With 2014 in the rear view mirror, it is fun to look forward to the year ahead and see if we can predict what may happen over the next twelve months. Our Director at Malware Labs, Andrew Browne has prepared an overview of what we can expect in terms of malware trends in the coming year.

Vulnerabilities

2014 saw the discovery of major vulnerabilities such as Shellshock, POODLE and Heartbleed which affected OpenSSL software. Heartbleed OpenSSL encrypts traffic between a user's computer and a web server ("https" sites). Logging in to an apparently secure web server that used the vulnerable OpenSSL package meant that encrypted traffic could potentially be intercepted and eventually decrypted. The vulnerability affected major sites like Yahoo!, Imgur and DuckDuckGo, amongst many others, although an update was released to patch the unsecure code.

Data Breaches

During 2014 the Identity Theft Resource Center recorded information on 761 data breaches across financial, business, educational, government and medical institutions (http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2...). Some of the more notorious events include the Sony hack, malware attacks on Staples, Dairy Queen, Michaels, Home Depot that resulted in the theft of credit and debit card details and email addresses.

Ransomware

Malware that extorts money from victims featured heavily this year. Tactics ranged from threatening but ‘harmless’ pop ups purporting to be from law enforcement agencies demanding fines, to the more malicious and damaging tactic of encrypting the victim’s files in an attempt to force users to pay to have the files returned.

PUPs Bite Back

Some potentially unwanted programs (PUPs) turned the tables on anti-malware vendors this year by attempting to detect if certain anti-malware programs are present. This raises a question; why do some PUP installers collect and send this information to a remote server? To get a better offer or to download malware/adware that is not detected by this particular antivirus? Interestingly, this AV tracking methodology is used as a part of server-side polymorphism when a newly generated piece of polymorphic malware is checked using popular antiviruses to avoid being detected before delivery.

Au Revoir, Windows XP

Support for Microsoft’s popular Windows XP officially ended on April 8 2014. Microsoft no longer distributes security patches for the operating system, so any existing security vulnerabilities that are found will not be patched. This gives malware authors a large attack surface to exploit, safe in the knowledge that the vulnerability will not be patched. The safest, albeit least practical, way to use Windows XP is to disconnect it from the internet so if that option doesn’t sound appealing, its definitely time to consider upgrading to a newer version of Windows.