Perspectives Newsletter

Winter 2013

Articles In This Issue

Have you had a data breach?

If you have any questions about our resources or any topics related to Experian Data Breach Resolution, please contact us at databreachinfo@experian.com or call 1 866 751 1323.

5 Cyber Threats to Combat in 2013

Does the New Year mean new cybercrime threats?  Very likely, it does.

Cyber attacks continue to rise at an astronomical pace – increasing 42 percent in 2012 from the previous year, according to a recent study.1 And, IT security experts have no reason to believe that it’ll slow down. On the contrary, most experts believe cyber attacks will not only grow in frequency, but will also become more sophisticated. Here’s a list of five threats that are expected to become more widespread this year. 

1. Search History Poisoning

Researchers believe cyber criminals will move beyond plain-vanilla search engine poisoning into the more nefarious search history poisoning.2 Search engine poisoning occurs when attackers manipulate a search engine’s algorithms to control the search results. Criminals often do this to get their own websites or clients’ websites on the front page of a search. Now that cyber criminals have mastered search engine poisoning, search history may be next. With search history poisoning, criminals or politicians can manipulate a victim’s search history using cross-site request forgery. The attacker benefits because the manipulated history can become part of a user’s online profile so whereever that person goes online the forged history follows regardless of what device is used. Again, the motive is to change what the victim reads online and is often used by governments that want to censor what their citizens read. This type of manipulation can also be used on social media sites, such as Facebook and Twitter, to falsely create an impression that there are many viewpoints to a certain post or that something is popular, when in reality, one person is manipulating the algorithms.  

2. Even More Vicious Malware

Look for malicious software developers to become more aggressive, making their malware extremely difficult for automated systems to detect.3 Researchers expect malware developers to harden their software with techniques similar to those used in Digital Rights Management (DRM), which locks malware to infected systems. Malware attackers are also honing their abilities to compromise Mac operating systems and mobile devices.

3. Cloud-Based Botnets

Computer infrastructure in the cloud – if not properly secured – can not only jeopardize data, but can also be used to quickly create a “zombie army” – also known as botnet. A zombie is a computer robot or “bot” that affects the Internet or “net.” Botnets are set up to forward transmissions (including spam or viruses) to other computers on the Internet. Botnets can be programmed to direct an army of transmissions to a website so much so that it shutdowns down the site. That’s what happens in distributed denial of service attacks (DDoS), such as the ones directed at many U.S. banks last year. The purpose was to shut down the banks’ websites and thus disrupt their business. Another example would be for a zombie master to send a botnet in the form of spam to rip-off consumers and make money off of them.

4. Ransomware

Ransomware, which aims to extort money, is rising in popularity. Most ransomware poses as  police activity.4 In these incidents, the attacker claims to be from a law enforcement agency and accuses the victim of visiting illegal websites. The attacker then locks the victim’s computer and issues a “fine” to unlock the device. But when victims pay, they don’t always get their system restored and ransomware usually leaves other malware on their computer. Ransomware has also been used to extort money from wealthy individuals just like old fashioned bribery. And once again, when the victims pay, they don’t always get what they were promised.

5. Mobile Browsers/Wallets

With the rapid growth of smartphones, security experts expect cyber criminals to capitalize on both user-and technology-based vulnerabilities in these devices. Look for criminals to find ways to infiltrate the browser and the digital wallet apps on smartphones and other mobile devices.

These are just some of the threats that are expected to dominate the cyber universe this year. But if your organization is aware of the emerging trends and takes a proactive approach, then cyber attackers are more likely to leave your company alone and go after organizations that may be easier to infiltrate.

 

1 2012 Cost of Cyber Crime Study: United States.

2 Georgia Tech Emerging Cyber Threats Report for 2013

3 Georgia Tech Emerging Cyber Threats Report for 2013

4 McAfee Threats Report, Third Quarter 2012

  • © 2014 Experian Information Solutions, Inc. All rights reserved.