January 30, 2014, 8:45 PM — The year's barely started, and we've already had enough data breaches at major retailers to make a barter economy seem like a good idea. Unfortunately there are yet more security threats to look forward to in 2014. Here are the biggest ones we anticipate.
Mobile malware: The absence of any notoriously successful mobile exploit has lulled users into a false sense of confidence about the level of danger they face. Meanwhile, attackers have had a few years to test the best ways to spread mobile malware.
James Lyne, global head of security research for Sophos, notes that mobile malware is adapting and evolving faster than security tools can learn to detect and evade the threats. Variants are adopting tactics from PC malware--employing encrypted command and control servers, and polymorphism, among other techniques. The perfect storm is on its way.
The Internet of things: Connected devices can make life more convenient, but they also create additional opportunities for the bad guys. If you can access your home security system or baby monitor camera from your smartphone, an attacker may be able to do so as well. Think about that before you rush to connect your car, refrigerator, watch, camera, alarm system, and whatever else.
Virtual currencies under siege: Though they remain a fringe phenomenon, virtual currencies like Bitcoin have achieved a level of success and growth that can't be ignored. Cybercriminals are eager to go after such holdings, so if you own any virtual currency you had better take every possible precaution to keep it safe.
Because virtual currencies are unregulated and anonymous, they enable cybercriminals to collect payments for ransomware threats such as CryptoLocker with less fear of being traced. McAfee Labs predicts that cybercriminals will continue to embrace virtual currencies in the future.
Windows XP: The ancient operating system retains significant market share in the desktop OS category, and it powers a wide spectrum of kiosks and embedded devices. As of April, Microsoft will no longer support Windows XP, which means no more patches and no more security updates. (Microsoft will support Microsoft Security Essentials antimalware protection on Windows XP through July 14, 2015.)
Some security experts believe that attackers are hoarding Windows XP exploits and biding their time until April. Then the gloves will come off, and it will be open season on Windows XP systems. Many software developers will stop updating their Windows XP applications, too, which will provide more opportunities for attackers, and the security software for Windows XP will become a prime target for exploits as well.
More data breaches: The data breaches keep coming, and there's no reason to believe they will subside anytime soon. The Target debacle that closed out 2013 continues to grow in scope as the investigation continues. The original estimate of 40 million has been revised to 110 million, and now additional retailers such as Neiman Marcus are discovering that their customer data storage systems have been breached.
In some areas, such as connected devices and virtual currencies, you may not be able to do much beyond staying vigilant.
As always, you should be cautious about opening file attachments or clicking suspicious links or links from unknown sources. Protect your mobile devices against malware and exploits by using security software. Finally, use two-factor authentication wherever possible, and be sure to set up strong, unique passwords for the various sites and services you visit and rely on, so that a data breach at one site doesn't compromise your entire online identity.