrue).
According to McAfee's report, we can expect an increase in ransomware, which disables PCs and servers and can be removed only by paying a ransom. The same is true for similar crimes that McAfee doesn't track. Crimes that require a payoff currency source that can't be traced will rise. If you use a digital currency, it may only be a matter of time before law enforcement simply assumes that you're a crook.
Attackers Include U.S. Government, Organised Crime
While the report doesn't focus specifically on the NSA disclosures, it does indicate that governments, including our own, are doing incredibly invasive things that are virtually impossible to detect. Some attacks compromise legitimate applications, making them behave like malware; others go well beyond PCs and smartphones, with targets such as industrial control systems or other systems tied to keeping national infrastructure operating. Both private and public systems are in their crosshairs.
Social Networks, PCs, Servers Increasingly Vulnerable
Social attacks will increase sharply, largely focusing on getting answers to security questions, capturing passwords or committing identity theft. This information will be used to create virtual or real-world crimes against individuals, companies and even governments. Companies, too, are expected to increasingly use this tactic to penetrate competitors to learn about new products, steal ideas, poach employees and otherwise gain strategic and tactical advantages.
Sign up for Computerworld eNewsletters.