G Data 2014 eCrime outlook: football fans, smart devices and cloud services to be targeted
Experts give their security predictions for the coming year
December is the time to take a look back at the subject of eCrime. The year was marked by a dramatic increase in Android malware, a large quantity of dangerous computer malware and sophisticated eCrime campaigns. Next year, G Data expects this trend to continue and assumes that the amount of new computer malware programs will keep increasing. In the opinion of G Data experts, one of the major events in the cyber crime calendar will be the forthcoming Football World Cup in Brazil in 2014. In the run-up to and during this major sporting event, there could be a dramatic increase in targeted fraud, malware and spam campaigns. Premium rate SMS fraud will be of less significance for new Android versions because of the security mechanisms introduced. Perpetrators will be focusing on the theft of personal data and the construction of mobile botnets instead. G Data has drawn up five predictions for next year.
From an eCrime perspective, 2014 will be the year of mobile data theft. This is because fraud involving expensive premium rate services is becoming more complicated with the increasing distribution of new Android versions. For this reason we expect smartphone botnets to be built, for distributing SMS spam for example," explains Ralf Benzmüller, head of G DATA SecurityLabs. "Next year, football fans will be firmly in the sights of cyber criminals again. We are expecting targeted spam and fraud campaigns, with offers of fake tickets for example."
The trend towards the "Internet of Things" means that more and more devices and appliances, such as televisions or heating systems, are connected to the Internet. In the experts' view, this will also be a call to action for cyber criminals: "New fraud tactics will be developed for this. The perpetrators will try to find security holes in the systems that they can exploit for attacks." Automatic infections – when visiting a website for example – are not yet technically possible with Android devices. Benzmüller predicts that the criminals will develop new attack methods for infecting devices using the Google operating system with malware, e.g. by launching an app or when visiting a website.
Premium rate SMS fraud will be in decline
G DATA assumes that incidents of fraud involving expensive premium rate SMS messages will decline next year, as mobile devices with Android 4.2 or later become more and more prevalent in the market. These versions of the operating system contain a security feature that prevents premium rate message fraud. In the opinion of G DATA experts, the criminals will primarily focus on the theft of personal data, e.g. contacts and messages, and will continue to press ahead with the construction of smartphone botnets.
Cloud storage services as a gateway for malware
Dropbox and other storage services in the cloud are popular among users for backing up or storing data. To criminals, such services are worth cash. G DATA experts have already seen attacks aimed at intercepting data this year. In 2014, the German IT security provider expects to see attacks in which criminals are not only spying on data in hacked accounts, but are also placing malware there camouflaged as PDF, image or text files. These will then be able to infect PCs via manual or automated downloads. Such attack methods will be seen mainly in the business environment.
Football World Cup
The Football World Cup in Brazil will be a tempting target for cyber criminals. Among other things, the perpetrators will launch spam campaigns including fake offers for match tickets, cheap flights and accommodation, and spectacular live streams, to lure football fans into traps.
Smart devices as a security risk
Many devices and appliances, such as heating systems, televisions, lighting systems or fridges, are online these days and can be controlled via apps or directly over the Internet. In the coming year smart TVs and the like will be increasingly in the sights of criminals as they try to manipulate them.
Trend towards dynamic code loading
In 2014, cyber criminals will be making the detection of malware programs harder. They will be increasingly looking to cloud technology as a means of concealing assaults, carrying out website attacks or loading malware dynamically onto infected PCs. G DATA has already seen these tactics used this year by banking Trojans. In these cases, data on the websites to be attacked was not a fixed component of the malware code – instead it was dynamically loaded from the cloud. The attackers were being more flexible and could disguise the attacks better.