This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

2014 - Malware to reduce but risks to rise

Share this article:

Predictions for 2014 in a new report from Websense Security Labs sugggest malware attacks will fall in volume but become more targeted whlle cyber attackers will focus on cloud-based data and Java vulnerabiliites.

Malware attacks will fall in volume next year but become more targeted. Meanwhile, cyber attackers will increasingly switch their attention from corporate networks to cloud-based data, and Java will continue to be vulnerable. These are the predictions for 2014 in a new report from Websense Security Labs.

The quantity of new malware is already beginning to fall, according to Websense's data feeds, but the good news is tempered by the fact that cyber criminals are turning to more focused attacks, to secure a foothold then steal user credentials and move unilaterally throughout infiltrated networks. “Although the volume of attacks will decrease, the risk is even greater because of the increasingly stealthy nature of threats,” the Websense report warns.

Attackers will also increasingly train their sights on cloud rather than network-held data because, the report says,  they “will find that penetrating the data-rich cloud can be easier and more profitable than getting through the ‘castle walls' of an on-premise enterprise network”.

It adds: “No doubt attackers will still infiltrate enterprise networks to target users, steal information and compromise their systems. However, such attacks will serve as an intermediate step to gain access to third-party cloud services instead of an internal data store.”

And among other predictions, the report says Java will remain highly exploitable and exploited, with expanded repercussions. This is because “despite highly publicised and successful exploitations of Java vulnerabilities throughout 2013, most end points continue to run older versions of Java and therefore remain extremely exposed to exploitation”.

Commenting on the trend in malware attacks, Websense senior security research manager Carl Leonard told SCMagazineUK.com: “Although advanced malware volume will decrease, the amount of attacks will increase. Instead of bombarding companies with 15 pieces of malware to achieve one breach, they will use the malware in a wiser way to get more targeted attacks through the door and will then move around the network.”

Faced with the threat to cloud data, he said: “Organisations need to question how much they trust their current cloud provider and to what extent is their data protected in the cloud. I advise companies to start off small, and make sure that works for them, and once confident start to move the rest of your data to the cloud.”

On Java exploits, he said: “Java is incredibly prevalent within organisations, but it has many vulnerabilities. We believe that cyber criminals will selectively use the zero-days for applications like Java because they don't want to reveal their best hand yet. They want to keep those for organisations that they know they can best profit from.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...