During 2012, cyber security incidents included: theft of public and private intellectual property, hacktivism, ransomware, malware targeting mobile devices and a surge of other malware: Black Hole Rootkit and Zero Access Trojan. What will we see in 2013? Below is a brief summary, listed in no particular order, of several threats and trends we can expect this year.
Mobile Devices in the Enterprise
As the use of mobile devices grew in 2012, so too has the volume of attacks targeted to them. Every new smart phone, tablet or other mobile device provides another opportunity for a potential cyber attack. Many enterprises have incorporated these devices into their networks. In some cases, organizations are allowing employees to “Bring Your Own Device” (BYOD). This increases the cyber security risks for an organization particularly if it does not have control over the employee’s personal mobile device. Risks include access to corporate email and files, as well as the ability for the mobile device apps to download malware, such as keyloggers or programs that eavesdrop on phone calls and text messages.
New capabilities, such as NFC (Near Field Communication), will be on the rise in 2013 and will increase the opportunities for cyber criminals to exploit weaknesses. NFC allows for smart phones to communicate with each other by simply touching another smart phone, or being in close proximity to another smart phone with NFC capabilities or an NFC device. This technology is being used for credit card purchases and advertisements in airports and magazines, and will most likely be incorporated into other uses in 2013. Risks with using NFC include eavesdropping— through which the cyber criminal can intercept data transmission, such as credit card numbers—and transferring viruses or other malware from one NFC-enabled device to another.
Ransomware is a type of malware that is used for extortion. The attacker distributes malware that will take over a system by encrypting the contents or locking the system; the attacker then demands money from the victim in exchange for releasing the data and/or unlocking the system. Once payment is delivered, the attacker may or may not provide the data or access to the system. Even if access is restored, the integrity of the data is still in question. This type of malware and delivery mechanism will become more sophisticated in 2013.
Social Media Use of social media sites has grown beyond just sharing personal information, such as vacation photos and messaging. These sites are being increasingly used for advertising, purchasing and gaming. For 2013, attackers will look to exploit this volume and variety of data being shared to credentials or other Personally Identifiable Information (PII), such as social security numbers.
Attacks carried out as cyber protests for politically or socially motivated purposes, or “just because they can” have increased, and are expected to continue in 2013. Common strategies used by hactivist groups include denial of service attacks and web-based attacks, such as SQL Injections. Once a system is compromised, the attacker will harvest data, such as user credentials, to gain access to additional data, emails, credentials, credit card data and other sensitive information.
The key to safeguarding your business is regular monitoring and putting key security tools in place. Union Bank & Trust has several fraud management tools to help you protect your business from fraud. Contact a Treasury Management professional for more information.