7 Cyberthreats of 2014

Contributing Writer
Updated

No matter what new technology 2014 brings, you can be sure there will be people who find new ways to twist it to criminal and harmful purposes.

What should you look out for in 2014? California-based anti-virus company McAfee Labs has released a list of predictions for the types of cyberattacks on the horizon. From increased malware attacks on mobile phones to the use of "social attacks" to exploit Facebook, Twitter and other social network users, here are seven things to look out for in the new year.

Mobile malware on the rise

Most people know to protect their computers from malware, but did you know that your mobile phone is just as vulnerable to cyberattacks? Plus, mobile phones often have even more sensitive information than computers, including contact lists, location data and financial information.

MORE: Mobile Security Guide: Everything You Need to Know

Androids are the most vulnerable, since Android is the most popular mobile operating system, and its increased accessibility means it's easier to slip malware past the Google Play app store's radar. But that doesn't mean iOS and Windows devices are off the hook.

Virtual currency makes crooks hard to track

Virtual currencies like Bitcoin, an anonymous and decentralized online exchange system, aren't inherently bad. But it does provide cybercriminals with an easy way to buy and sell illicit goods, as well as extort victims through malicious software such as ransomware.

The Cryptolocker ransomware, for example, encrypts all files on a computer so they can't be read, and then threatens to throw away the decryption key unless victims pay a ransom. By asking that the payment be made in Bitcoins, Cryptolocker's creators have made it harder for anyone to track the payments. It works both ways, though — victims can at least take comfort knowing that, by paying in Bitcoins rather than providing credit card information, they aren't at added risk of fraud.

Continuing arms race between cops and crooks 

The better law enforcement gets at tracking down cybercriminals, the better cybercriminals get at giving cops the slip.

Expect more cyberattacks such as the one on the New York Times website in August, or the many high-profile attacks by "hacktivist" group Anonymous, which often targets companies, groups or even countries that it dislikes. The Sochi Olympic Games present a particularly attractive target for hackers looking to make a splash, McAfee predicts.

Other types of cutting-edge attacks that will appear in 2014 include self-deleting malware that covers its tracks, and malware that can "possess" a legitimate application and turn it to the criminals' purposes.  

Attacks over social networks

The huge userbases of popular social networks like Facebook, Instagram, Twitter and LinkedIn make them prime targets for cybercriminals. Whether it's guessing a single user's password in order to access his or her contacts, or creating a false account to spam or harass others, criminals need only a little technological savvy and a bit of luck to do some serious damage.

McAfee predicts an increase in "reconnaissance attacks," in which competitors spy on each other via social media networks, as well as "false flag" attacks, in which criminals use tricks such as a fake "change your password" alert to hoodwink users into revealing sensitive account information.

HTML5 exploits threaten PCs

Mobile malware might be first on the threat list, but criminals haven't forgotten about PCs. McAfee predicts that criminals will increasingly target HTML5, a new language for creating and organizing website content. Though HTML5 is becoming popular in part because it's more secure than Adobe Flash, it's far from perfect, and it's more than likely cybercriminals will begin to focus their efforts on finding flaws in HTML5 and applications created with it.

McAfee also predicts new types of PC attacks that target different levels of the computer's infrastructure such as the storage stack and the BIOS, which function at a lower level than the computer's operating system. Security solutions will have to be built into a computer's hardware to combat these threats, McAfee predicts.

Using big data to track threats

A huge part of what security software does involves managing "blacklists" of known threats, and "whitelists" of known trusted applications. But as the world of information security becomes more complex, these solutions now need to think in shades of gray.

"Big data" refers to methods of analyzing and organizing huge quantities of data, such as a database comprised of millions of individuals' account information. To keep track of the companies and programs you can trust and the ones you can't, security companies like McAfee will need to use "big data" methods to keep their protection up to date.

Your cloud data is vulnerable  

Many individuals and companies rely on cloud services to sync their files and digital accounts across multiple devices. The cloud network makes storage and communication a whole lot easier, but it also presents yet another point of access for cybercriminals, and an increasingly lucrative one at that.

Cybercriminals aren't the only threats associated with the cloud either; sometimes the cloud companies themselves can cause problems for the users who trust them to store their data. What happens, for example, if your cloud service provider goes out of business? Is it obligated to return your files to you? Who owns a file in the first place — the person who created it or the company who holds it in storage?

MORE: Review: 7 Cloud Storage Services

When using cloud storage systems, be sure to read the user agreements closely so you know exactly what you're getting into. It doesn't hurt to keep physical backups on an external hard drive or other memory storage device as well.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.