2013: Cybercrime to go mobile and social : David Hall, Regional Consumer Product Marketing Manager, Asia Pacific, Norton by Symantec

image0011India has been recognized as one of the fastest growing internet and mobile market globally. With over 137 million internet users in India, 7 out of 10 users access internet through mobile. Additionally, India grew its social media user base from 38 million in 2011 to 60 million in 2012, making both mobile and social media platforms a preferred site for cybercrime attacks.

Cybercriminals are constantly changing their tactics to target both these fast-growing platforms where consumers are less aware of security risks. This fast paced change has impacted individuals with loss of data, identities and finances to name a few. According to the Norton Cybercrime Report 2012, in India, it is estimated that more than 42 million people fell victim to cybercrime in the past twelve months, suffering approximately US $8 billion in direct financial losses.

Looking ahead

Many of us at Symantec and Norton have been putting our heads together to predict some of what we can expect to see in 2013. Of the predictions we’ve come up with, I want to draw your attention in particular to two: the likelihood that cyber terrorism will get highly personal as attacks focus on individuals or minority groups and the possibility that new electronic payment methods could be vulnerable to hacks and breaches.

While these predictions are based on what is seen today, they also reflect where things are going based on years of expertise, understanding of threat evolution, and experience in previous cyber security trends.

Cyber conflict becomes the norm – Conflicts between nations, organizations, and individuals will play a key role in the cyber world. Espionage can be successful and also easily deniable when conducted online. Any nation state not understanding this has been given many examples in the last two years. Nations or organized groups of individuals will continue to use cyber tactics in an attempt to damage or destroy the secure information or funds of its targets. In 2013, we will see the cyber equivalent of saber rattling, where nation states, organizations, and even groups of individuals will use cyber-attacks to show their strength and “send a message.” Additionally, we expect more targeted attacks on individuals and non-government organizations, such as supporters of political issues and members of minority groups in conflict.

Ransomware is the new scareware – Ransomware is a type of malicious software that disables the functionality of a computer and demands a ransom in order to restore the computer to its original state. While this “business model” has been tried before, it suffered from the same limitations of real life kidnapping: there was never a good way to collect the money. Cybercriminals have now discovered a solution to this problem: using online payment methods. They can now use force instead of flimflam to steal from their targets. As it is no longer necessary to con people into handing over their money, we can expect the extortion methods to get harsher and more destructive. In 2013, attackers will use more professional ransom screens, up the emotional stakes to motivate their victims, and use methods that make it harder to recover once compromised.

Madware adds to the insanity– Mobile adware, or “madware,” is a nuisance that disrupts the user experience and can potentially expose location details, contact information, and device identifiers to cybercriminals. Madware, which sneaks onto a user device when they download an app—often sends pop-up alerts to the notification bar adds icons, changes browser settings, and gathers personal information. In just the past nine months, the number of apps including the most aggressive forms of madware has increased by 210 percent. Because location and device information can be legitimately collected by advertising networks, it helps them target users with appropriate advertising and we expect increased use in madware as more companies seek to drive revenue growth through mobile ads. This includes a more aggressive and potentially malicious approach towards the monetization of “free” mobile apps.

Monetization of social networks introduces new dangers– As consumers, we place a high level of trust in social media—from the sharing of personal details, to spending money on game credits, to gifting items to friends. While E-payments have so far been adopted slowly by consumers but with the addition of payment methods in social media, we expect to see e-payments grow in popularity in 2013. And where there’s money, there will surely be cybercriminals following right behind to rip us off. Most likely we’ll see socially spread malware that takes over the user’s account, re-sets passwords and uses the encrypted but stored credit card information to make real world purchases for the crooks. While providing non-financial information might seem innocuous, cybercriminals sell and trade this information with one another to combine with information they already have about you, helping them create a profile of you they can use to gain access to your other accounts.

As users shift to mobile and cloud, so will attackers– Attackers will go where users go, and this continues to be to mobile devices and the cloud. It should come as no surprise that mobile platforms and cloud services will be likely targets for attacks and breaches in 2013. The rapid rise of Android malware in 2012 confirms this. As users add applications to their phones they will pick up malware. Some mobile malware duplicates old threats, like stealing information from devices. Today mobile malware sends premium text messages to accounts that bad guys can profit from. According to Norton Cybercrime Report 2012, in India 31% of mobile users have received unsolicited SMS text asking them to call back an unknown number or click on an embedded link. To exacerbate the problem, much of this mobile Internet usage is being handled by unsecure mobile applications which bring additional risk to the table. 2013 you can be sure mobile technology will continue to advance and thereby create new opportunities for cybercriminals.

Sources: WeareSocial; Norton Cybercrime Report 2012; Internet and Mobile Association of India