Bochum (Germany), December 17, 2012 – At the end of the year experts at G Data SecurityLabs are taking a moment to look both back and forward at IT security, attacks and cyber crime. In 2012, online criminals were opting for particularly intelligent malware and delivering more on quality rather than quantity. G Data expects a continuation of this trend next year and presumes that the perpetrators will also continue to target attacks on companies and institutions. To do so, they will also be exploiting the private mobile devices of employees who have access to the company network as an attack vector. In 2013, the security experts also see the perpetrators targeting users of mobile devices and Mac users to a greater extent. Malware for Apple computers has long been out of the testing stage. Furthermore, exploit kits are increasingly being mass-produced; there is no longer any need for expert knowledge to use them. With regard to the cyber war that is so often talked of, G Data can give an all-clear signal: spyware attacks, yes - cyber war, no! G Data has summarised all the trends and forecasts for next year in the IT Security Barometer for 2013.
"There has been yet another increase in targeted attacks on companies and institutions, and we must count on this happening next year too, as this is an extremely lucrative eCrime business model. The perpetrators are also using new attack vectors to do this, accessing employees' mobile devices in a targeted way and thus gaining access to sensitive company data, for example," explains Ralf Benzmüller, head of G Data SecurityLabs. "We are seeing another interesting development with exploit kits. These make computers even easier to attack, as whole packages that just need to be deployed can be purchased on the black market. No expert knowledge is needed to do so any more."
IT Security Barometer for 2013
2013 - the year of cyber war or just cyber panic?
Cyber war has been mentioned again and again in connection with Stuxnet, Flame or Gaus. However, the G Data expert believes that talk of a cyber war is misplaced. "Anyone speaking of a cyber war is misguided. This is a matter of specific espionage activities, not a war. Talking of cyber warfare is an exaggeration," says Ralf Benzmüller. "It is more accurate to say that, in a military dispute, appropriate Special Forces are set up in every army, to protect their own IT infrastructure and fend off potential attackers."
Targeted attacks on companies and institutions will increase next year. However, the perpetrators are not only targeting large companies. There will also be an increase in attacks on small companies in the coming year, as these are also good targets for the attackers.
With the growing use of private mobile devices in company networks for the purposes of "bring your own device", smartphones, tablets, notebooks and netbooks are becoming ideal attack vectors for criminals. They can use such devices to get hold of confidential company data and gain access to the company network.
Mac malware out of the test phase
G Data expects a higher occurrence of malware for Apple operating systems next year, specifically intended for stealing money and spying on personal data. "The time for testing is over for Mac malware. Cyber criminals are ready for action," explains Ralf Benzmüller. The expert sees the limited awareness of malware among Mac users as a benefit for the attackers.
Smart TVs: attack on the living room
Web-enabled televisions continue to be on the rise. In G Data's opinion, cyber criminals will exploit this development and smart televisions will find themselves to be targets for online and malware attacks next year. This might involve victims being spied on via the integrated webcam and the microphone. Another possibility for the security experts is the infiltration of popular malware via supposed firmware updates, as a cover for malicious code.
Mobile malware on the rise
Next year, the amount of malware developed specifically for tablets and smartphones with an Android operating system will continue to increase. G Data expects that vulnerabilities in the browser platforms will be found and exploited for attacks, and that users may thus be attacked while surfing. Furthermore, the attackers will continue to focus on social engineering to infiltrate mobile devices with malicious apps.
Security holes as a gateway
The number of exploits will continue to grow next year. In this regard, G Data is registering more and more exploits, which just need to be deployed by the perpetrators, offered for sale on the black market. Exploit kits also enable less experienced cyber criminals to manipulate websites and deliver any malware to visitors to the site. The criminals rely on out-of-date Java versions and software vulnerabilities to do so. Also, newly discovered security holes in software programs are quickly adopted in the exploit kits.