The overlap between ransomware and mobile security brings us to the next security trend of 2013: mobile malware. The volume of mobile malware has continued to grow exponentially, as cybercriminals try to take advantage of the fertile new territory.
FortiGuard Labs reported that it logged 50,000 malicious Android samples in January 2013--about 500 per day. As of November, that number had spiked to 1500 new malware samples per day.
The trend is alarming, but such reports also seem a bit "the sky is falling" at this point. Security vendors keep telling us that the volume of mobile malware is growing at a distressing pace, yet we haven't really seen a significant malware attack against mobile devices in the real world.
It's only a matter of time, though, before criminals move beyond the testing and proof-of-concept phase, and actually plant a malicious payload. The attack may not be as pervasive or obvious as old-school PC malware, because attackers have learned that flying under the radar and avoiding detection is a more lucrative strategy.
FortiGuard says that it has started to see evidence of a threat called AndroRAT, which attackers can deliver as a Trojan horse buried within an otherwise normal app. The RAT, or remote application tool, enables the attacker to send SMS text messages from the infected smartphone, monitor calls and SMS texts, direct the device's browser to a specific URL, or perform a variety of other actions that could serve either to compromise personal information or to siphon funds from the victim.
We're still waiting for "The Big One," but mobile malware will eventually live up to the hype--probably when users least expect it.
If you didn't already follow the established practice of changing your passwords every few months, 2013 probably left you little choice as sites and services forced users to choose new passwords in the wake of data breaches. Living Social, Evernote, and Adobe all experienced major data breaches in which tens of millions of user accounts were compromised, and passwords were exposed.
"One could argue that 2013 was The Year of Stolen Credentials,'" says Dwayne Melancon, CTO of Tripwire. "According to DataLossDB, the top five largest breaches in 2013 affected about 450 million records--that's a lot of instances of 12345,' password,' and monkey.' The most alarming thing is that many of these stolen passwords were found to have been stored in insecure ways despite plenty of warnings about using strong cryptography."
To cap things off, we found out that Target was the victim of cybercrooks. Between Black Friday and December 15, hackers collected credit card details on about 40 million people who had shopped in person at the popular retail chain.
Sign up for CIO Asia eNewsletters.