Business needs to prepare as cloud computing, mobile devices and non-Windows operating systems become the next targets for cyber attackers, says Kaspersky Lab.
Based on current trends, these are the areas that attackers are most likely to focus on next, say the security firm’s researchers and analysts.
“In 2012, we saw the first series of attacks aimed at cloud-based services such as Dropbox and LinkedIn,” said David Emm, senior regional researcher, UK for Kaspersky Lab.
Cloud-based services are likely to become increasingly targeted because a single breach can yield account details from millions of users and so is highly efficient, he said.
Analysis of the Red October cyber espionage campaign revealed that looking for network-connected mobile devices was one of the things the Rocra malware was designed to do.
“This is a strong indication that attackers have recognized that mobile devices are fast becoming a rich source of information that is worth going after,” said Emm.
Attackers typically follow the line of least resistance, naturally migrating to Adobe software as the next most ubiquitous platform as Microsoft’s Windows operating system became increasingly resilient.
With each new major release of the Windows operating system, security has improved, and Adobe is beginning to follow a similar pattern through its own similar secure development lifecycle.
Just as attackers have migrated from Windows, to Adobe and now Java – which is currently the top target – researchers expect attention to begin turning to Apple’s Mac operating system.
“The perception is that the Mac operating system is inherently more secure, but the reality is that it has simply not been targeted before as there were fewer Mac users,” said Emm.
But the discovery of the Flashback botnet in 2012 – aimed at the Mac OS X operating system – suggests this will change, he said.
Similarly, attackers are expected to begin exploiting vulnerabilities in “unsuspicious” devices that are getting smarter, said Vincente Diaz, senior malware analysts at Kaspersky Lab.
“Not only are phones getting smarter, but other items such as televisions and cars are becoming increasingly computerised and connected,” Diaz said.
He said as a growing number of devices become interconnected, it is important that they are designed, implemented and used with security in mind.
“Otherwise, such things could be open to malicious exploitation as people surrender more and more decision making to devices and online services,” Diaz said.
Diaz said he hopes the revelation of the US Prism internet monitoring programme will help raise awareness about the security and privacy implications of online services that are too good not to use.
“The big trick that many people are missing, is that if you are not paying for a service, you are the product. Is this what we really want? Would it not perhaps be better to pay a little and surrender less?”
Looking to the future of the security industry, Diaz said the vision is to move to a state where single security platforms are able to provide protection for every type of computing device.
However, he said this will require the co-operation of all device makers with the security industry and the breaking down of proprietary walls that are hampering progress in this direction.