Amit Klein, CTO at Trusteer, an IBM company, has compiled what Trusteer sees to be the most dangerous malware trends for 2014. See his comments and an infographic below“The common thread running through the malware trends we’ve seen in recent months is the evolution, maturing and diversification of the attacks and fraud schemes they facilitate. Malware, once purpose built, is clearly becoming a flexible platform. In many respects it is now almost a commodity. Take, for example, the leak of Carberp’s source code earlier this year. Carberp joined Zeus as the latest prominent Man-in-the-Browser malware to become “open”. With access to this source code, cybercriminals can quickly implement a wide variety of attacks and fraud schemes aimed at specific targets. Along with the more traditional pure in-browser attacks, SMS stealing attacks are becoming common, researcher evasion is emerging as a trendy feature and new approaches to account take over and remote device control are being encountered more and more. This infographic summarizes our findings.
Not surprisingly, malware is still the most dangerous threat to enterprises, end users and financial institutions. Its success has spawned improved detection and prevention technologies which continue to threaten malware’s existence. This has forced cybercriminals to evolve their own technologies in order to try to stay ahead of security vendors. They have responded through diversification (inventing new fraud mechanics to evade existing security solutions) and commoditization (turning cutting edge, limited circulation techniques into mainstream capabilities). These are indicators that the cybercrime industry is prospering and able to withstand pressure from advances in security technologies. What’s needed is a disruptive approach to security – an approach that addresses the root cause of infections and cybercrime. This approach will need to respond to new cybercrime techniques in real time while also providing holistic protection.”
Malware Trends 2014 Infographic
Click The Image To See The Full Infographic
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.