New cyber threats predicted for 2013

Whether it’s putting a fresh twist on old cons or exploiting new technologies, scammers seem to get more creative every year. Thankfully, researchers are also putting their heads together to figure out what threats lie ahead — and how we can thwart them. Experts including the Better Business Bureau (BBB) and security company Symantec are already warning about threats we can expect in the not-so-distant future.

Here are some their predictions for 2013.

More malicious mobile apps. Cybercrime gives a whole new meaning to the catchphrase “there’s an app for that.” You think you’re downloading a fun game or useful application, but you could be downloading malware instead. This past fall, several organizations have warned about an increasing amount of malicious apps showing up in marketplaces such Google Play. (Including mobile security company TrustGo’s Summer Mobile Mayhem Report.)

The problem is likely to get worse, experts say. After all, mobile devices are becoming more common — and so too will attempts to compromise them. Your best defense? Only download apps that you trust and keep your information to yourself.

Malicious mobile ads. And you thought pop-up ads were annoying! Aggressive mobile adware or “madware” not only disrupts your experience, it can give away your personal information, location and device data. These ads can “sneak” onto your mobile device through the free apps you download, say experts.

And it’s perfectly legal. After all, advertising networks can legitimately collect certain information in order to tailor ads to your interests. Unfortunately, the experts at Symantec say we can expect to see more madware as developers and advertisers monetize their free apps. Not everyone who collects your information is interested in ad revenue – sometimes your information can fall into the wrong hands.

Mobile wallet vulnerabilities. Remember we told you about Near Field Technology (NFC) in our post about the first mobile payment app in Canada? It’s the technology that lets your mobile device “communicate” with another device such as a store’s point of sale terminal.

It’s convenient for customers — and for criminals too. The BBB warns that NFC could allow crooks to scan stored payment information on your device without you even realizing it. Once again, it pays to look into security features and be informed about the technology you are using.

Counterfeit QR codes. We’ve all heard the warnings about not clicking on suspicious links in emails because they could send us to a fraudulent website or download malware to our computers. Now a counterfeit quick response (QR) code can do the same thing on your mobile device.

Where might you encounter one? Experts warn that counterfeit QR codes can be affixed over legitimate bar codes to dupe mobile users. For example, a crook could print a sticker and cover up a legitimate QR code on a poster or sign – and after scanning the QR code with their phone, victims could be redirected to an infected website, or a phishing site. The fake codes are almost impossible to detect, so experts say to consider using a QR reader that can check a website’s reputation before visiting them.

Crooks exploiting the cloud and mobile. You can bet consumers and businesses aren’t the only ones making use of new technology. Experts warn that mobile platforms and cloud services will be the next target of cyber crooks as they become even more popular.

For example, experts predict that mobile security infrastructure will be pushed to the limits in 2013 because more and more people are using smart phones or tablets to access the internet. Symantec warns that mobile browsers aren’t properly handling SSL certificates (which help verify websites and ensure the secure transfer of data). Worse yet, many of us are connected to the internet via apps we use, opening up even more security loopholes.

Cloud-based botnets. “The cloud” lets us do all kinds of interesting things such as store data and build networks. Where you find information and connections, you’ll also find criminals. Imagine hackers purchasing cloud-based computing power and using these virtual networks to send out massive amounts of spam.

Now imagine them using stolen credit card numbers from phishing scams to fund these spam-bots — and you can see why experts are worried. (ComputerWorld.com has a good overview of some recent research in this area.)

Search history poisoning. We rely on search engines to help us find information online, and fraudulent websites aren’t supposed to show up in results thanks to how search engines “rank” pages. Clever crooks have figured out how to get around those rankings — but that’s not the worst of it.

Researchers at Georgia Tech warn that search history manipulation will be next. Here’s how it works: hackers manipulate your search results so that fraudulent sites show up. These search results are part of your “online profile” thanks to cookies. Because a fraudulent site is in your search history, it’s more likely to appear again and again in your searches. You can’t escape it by switching to another computer, and it’s immune to many security measures.

More malicious ransomware. If you’ve heard about scareware or ransomware, you already know these scams involve “freezing” your computer and then requiring you to pay a fee to get it unlocked. Even if you pay the money, chances are your computer won’t be fixed. The malware requires a computer expert to fix.

Many people are getting wise to this scam, so experts warn that criminals may up their tactics in 2013. That could mean more emotional manipulation, “harsher tactics” and the use of malware that is even more difficult for IT professionals to fix, says Symantec.

Social networking scams. People aren’t just using social networking sites to play games and stay connected. Now they’re spending real money on virtual goods in games and buying real gifts for their friends. Where money in changing hands, you can bet crooks want a piece of the action.

Experts predict that scammers are already planning phishing attacks via social networking sites and other scams such as fake gift notifications. You might not look too closely at a request asking for your address but not your payment information, but any personal details could be used to create a profile about you that hackers could use to access other websites.

A rise in cyber conflict. Cyber espionage and cyber attacks aren’t just the realm of fiction, say experts — they’re quickly becoming the norm. According to Symantec, “Nations or organized groups of individuals will continue to use cyber tactics in an attempt to damage or destroy the secure information or funds of its targets.” Consider it a new way for people to “send a message” and demonstrate their power.

If that idea doesn’t already have you shifting uncomfortably in your seat, remember that cyber conflict doesn’t just involve countries. Experts warn it can involve organizations and individuals if “hactivists” don’t agree with their politics and policies. Consider the recent example of Anonymous targeting the Westboro Baptist Church over its plans to picket Newtown vigils — a move which was followed up by another hacker compromising a church supporter’s Twitter account.

We realize the above predictions can be unsettling, to say the least. Remember, they are just predictions — but can you bet if researchers can prove a cyber tactic is possible, chances are crooks will figure it out too. We may not be able to prevent every threat that comes our way, but we can still be cautious online and use some common sense.

Sources: Better Business Bureau, ComputerWorld.com, IT Lex, Symanetec’s Top 5 Security Predictions for 2013

– – By Elizabeth Rogers
Photo ©iStockphoto.com/ Zmeel Photography

READ MORE