Duqu 2 malware uncovered
IB Times

In the cyber security world, 2013 has been more than a bit of an eye-opener for most people. The level of sophistication and power that some people wield over your online activity has been revealed to be far greater than almost everyone ever imagined.

But while law enforcement agencies like the NSA and GCHQ have almost limitless power to monitor your online life, cyber-criminals have also developed more and more sophisticated methods of stealing your money, and more importantly your data.

As more and more of our lives become digital, this trend is only likely to continue, and so we have asked experts around the world to tell us what they think the cyber threats for 2014 will be.


Dark web will become the only truly world-wide web


Alexander Gostev, chief security expert at Kaspersky Lab, says one of the big results of the Snowden revelations will be the break-up of the traditional internet, with the deep web left as the only truly global network.

The shadowy Darknet then will be the only truly world-wide web
- Alexander Gostev

"Individual countries are no longer willing to let a single byte of information out of their networks. The next step will most likely be attempts to limit foreign access to data inside a country. As this trend develops further it may lead at some point to the collapse of the current Internet, which will break into dozens of national networks. The shadowy Darknet then will be the only truly world-wide web."


Death of Windows XP a boon for hackers


Ken Westin, security researcher at Tripwire says the end of life for Windows XP in April will be a boon for malicious hackers who will have "an arsenal of saved unreleased vulnerabilities at their disposal. With every Patch Tuesday hackers will be reverse engineering patches to see if the vulnerabilities for Vista through Windows 8 also affect XP."


Adobe passwords will be cracked


Westin believes the 130 million encrypted passwords that were part of the Adobe compromise will be decrypted within the next few months, providing malicious hackers with a large database of passwords to use in brute force tools as well as additional compromises simply because people use the same passwords on multiple accounts.

"In general we will continue to see large scale compromises of user data including user name and passwords which will increase demand for two-factor authentication and a boom in biometric technology start-ups as people and businesses struggle with how to keep accounts and data secure," Westin said.


Police lack knowledge to track criminals on darknets


Silk Road website
Silk Road was the most famous website on the TOR network. Screengrab

Trend Micro's Rik Ferguson believes the Snowden revelations have led cyber criminals to turn to 'darknets', with the most popular darknet being The Onion Router (TOR), which hides a shared file's origin and destination.

Ferguson says: "Law enforcement agencies may not have enough knowledge or experience to deal with cybercrime and will have a hard time tracking criminals in the Deep Web, prompting more investment in the fight against cybercrime."


Bitcoin to become the de facto cyber-criminal currency


ESET senior research fellow Righard Zwienenberg predicts the trend for bitcoin becoming more popular and valuable will continue into 2014. However, the popularity of illicit bitcoin-miners as well as bitcoin-stealers will also increase. Zwienenberg suggests that, as bitcoins become more valuable, and because they are untraceable, operators of ransomware scams – such as CryptoLocker - will increasingly demand payment in bitcoin.


CIOs will face extinction


Today, private computer systems, built and operated by individual companies, are being supplanted by services provided over the internet. Computing is turning into a utility, and once again the economic equations that determine the way we work and live are being rewritten, says Calum MacLeod at Lieberman Software Corporation.

"This is going to have an impact on the CIO's job because as more and more organisations rely on service providers to manage their IT, there is going to be less of a need for internal IT departments, and CIOs. I imagine CIOs will try and stave off the threats, using their powerbase to block any and every attempt by lesser mortals to improve the way the business worked."


Mobile malware to reach new levels of sophistication


I suspect that in 2014 we will see mobile malware reach new levels of sophistication
- Craig Young

Craig Young, security researcher at Tripwire says:

"I suspect that in 2014 we will see mobile malware reach new levels of sophistication as BYOD becomes more prevalent in the workplace. Mobile devices may be targeted not only for the data they store but also for the systems and services they can access. To combat this threat, end users need to become more vigilant about the applications they install and the networks they connect to with their smartphone or tablet."


Java will continue to be a problem


Tyler Reguly, technical manager of security research and development at Tripwire is keeping his fingers crossed that 2014 will see the end of businesses using Java, but he does not seem very hopeful:

"Hope: Java will finally be deemed unsafe by enterprises and slowly start to disappear. Prediction: Java will remain popular in enterprise environments because ease of use / deployment continues to trump security."


Snowden fallout continues


Snowden To Appear At EU Parliament

We will continue to see additional documents released by Snowden that will unveil further cyber surveillance both domestic and foreign, believes Ken Westin, security researcher at Tripwire. He adds that evidence the US is not the only country involved in these types of surveillance activities will also become widely available. "These allegations will hurt US businesses as international organisations seek more secure services free from snooping governments."


Cyber-criminals will find new ways to steal your money


Kaspersky Lab's experts expect cybercriminals to continue developing tools to steal your cash in 2014 – directly or indirectly.

"The fraudsters will further refine tools designed to access the bank accounts of mobile device owners (mobile phishing, banking Trojans). Mobile botnets will be bought and sold and will also be used to distribute malicious attachments on behalf of third parties.

"To support indirect thefts, it is likely that we will see more sophisticated versions of the Trojans which encrypt the data on mobile devices, preventing access to photos, contacts and correspondence until a decryption fee is handed over. Android-based smartphones will no doubt be the first to be targeted."