Last year, the tech world saw a large number of high-profile attacks and data breaches, and security experts say threats will evolve and escalate in the coming year. BYOD, cloud and advanced persistent threats (APTs) remain top of mind for many, and experts agree that those threats will continue to play a significant role in the threat landscape in 2013. But will this finally be the year that mobile malware leaves its mark? What other new threats lay on the horizon?
For years, security experts have predicted the rise of mobile malware, and this year is no exception. Many experts expect mobile threats to escalate in 2013.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in InfoWorld's "Fight Today's Malware" Shop Talk video and Malware Deep Dive Report. | Learn how to secure your systems with InfoWorld's Security Central newsletter. ]
"We will see the first major malware on a mobile platform," Seth Goldhammer, director of product management at LogRhythm, provider of a security information and event management (SIEM) IT platform. "There has already been malware that has made it into the Android Play Store and even Apple's App Store. Given that the large majority of mobile devices run without any type of malware detection, it is inevitable that we are prone for a major, disruptive malware possibly posing as an update for a popular application."
"The BYOD phenomenon--that tablets and smart phones outpace laptops in sales--means it is very likely these devices are participating on corporate networks even though IT may have put up safety guards to prevent their use," Goldhammer adds.
"For enterprises, this means that IT needs greater visibility into how these devices are interacting with the environment and the specific behavior of these devices to recognize when communications alter," Goldhammer says. "A significant deviation in communication patterns may reflect malware spread. If these devices are participating inside the corporate network, this could prove to be very disruptive, not only due to the increase in network activity but malware moving from mobile to standard operating systems."
The popular Android mobile operating system, with its open ecosystem, may prove an especially attractive target to cyber criminals. Trend Micro predicts that the number of malicious and high-risk Android apps will increase three-fold from about 350,000 in 2012 to more than 1 million in 2013, broadly in line with the predicted growth of the OS itself.
"In terms of market share, Android may be on its way to dominating the mobile space the same way that Windows dominated the desktop/laptop arena," Trend Micro notes in its "Security Threats to Business, the Digital Lifestyle and the Cloud: Trend Micro Predictions for 2013 and Beyond" report. "Malicious and high-risk Android apps are becoming more sophisticated. An "arms race" between Android attackers and security providers is likely to occur in the coming year, much as one occurred a decade or more ago over Microsoft Windows."
One particular area of concern is malware that buys apps from an app store without user permission. McAfee points to the Android/Marketpay.A Trojan, which already exists, and predicts we'll see criminals add it as a payload to a mobile worm in 2013.