• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Security   »   2013 Annual Threat Roundup: Shadows on the Horizon?

2013 Annual Threat Roundup: Shadows on the Horizon?

  • Posted on:February 11, 2014
  • Posted in:Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

Today we released our annual threat roundup where we look back at the year as a whole to understand the broad trends we’ve seen.

2013 has been a big year. But unlike other years there’s no single big event that marks it. Unlike past years where a single event or trend stood out, in 2013 we saw significant developments in four key areas:

  • Online Banking Malware
  • Ransomware
  • Malicious and High Risk Apps on Android
  • Attacks against unpatched vulnerabilities in software out of support

Taken altogether, these represent significant escalations and worsening of the threat environment. And they portend a 2014 that will be even bigger and more dangerous.

Online Banking Malware

2013 ends with online banking malware volume at double what it was at the end of 2012. In 2012 we saw 500,000 detections worldwide; at the end of 2013 we saw more than one million detections worldwide. The United States and Brazil alone accounted for fully 50 percent of worldwide detections (US: 28%, Brazil 22%). This growth is consistent with what we reported at the end of Q3 2013. Even while consistent, that number is still shocking. When coupled with the ongoing disclosures around retail data breaches in the United States these numbers may help advance the adoption of greater security measures for credit cards and debit cards in the United States, bringing them more in-line with standards in place in the rest of the world.

Ransomware

Ransomware isn’t new: it’s been around for years. But each year, criminals find ways to bring new innovations to bear to make ransomware even more effective. In 2013 the makers of Crytolocker added two new features that increased its effectiveness dramatically. First, they use sophisticated encryption techniques to make a victim’s data effectively unrecoverable without the key the attacker’s control. And they make the recovery key self-destruct after a set period of time. Together, these two things put users in a dire predicament: make a snap decision to pay the money or lose their data forever. With this latest degree of effectiveness, we have to shudder what innovations 2014 will bring to ransonware.

Malicious and High Risk Apps on Android

In his 2013 predictions, our CTO Raimund Genes predicted Android would pass one million malicious and high risk apps in 2013. That prediction was realized by September 2013. In fact, there were one million new pieces of malicious and high risk Android apps introduce in 2013 alone. That brought the total number of malicious and high risk apps at the end of 2013 to 1.4 million. Looking forward to 2014, the only thing one should expect is for this to continue to increase, likely even faster. And, with Google talking with car makers about bringing Android to in-car systems like they announced at CES, it raises the stakes on the question of security for in-car systems in the Internet of Everything (IoE) era. What does it mean to introduce a platform with more than 1 million pieces of malware and high risk apps to cars? We’re going to find out soon.

Attacks against unpatched vulnerabilities in software out of support

Oracle ended support for Java 6 in spring 2013 even though nearly half of all computers were still running it at the time. After the end of support, 31 vulnerabilities have been found in Java 6 and attackers have been aggressively targeted these Java 6 vulnerabilities. And the overall threat environment around Java worsened in 2013. We can expect attacks against Java 6 to continue in 2014. But most notably for 2014 is the coming end of support for Windows XP. What we see with Java is a foreshadowing of what may be in store when Microsoft ends support for Windows XP in April 2014. Currently nearly 30 percent of all computers still run Windows XP and a significant number of those are expected to be up and running on the Internet after that deadline. We can’t know for sure what’s going to happen, but attacks against Java 6 give us a view that’s not pretty.

All in all the trends of 2013 tell us that 2014 will be another big year, and that’s not factoring in all the new threats that the Internet of Everything (IoE) will be introducing. 2014 will be a year where watchfulness, best practices and multiple layers of security will pay dividends to those who practice them.

Related posts:

  1. Reflections on the One Million Mark: A Threat Beyond the Android Platform
  2. 2013 Consumerization Trends to Watch
  3. Data Breaches, Vulnerabilities, and Online Banking Malware: Trend Micro’s 2Q 2014 Security Roundup
  4. 2015 Third Quarter Security Threat Roundup

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.