This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

2014 - Malware to reduce but risks to rise

Share this article:

Predictions for 2014 in a new report from Websense Security Labs sugggest malware attacks will fall in volume but become more targeted whlle cyber attackers will focus on cloud-based data and Java vulnerabiliites.

Malware attacks will fall in volume next year but become more targeted. Meanwhile, cyber attackers will increasingly switch their attention from corporate networks to cloud-based data, and Java will continue to be vulnerable. These are the predictions for 2014 in a new report from Websense Security Labs.

The quantity of new malware is already beginning to fall, according to Websense's data feeds, but the good news is tempered by the fact that cyber criminals are turning to more focused attacks, to secure a foothold then steal user credentials and move unilaterally throughout infiltrated networks. “Although the volume of attacks will decrease, the risk is even greater because of the increasingly stealthy nature of threats,” the Websense report warns.

Attackers will also increasingly train their sights on cloud rather than network-held data because, the report says,  they “will find that penetrating the data-rich cloud can be easier and more profitable than getting through the ‘castle walls' of an on-premise enterprise network”.

It adds: “No doubt attackers will still infiltrate enterprise networks to target users, steal information and compromise their systems. However, such attacks will serve as an intermediate step to gain access to third-party cloud services instead of an internal data store.”

And among other predictions, the report says Java will remain highly exploitable and exploited, with expanded repercussions. This is because “despite highly publicised and successful exploitations of Java vulnerabilities throughout 2013, most end points continue to run older versions of Java and therefore remain extremely exposed to exploitation”.

Commenting on the trend in malware attacks, Websense senior security research manager Carl Leonard told “Although advanced malware volume will decrease, the amount of attacks will increase. Instead of bombarding companies with 15 pieces of malware to achieve one breach, they will use the malware in a wiser way to get more targeted attacks through the door and will then move around the network.”

Faced with the threat to cloud data, he said: “Organisations need to question how much they trust their current cloud provider and to what extent is their data protected in the cloud. I advise companies to start off small, and make sure that works for them, and once confident start to move the rest of your data to the cloud.”

On Java exploits, he said: “Java is incredibly prevalent within organisations, but it has many vulnerabilities. We believe that cyber criminals will selectively use the zero-days for applications like Java because they don't want to reveal their best hand yet. They want to keep those for organisations that they know they can best profit from.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.