MOBILE MALWAREMobile devices draw rapid rise in attacks and the most innovation in threat defenses.

IN 2014, EXPECT NEW ATTACK VECTORS AND EVASION TECHNIQUES

Visit http://mcaf.ee/gdn2b to learn more.

GET AHEAD OF THE BAD GUYS:READ THE MCAFEE LABS 2014 THREATS PREDICTIONS REPORT.

McAfee and the McAfee logo are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. Copyright © 2013 McAfee, Inc.

1 Bloomberg. “Bitcoin Gaining Validity Fuels Rally in Virtual Currency: Tech.” November 2013. http://www.bloomberg.com/news/2013-11-19/bitcoin-gaining-validity-fuels-rally-in-virtual-currency-tech.html.

2 McAfee. “Dissecting Operation Troy: Cyberespionage in South Korea.” July 2013. http://www.mcafee.com/us/resources/white-papers/wp-dissecting-operation-troy.pdf.

3 McAfee. “‘Pony’ Botnet Gallops Off With 2 Million Passwords.” December 2013. https://blogs.mcafee.com/consumer/pony-botnet-steals-2-million-passwords.

4 Developer Economics. “The Kaleidoscope of HTML5 App Development.” 2013. http://www.developereconomics.com/report/q3-2013-html5-app-development.

5 McAfee. “McAfee Threats Report: First Quarter 2013.” http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2013.pdf.

CLOUD EXPOSES NEW ATTACK SURFACESExpect cloud-based corporate apps to offer up new attack surfaces:

NEW ATTACKS ABOVE AND BELOW THE OPERATING SYSTEMExpect attacks on PCs and servers through HTML5 vulnerabilities and the master boot record (MBR)—an area below the OS that performs key start-up operations.

IN 2014

VIRTUAL CURRENCIESVirtual currencies like Bitcoin fuel an increase in ransomware attacks across all platforms.

IN 2013

33PERCENT

In the past two quarters, Google Android

malware samples grew by 33 percent, while PC malware sample growth held steady.

IN 2014

IN 2014

Expect to see continued CryptoLocker attacks, as long cybercriminals reap big rewards.

Expect corporate assets to be held for ransom.

IN 2013

The combination of anonymity and lack of regulation made these currencies a perfect tool for cybercriminals.

The value of Bitcoin climbed 45-fold between January and November.1

STEALTH ATTACKSNew stealth attacks become harder to find and freeze.

IN 2013

hard drives were wiped clean on March 20 by Operation Troy, a cyber espionage attack on South Korea—discovered by McAfee Labs.2

IN 2014

Expect attack techniques like sandbox-aware attacks, return-oriented programming attacks, and self-deleting malware.

SOCIAL ATTACKSExpect social platforms to attract new threats as more cybercriminals learn to exploit user and platform weaknesses.

IN 2013

Facebook, Google, and Yahoo passwords were stolen using the Pony botnet.3

IN 2014

Expect increased use of social platforms to deliver malware.

Expect exploitation of “sharing” features to gather data required for social engineering attacks on personal, corporate, and government assets.

New attack surfaces opened up as 52 percent of developers used HTML5 to create mobile apps.4

Q4 of 2012 and Q1 of 2013 saw record highs for MBR threats, at 600,000 and 800,000, respectively.5

2 MILLION

>600,000

IN 2013

45x

30,000

Expect PCs to be attacked through interaction and personalization features of HTML5.

Expect mobile devices to be attacked through HTML5-based apps that allow breaches of browser “sandboxes.”

Expect assaults on PCs and servers that target the storage stack and even the BIOS.

BOOT RECORDUNDER ATTACK52%AP

P

Threat innovation will focus on mobile, social, and cloud, while advanced evasion techniques will plague network security systems.

Expect an explosion in mobile ransomware,

infections of near field communication (NFC) devices,

and the subversion of valid apps to target user data.

Hypervisors

Provisioning/monitoringmanagement tools

Multitenant infrastructure

!