Android malware and cloud abuse among top threats for 2013

Trend Micro also expects more sophisticated malware attacks and more destructive hacktivists

Joining the array of would-be Nostradamuses predicting what 2013 holds for IT, security company Trend Micro has prophesied that the number of malicious and insecure Android apps will triple from 350,000 by the end of this year to more than a million.

Also among the company's predictions in its "Security Threats to Business, the Digital Lifestyle, and the Cloud" report: Cyber criminals will heavily abuse legitimate cloud services; hacktivist attacks will become more destructive; and the increase in computing platforms and devices will lead to threats cropping up in unexpected places.

Trend Micro attributes the anticipated growth in Android malware to the platform's increasing adoption, in the same way Windows has come to dominate the PC world. We've already seen several instances of cyber criminals exploiting the relatively porous Android app market to spread nasty code this past year. Google has made efforts to better secure the Android, adding Bouncer app scanning in February and integrating the feature into "Jelly Bean" later on. However, a recent study out of North Carolina State University found that Android's built-in malware scanner isn't entirely effective; in tests, researchers found that it detected just 20 percent of malicious apps.

The company foresees cyber criminals increasingly exploiting legitimate cloud services in 2013. That would include using blogs, Facebook, and Twitter to transmit commands from command-and-control centers; Google Docs, Dropbox, and Pastebin as drop zones for stolen data; and Amazon EC2 for general maliciousness.

Trend Micro expects more developments: The increase in platforms and devices -- including streaming television on platforms such as iOS, Android, and Windows -- will further complicate security. That's not just bad for consumers but also IT admins who've been struggling to cope with BYOD the past year and beyond. "In yesterday's more uniform computing environment, it was relatively easy to educate users because fewer device types were in use. The same basic advice worked for everyone," says the report. "Today, each mobile platform requires a different approach to security. Similarly, as online activities move away from browsers and toward apps, it is harder to give accurate advice on security and privacy issues."

It may reach a point that users will throw their hands up and surrender, leaving it up to default settings and IT admin intervention to keep systems and data secure.

Trend Micro also prognosticates the following:

  • Rather than seeing a substantial increase in new, conventional malware threats, there will be an increase in the sophistication behind how attacks are carried out. A recent example is the Blackhole Exploit Kit 2.0, a response to successful efforts to block spam created using Blackhole Exploit Kit 1.x.
  • Acts of hacktivism will increase, with attackers not just modifying and destroying data but also causing physical damage to infrastructure. "Such a development can be considered a logical extension of information gathering that different threat actors -- be they loosely affiliated with hacker groups or state-sponsored hackers -- are currently carrying out," says the Trend Micro report.
  • Africa, home of the legendary "419" Internet scam, will become a new safe harbor for cyber criminals as the continent's Internet infrastructure continues to improve. "Enforcing anti-cybercrime laws is difficult even in developed countries. If our research on the Chinese2 and Russian3 underground economies is any indication, cybercrime in Africa may just become a local growth industry," according to the report.

Trend Micro's report can be downloaded for free here.

This article, "Android malware and cloud abuse among top threats for 2013," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow on Twitter.

Copyright © 2012 IDG Communications, Inc.

How to choose a low-code development platform