Year in review: Top endpoint security threats of 2013

by Charles Leaver

January 6, 2014

access_time 6 min read

In addition to considering forward-facing predictions and preparing for upcoming data leakage threats, it is also important to review past trends and take steps to ensure they don't continue. If administrators and business employees do not make efforts to prevent the continuation of cyberattacks, hackers will continue to use these strategies and weaknesses to snoop and steal sensitive data.

Proliferation of Ransomware
This year saw an undeniable trend in ransomware, where users are locked out of their systems and hackers demand a fee for a decryption. One of the top threats in this arena was dubbed CryptoLocker, which affected a number of users including individuals and business endpoints. According to PCWorld contributor Tony Bradley, cybercriminals leveraging this ransomware sample made $30 million in just 100 days.

As the typical ransom demand for this malware is $300, this means hackers made $300,000 by infecting and successfully receiving payment from approximately 1,000 users a day. Those that have paid the ransom have reported mixed results, where some were sent the decryption key and were able to regain access to their files. Others paid the demand but were still locked out of their devices. The fee was most often demanded in online currency, which offers certain identity protection for attackers.

"2013 saw a significant trend toward ransomware because cyberattackers were able to utilize Tor and Bitcoin to anonymously blackmail people into paying for access to their own data," Tripwire security researcher Ken Westin told PCWorld.

To prevent becoming a victim of ransomware, users should be wary of suspicious email attachments, as this was the most popular point of infection. If individuals do not recognize the sender, they should not click on internal links or open attached documents.

Data leakage through mobile malware
According to Dark Reading, 71 percent of security professionals consider endpoint security threats one of the most difficult data loss prevention risks to mitigate. Furthermore, more than half of survey participants (68 percent) stated that mobile malware has attacked endpoints on their network within the past year. This report showed the effects that mobile malware had on corporate data security within the past year, becoming a more significant data leakage threat.

While mobile malware is nothing new for smartphone, tablet and laptop users, it became an increasing focus of IT and security teams this past year. PCWorld noted that one security firm reported 500 new mobile malware samples every day in January alone, which grew to 1,500 a day by November.

Mobile malware samples come in a variety of forms, including through malicious attachments opened on portable devices or malicious applications parading as legitimate programs. These attacks have the ability to send fraudulent text messages to premium numbers and use other tactics to drain a user's data plan. In addition, some samples can seek out an individual's login credentials, record activities and otherwise snoop or steal data.

This trend is increasingly worrisome, as industry expert Larry Ponemon of the Ponemon Institute said 46 percent of business do not have strategies in place to secure mobile endpoints.

"We've seen the threat landscape fundamentally change over the last five years," said Ponemon. "Trending data shows increasing concern, year over year, over the explosion of mobile devices on the network. It's now IT's greatest risk."

As this trend grows, it is important to protect endpoints, especially those containing or accessing sensitive personal or business information. To mitigate this risk, administrators should be sure devices are protected with endpoint security software, such as that provided by Ziften.

Supervisors can also encourage employees to protect systems with strong passwords and utilize different login credentials for each individual program. In this way, if one system is breached, it does not put other applications at risk.