With devices such as smartphones and tablets becoming ever more prevalent, malicious parties now have more ways to steal data. And with many users slow to adopt security measures for their new devices, it’s more important than ever to be aware of the nature of new threats.
Looking back at 2012’s tech developments, threat evolution and statistics on consumer behaviour, here are my top five threats for 2013 to help users stay safe.
1. More mobile malware than ever before, Android the main target
With Android’s popularity booming – it is now globally the most popular operating system for smartphones and tablets with over 1 million new devices activated daily – we can expect to see it being targeted in increasing numbers in 2013. Due to Android’s open-source nature it’s easier for cybercriminals to find and exploit platform flaws, and at the same time Android apps can be put up for download on third-party stores that are poor at screening apps for suspicious behaviour.
Google Play, the official Android app store, has struggled with security issues in the past and recent research shows that Google’s App Verification Service in the latest Android version, Jelly Bean, detects just 15.32% of known malware compared to existing third-party apps from dedicated mobile security companies.
As Android users will look for more apps to download and make their mobile lives easier and more fun, in 2013 they are more likely to run into malicious software and to get infected if they only rely on Google’s security measures.
2. Mobile adware will become more aggressive, flooding notification bars and invading user privacy
Smartphone and tablet users love “free” apps, but in order to produce them, developers often turn to adware in order to raise the necessary funds. Around 90% of all free Android apps come bundled with adware, which often sends pop-up ads to the notification bar.
The more aggressive kind can add icons, change browser settings and even legitimately (since an app requires certain permissions to be granted by the users before installing them) collect private information such as: email addresses, device IDs, your location, browsing habits, and even phone numbers.
This information can then be sent to remote servers belonging to ad networks who can use this data for targeting purposes. While not necessarily malicious, this ad behaviour is highly invasive and next year we expect advertising companies to push even more in-app ads while trying to find ways to counter any privacy-related complaints.
3. Malware privacy breaches will make headlines and the online privacy debate will go to higher peaks
2012 saw a new type of malware enter the stage of data-snatching – the image-snaffling Trojan, which uploads .jpg, .jpeg and .dmp files from infected systems to a remote FTP server. Stolen images can be used in targeted attacks on important individuals for purposes such as blackmail and identity theft.
If, up to now, privacy advocates have been advising web users to be careful about the photos they share on social networks, in 2013 users should also be mindful of the images they have stored on their machines and look for ways to properly secure them. In particular, apps that allow photos to be automatically uploaded to online accounts such as Facebook should be treated with particular care.
Additionally, expect to see private data-harvesting social apps such as Facebook and Instagram, stealthy automated man-in-the-middle attacks and targeted attacks based on user information (IP, location, language, personal interests) gathered from various online media.
4. Online fraud remains rampant
All types of real-life fraud have moved to the online world. Clairvoyant scams, charity donations, fake auctions, lottery scams, fake work-from-home job offers and fake freebies are all ways for cybercriminals to con people by exploiting emotional weaknesses.
In 2013 we’re expecting to see more of one particular type of online fraud – ransomware, which combines malicious code creation with scaremongering. Usually a Trojan, ransomware is designed to restrict access to an infected system and demand that a ransom be paid to the creator of the malware in order for the restriction to be removed.
Some forms encrypt files on the system’s hard drive, while others may simply lock the system and display messages to coax the user into paying via Ukash, PaySafe or other payment methods. We’re also expecting Social Media to become the main channel to deliver most of the online fraud, phishing attempts and viruses. With more and more people joining social networks, the pool of potential victims only gets larger.
5. Mobile shopping on the rise, but not risk-free
Smartphones have become indispensable items with a multitude of useful functions and features. One of these is online shopping, and it’s easy and convenient to use your phone as an e-wallet to pay for things or go online and buy a gift for a friend and immediately have it shipped to them. As convenient as that may sound, mobile shopping is not risk-free. In 2013 mobile hacks will be rampant, mobile payment systems compromised and more Wi-fi networks exploited by criminals.
While the threats described above may sound alarming, it’s fairly straightforward for users to ensure that they are protected from these types of attacks. Being aware of the threats that exist is a good start, but this must be combined with vigilance on the part of the user in terms of protecting their personal information, and of course investment in a good mobile security suite for a handheld will prevent many of these attacks from manifesting in the first place. And if there is any doubt over the true nature of a message or the behaviour of an app or website, ignore it or contact the authority in question or your internet security provider to clear up the issue.