I’m pleased to announce the release of this year’s Security Threat Report, in which our accomplished SophosLabs researchers explore and explain the threat landscape of the past 12 months and look ahead to what 2014 may bring.
Reflecting on the security and threat landscape of 2013, I think the most important trend in this year’s report is the growing ability of malware authors to camouflage their attacks to evade detection.
As we acknowledge in the Security Threat Report’s subtitle, “Smarter, Shadier, Stealthier Malware,” cybercriminals have made strides to hide their work in response to recent successes of the IT security industry.
At SophosLabs, we’ve seen evidence of malware authors creating innovative and diverse new attacks based on the leaked source code of some of the most advanced botnets in operation. Even as our law enforcement and security industry partners work to bring malware creators to justice, such as the mastermind behind the Blackhole exploit kit, other criminals are stepping up to take their place and learning from their predecessors.
Modern malware is all about stealth. Advanced persistent threats (APTs), one of the most vicious examples of a stealth threat, precisely target individuals, businesses, governments and their data. APTs are a sophisticated weapon to carry out targeted missions in cyber space. Data leakage—including by espionage—was a primary theme this past year.
As users continue to focus on mobile devices and web services, so have malware authors. Android attacks grew in complexity and maturity this year. Fortunately, Google has made progress in securing the platform. But Android threats continue to follow the path first blazed by Windows malware. We have recently seen the emergence of data-hijacking ransomware on Android.
Ransomware is nothing new, but in 2013 we saw an exceptionally nasty strain called Cryptolocker, which locks users out of their files using extremely strong encryption. The Cryptolocker thieves have thus far been successful in getting their victims to pay large sums, in electronic payments or bitcoins, to free their data.
We’ve also seen innovations in threats to Mac OS X and Linux, and new ways of attacking Windows (including via Linux servers and Macs). Systems people once thought were innately secure, or below the radar of the cybercriminals, are increasingly under attack.
Security is no longer a “nice to have,” but a must-have. As we fly in airplanes, draw cash from a nearby ATM, or rely on a steady supply of electricity and water, we can no longer assume the security of these systems. In the not-too-distant future, such systems could yield attacks that have a very personal impact on each of us.
Here’s the good news: at Sophos, we’re working around the clock to build more sophisticated detection, delivering real-time updates from the cloud, and helping you secure a new generation of mobile devices.
I encourage you to download this year’s Security Threat Report for a deeper understanding of these trends. We’ve done our best to make it accessible to a wide audience, and we’ve included related materials like whitepapers and videos to help you along. As always, we strive to make security simple.
Gerhard Eschelbeck is Chief Technology Officer of Sophos.
Sophos Releases IT Threat Report 2014 | MAXIT Online
[…] in 2013, as well as top tips and predictions on emerging trends, can be downloaded here. A blog discussing the Threat Report 2014 is also […]
“Victim” vs “Security Threat” | The Tale Of Bitter Truth
[…] Sophos Security Threat Report 2014 (blogs.sophos.com) […]
Sophos 發表 2014 年安全威脅報告
[…] 《2014 年威脅報告:更聰明、低調和隱匿的惡意軟體》包含更多 2013 年網路犯罪的資訊和數據,以及新趨勢的主要提示和預測,請於此處下載。 此外也提供 2014 年威脅報告專屬部落格以供討論。 […]
New webcast explaining threats for 2014: Smarter, Shadier and Stealthier Malware | Sophos Blog
[…] and John explain the research from SophosLabs outlined in our Security Threat Report 2014, including: the emergence of the Cryptolocker ransomware; the stealthy and dangerous new techniques […]
CeBIT opens with focus on Big Data and the Internet of Things | Sophos Blog
[…] The Internet of Things means we have to consider security as part of everyday life, whenever we use and create data. Our CTO Gerhard Eschelbeck explained it nicely in his foreword to our 2014 Security Threat Report: […]
Snowshoe Spam is on the Rise – What can be done about it? | Sophos Blog
[…] our 2014 Threat Report, we noted that snowshoe spam was gaining popularity amongst spammers using new techniques to evade […]