Sophos Security Threat Report 2014

sophos-2014-security-threat-reportI’m pleased to announce the release of this year’s Security Threat Report, in which our accomplished SophosLabs researchers explore and explain the threat landscape of the past 12 months and look ahead to what 2014 may bring.

Reflecting on the security and threat landscape of 2013, I think the most important trend in this year’s report is the growing ability of malware authors to camouflage their attacks to evade detection.

As we acknowledge in the Security Threat Report’s subtitle, “Smarter, Shadier, Stealthier Malware,” cybercriminals have made strides to hide their work in response to recent successes of the IT security industry.

At SophosLabs, we’ve seen evidence of malware authors creating innovative and diverse new attacks based on the leaked source code of some of the most advanced botnets in operation. Even as our law enforcement and security industry partners work to bring malware creators to justice, such as the mastermind behind the Blackhole exploit kit, other criminals are stepping up to take their place and learning from their predecessors.

Modern malware is all about stealth. Advanced persistent threats (APTs), one of the most vicious examples of a stealth threat, precisely target individuals, businesses, governments and their data. APTs are a sophisticated weapon to carry out targeted missions in cyber space. Data leakage—including by espionage—was a primary theme this past year.

As users continue to focus on mobile devices and web services, so have malware authors. Android attacks grew in complexity and maturity this year. Fortunately, Google has made progress in securing the platform. But Android threats continue to follow the path first blazed by Windows malware. We have recently seen the emergence of data-hijacking ransomware on Android.

Ransomware is nothing new, but in 2013 we saw an exceptionally nasty strain called Cryptolocker, which locks users out of their files using extremely strong encryption. The Cryptolocker thieves have thus far been successful in getting their victims to pay large sums, in electronic payments or bitcoins, to free their data.

We’ve also seen innovations in threats to Mac OS X and Linux, and new ways of attacking Windows (including via Linux servers and Macs). Systems people once thought were innately secure, or below the radar of the cybercriminals, are increasingly under attack.

Security is no longer a “nice to have,” but a must-have. As we fly in airplanes, draw cash from a nearby ATM, or rely on a steady supply of electricity and water, we can no longer assume the security of these systems. In the not-too-distant future, such systems could yield attacks that have a very personal impact on each of us.

Here’s the good news: at Sophos, we’re working around the clock to build more sophisticated detection, delivering real-time updates from the cloud, and helping you secure a new generation of mobile devices.

I encourage you to download this year’s Security Threat Report for a deeper understanding of these trends. We’ve done our best to make it accessible to a wide audience, and we’ve included related materials like whitepapers and videos to help you along. As always, we strive to make security simple.

Gerhard Eschelbeck is Chief Technology Officer of Sophos.