Symantec takes a look at the significant trends through the year that went by and shares predictions on what they expect will happen in the world of cyber security for the coming year. One of the key forecasts is that ransomware will be the premiere cybercrime strategy in the coming year.  

A recap of the year 2012 saw the emergence of spammers taking advantage of major calendar events (The New Year, Valentine’s Day, Olympic games and Diwali) to target potential victims. Globally, Information Services, Banking and Ecommerce were the top three sectors which has organisations spoofed in phishing attacks consistently through the year. In May 2012, all phishing attacks on Indian brands targeted the banking sector - with 1 in 4 using a .IN domain. Another trend that came through was emerging cities facing the risk of cyber-attacks with a sizeable 25 percent of bot-infected computers coming from cities like Chandigarh, Bhubaneshwar, Surat, Cochin, Jaipur, Vishakhapatnam and Indore.

Anand Naik, MD-Sales, India and SAARC, Symantec shares his predictions:

Cyber conflict becomes the norm

In 2013 and beyond, conflicts between nations, organisations, and individuals will play a key role in the cyber world.

Espionage can be successful and also easily deniable when conducted online. Any nation state not understanding this has been given many examples in the last two years. Nations or organised groups of individuals will continue to use cyber tactics in an attempt to damage or destroy the secure information or funds of its targets. In 2013, we will see the cyber equivalent of saber rattling, where nation states, organisations, and even groups of individuals use cyber-attacks to show their strength and “send a message.”

Additionally, we expect more attacks on individuals and non-government organisations, such as supporters of political issues and members of minority groups in conflict. This type of targeting is currently seen when hacktivist groups are aggravated by an individual or company.

Ransomware is the new scareware

As fake antivirus begins to fade as a criminal enterprise, a new and harsher model will continue to emerge. Enter ransomware.

Ramsomware goes beyond attempting to fool its victims; it attempts to intimidate and bully them. While this “business model” has been tried before, it suffered from the same limitations of real life kidnapping: there was never a good way to collect the money. Cybercriminals have now discovered a solution to this problem: using online payment methods. They can now use force instead of flimflam to steal from their targets. As it is no longer necessary to con people into handing over their money, we can expect the extortion methods to get harsher and more destructive.

In 2013, attackers will use more professional ransom screens, up the emotional stakes to motivate their victims, and use methods that make it harder to recover once compromised.

Madware adds to the insanity

Mobile adware, or “madware,” is a nuisance that disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cybercriminals. Madware—which sneaks onto a user device when they download an app—often sends pop-up alerts to the notification bar adds icons, changes browser settings, and gathers personal information.

In just the past nine months, the number of apps including the most aggressive forms of madware has increased by 210 percent. Because location and device information can be legitimately collected by advertising networks—as it helps them target users with appropriate advertising—we expect increased use in madware as more companies seek to drive revenue growth through mobile ads. This includes a more aggressive and potentially malicious approach towards the monetisation of “free” mobile apps.

Monetisation of social networks introduces new dangers

As consumers, we place a high level of trust in social media—from the sharing of personal details, to spending money on game credits, to gifting items to friends. As these networks start to find new ways to monetise their platforms by allowing members to buy and send real gifts, the growing social spending trend also provides cybercriminals with new ways to lay the groundwork for attack.

Symantec anticipates an increase in malware attacks that steal payment credentials in social networks or trick users into providing payment details, and other personal and potentially valuable information, to fake social networks. This may include fake gift notifications and email messages requesting home addresses and other personal information. While providing non-financial information might seem innocuous, cybercriminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.

As users shift to mobile and cloud, so will attackers

Attackers will go where users go, and this continues to be to mobile devices and the cloud.

It should come as no surprise that mobile platforms and cloud services will be likely targets for attacks and breaches in 2013. The rapid rise of Android malware in 2012 confirms this.

According to the India findings of the 2012 State of Mobility Survey, there is an uptake in mobile applications across organisations with half of Indian enterprises at least discussing deploying custom mobile applications and one-third currently implementing or have already implemented custom mobile applications.

As unmanaged mobile devices continue to enter and exit corporate networks and pick up data that later tends to become stored in other clouds, there is increased risk of breaches and targeted attacks on mobile device data. As users add applications to their phones they will pick up malware. In fact, according to the same survey, more than half (53 percent) of survey respondents mentioned that mobility is somewhat to extremely challenging and a further 40 percent of survey respondents  identified mobile devices as one of their top three IT risks.

Some mobile malware duplicates old threats, like stealing information from devices. But it also has created new twists on old malware. In 2013 you can be sure mobile technology will continue to advance and thereby create new opportunities for cybercriminals.

The cloud comes with its own share of security issues. According to the India findings of the 2011 State of the cloud survey, Indian organisations are conflicted about security – rating it both as a top goal and as a top concern with moving to the cloud. Potential risks include mass malware outbreak, hacker-based theft and loss of confidential data.