This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

2014 - Malware to reduce but risks to rise

Share this article:

Predictions for 2014 in a new report from Websense Security Labs sugggest malware attacks will fall in volume but become more targeted whlle cyber attackers will focus on cloud-based data and Java vulnerabiliites.

Malware attacks will fall in volume next year but become more targeted. Meanwhile, cyber attackers will increasingly switch their attention from corporate networks to cloud-based data, and Java will continue to be vulnerable. These are the predictions for 2014 in a new report from Websense Security Labs.

The quantity of new malware is already beginning to fall, according to Websense's data feeds, but the good news is tempered by the fact that cyber criminals are turning to more focused attacks, to secure a foothold then steal user credentials and move unilaterally throughout infiltrated networks. “Although the volume of attacks will decrease, the risk is even greater because of the increasingly stealthy nature of threats,” the Websense report warns.

Attackers will also increasingly train their sights on cloud rather than network-held data because, the report says,  they “will find that penetrating the data-rich cloud can be easier and more profitable than getting through the ‘castle walls' of an on-premise enterprise network”.

It adds: “No doubt attackers will still infiltrate enterprise networks to target users, steal information and compromise their systems. However, such attacks will serve as an intermediate step to gain access to third-party cloud services instead of an internal data store.”

And among other predictions, the report says Java will remain highly exploitable and exploited, with expanded repercussions. This is because “despite highly publicised and successful exploitations of Java vulnerabilities throughout 2013, most end points continue to run older versions of Java and therefore remain extremely exposed to exploitation”.

Commenting on the trend in malware attacks, Websense senior security research manager Carl Leonard told “Although advanced malware volume will decrease, the amount of attacks will increase. Instead of bombarding companies with 15 pieces of malware to achieve one breach, they will use the malware in a wiser way to get more targeted attacks through the door and will then move around the network.”

Faced with the threat to cloud data, he said: “Organisations need to question how much they trust their current cloud provider and to what extent is their data protected in the cloud. I advise companies to start off small, and make sure that works for them, and once confident start to move the rest of your data to the cloud.”

On Java exploits, he said: “Java is incredibly prevalent within organisations, but it has many vulnerabilities. We believe that cyber criminals will selectively use the zero-days for applications like Java because they don't want to reveal their best hand yet. They want to keep those for organisations that they know they can best profit from.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

China refutes new FBI hacking claims

China refutes new FBI hacking claims

It's been another week of claims and counterclaims as the US and Chinese governments accuse each other of deviant cyber security practices.

SC Exclusive: Bank of England to appoint new CISO in January

SC Exclusive: Bank of England to appoint new ...

Bank of England Chief Information Security Officer (CISO) Don Randall is to leave his post in the New Year to take up an unspecified supervisory role, with William Brandon set ...

Sandworm vulnerability seen targeting SCADA-based systems

Sandworm vulnerability seen targeting SCADA-based systems

Hard on the heels of the `Sandworm' spy group revealed by iSIGHT Partners earlier in the week, Trend Micro says its has spotted the zero-day vulnerability of the same name ...