5. Cross Platform Botnets
In 2012, FortiGuard Labs analysed mobile botnets such as Zitmo and found they have many of the same features and functionality of traditional PC botnets. In 2013, the team predicts that thanks to this feature parity between platforms, we'll begin to see new forms of Denial of Service (DoS) attacks that will leverage both PC and mobile devices simultaneously.
For example, an infected mobile device and PC will share the same command and control (C&C) server and attack protocol, and act on command at the same time, thus enhancing a botnet empire. What would once be two separate botnets running on the PC and a mobile operating system such as Android will now become one monolithic botnet operating over multiple types of endpoints.
6. Mobile Malware Growth Closes in on Laptop and Desktop PCs
Malware is being written today for both mobile devices and notebook/laptop PCs. Historically, however, the majority of development efforts have been directed at PCs simply for the fact that there are so many of them in circulation, and PCs have been around a much longer time. For perspective, FortiGuard Labs researchers currently monitor approximately 50,000 mobile malware samples, as opposed to the millions they are monitoring for the PC.
The researchers have already observed a significant increase in mobile malware volume and believe that this skewing is about to change even more dramatically starting next year. This is due to the fact that there are currently more mobile phones on the market than laptop or desktop PCs, and users are abandoning these traditional platforms in favour of newer, smaller tablet devices.
While FortiGuard Labs researchers believe it will still take several more years before the number of malware samples equals what they see on PCs, the team believes we are going to see accelerated malware growth on mobile devices because malware creators know that securing mobile devices today is currently more complicated than securing traditional PCs.
Consumer-driven technology like social media has unleashed a new wave of Internet-based applications that can easily penetrate and circumvent traditional network security barriers.
Better known as "Web 2.0" applications, these new Internet-based communications tools like Facebook, Twitter and Skype have spawned a new set of challenges for enterprises seeking to secure their networks against malicious threats and data loss. Allowing employees to access Web 2.0 applications has made enforcing data security policies a far more complex problem. Even worse, many businesses have no way to detect, much less control these new applications, increasing the potential for intentional or accidental misappropriation of confidential information.
Malware and malicious websites can leverage Web 2.0 applications to steal valuable customer information and trade secrets. However, even without these threats, Web 2.0 applications are by design very effective at enabling instantaneous public sharing and display of information. Sometimes, confidential data is sent to the wrong party or accidentally shared with the public - exposing organisations to fines, lawsuits and negative press.
Sign up for CIO Asia eNewsletters.