View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 16, 2013updated 26 Aug 2016 4:50pm

Five of the biggest malware threats

The biggest threats of 2013.

By Joe Curtis

Malware has been ever present since the first modems began blinking, but 2013 marked a year in which we’ve seen a wide and varied range of cyber threats, from social engineering to the relatively new trend of ransomware hacks.

Here CBR takes a look at five of the biggest threats to your company.

Ransomware

US police were stunned recently to find all of their data encrypted on their network by Cryptolocker recently.

The new and sophisticated virus is a good example of ransomware, which experts have deemed one of the biggest threats around to company security, because of the lack of defences available against it and the fact that it can be used to extort money.

The Massachusetts force ended up paying two Bitcoins to obtain the key that decrypted their data, at the time equivalent to £832, but the price to pay is arbitrarily set, and could hit SMBs with the recent rise in the value of the virtual currency to more than $1,000.

The reason ransomware is so dangerous, though, is the nature of its disguise: it is nearly always hidden as an innocuous-looking attachment within an email, and once opened pretty much the only available defence is to unplug the infected computer as quickly as possible from the rest of the network.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

Socially engineered threats

These are similarly dangerous to ransomware, but target a firm’s weakest link – its employees.

Former hacker Kevin Mitnick slammed anti-virus software‘s inability to cope with such threats at this year’s IP Expo, saying: "You do the attacks surgically. What’s my favourite tool to build my target list? LinkedIn. I can put a company name, search for titles and positions; network engineer, systems administrator, or whoever I want in the company.

"Once that target opens it, game over."

The malware is disguised as an applet or official-sounding document, but spreads throughout the computer system as soon as it’s opened, granting the hacker access to all kinds of data and privileges.

Mobile malware

Mobile devices are the perfect way in for hackers looking to gain access to corporate networks. Companies that have allowed the trend of BYOD to grow without proper or properly observed user policies in place might find employees’ own devices becoming a point of entry, with unencrypted corporate data vulnerable from personal use which may involve downloading unsecured or even infected programmes.

The malware targeting smartphones and tablets is similar to those targeting desktops and laptops and consists commonly of Trojans and Trojan-Spies.

One such threat is Obad, which sends messages to premium rate numbers, downloads other malware and uses Bluetooth to jump to other devices.

CBR recently reported that 80 of the top 100 iOS and Android apps are not secure from threats, either, according to Arxan, having been hacked in the last year.

Banking malware

Banks underwent a series of stress tests to see how they would stand up to cyber threats this year as malicious attacks on banks grow more sophisticated.

Banking Trojans such as the Zeus Trojan are incredibly pervasive. Zeus can be distributed through spam messages and records keystrokes to discover passwords to people’s accounts.

A new threat, called Neverquest, was discovered by Kaspersky earlier this year, and is claimed to be able to bypass online banking systems, targeting investment funds.

Government agencies

Yes, that’s right. If you want complete privacy, as a company or an individual, it’s best to turn off your WiFi and unplug your Ethernet cable. The Snowden revelations have taught us that the government is spying on its own citizens. This is certainly true of the US and UK, and may well be the case for other countries besides.

In September, Belgian telecoms firm Belgacom announced that it was hacked. Staff identified an unknown virus affecting a number of servers and computers, with widespread speculation that GCHQ was behind it, in an attempt to get details of the infrastructure of the company.

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU