World Backup Day: Six ways to backup your data

Today is World Backup Day, and it goes without saying that backing up data is a thoroughly sensible thing to routinely get into the habit of doing.

Not only does it make sense in case your laptop is stolen, or your hard disk fails, but it also means that should your computer become infected with ransomware. This is a particularly nasty strain of malware that encrypts your files and threatens to delete them if you don’t pay a ransom within a certain time period. ESET doesn’t recommend giving in to ransomware demands for many reasons both ethical and practical (not least because you mark yourself as a possible target for future attacks), but if your files are all safely backed up, you won’t even feel tempted to negotiate with them in the first place.

There are plenty of options available for people looking to backup up their data, all with their own pros and cons. Here are some of your options, but remember: it’s best to have more than one backup to be safe.

1. USB stick

usb stick

Small, cheap and convenient, USB sticks are everywhere, and their portability means that they’re easy to store safely, but also pretty easy to lose. There are questions about the number of read/write cycles they can take, so should be considered alongside other backup methods.


+ Extremely portable

+ Very cheap

+ Can easily transfer data to other sources


– Portability means they’re small and easy to lose

– Questions over read/write cycle longievity

2. External hard drive

external hard drive

External hard drives are just what they sound like – hard drives that live outside your computer, meaning they can be plugged in to other sources. If using them for backup, it’s best not to use them as an ‘extra every day hard drive’.


+ Relatively cheap

+ Plenty of storage space for larger files


– Potentially open to problems which lost files in the first place (a power surge or malware)

3. Time Machine


For the Mac users out there, Time Machine is an option that backs up to external hard drives automatically. Apple sells  its own brand of dedicated wireless Time Capsules, but you can use any hard disk for it. Using this method, you’ll automatically keep backups hourly for the last 24 hours, daily for the last month and then weekly backups until the machine is full.


+ Automated, meaning you shouldn’t forget to stay up to date

+ Frequency of backups means you should never be too out of date

+ Backs up whole drive, not just the key files


– Dedicated wireless machine is expensive

– Mac only

4. Network Attached Storage


Businesses tend to backup their files to network attached storage, but with more and more homes having multiple computers, the idea has a certain appeal, especially for those looking to save files from more than one source. With prices coming down, a dedicated wireless storage solution is a convenient option which requires less thought.


+ Automatic backups mean you don’t risk forgetting

+ Wireless solutions also work with phones and tablets


– Can be expensive

– Can be awkward to set up and maintain

5. Cloud Storage


While network attached storage is essentially your own Cloud Server, there are plenty of third party cloud storage options around: free, paid, or free with paid extras. iCloud, Dropbox, Google Drive and OneDrive are big names, but others are available.


+ Can be done automatically

+ A certain amount of space is usually free

+ Device agnostic


– Requires an internet connection to work

– You can’t account for their security breaches

– Companies aren’t obliged to keep these services around forever

6. Printing


At a first glance, this might sound a facetious inclusion. But while considerably less technically advanced, printing offers you a hard copy of your most important documents that will survive power outages, and are easy to store and access even if your computer is out of action for a few days. Of course it’s hard to keep documents up to date this way, and it won’t work for video or audio files, but for that novel you’d be devastated to lose, it’s certainly worth considering.


+ A backup that won’t be affected by hardware outages or tech headaches

+ Impossible for hackers to access


– Impossible for certain file types

– Awkward to manage

– Less practical for longer documents

– Not great for the environment

However you choose to backup your data (and it’s smart to consider using more than one solution, at least for your life-or-death files), make sure that you do it. Often people don’t think about what were to happen if their valuable files were to be lost, until it’s too late. Don’t make that mistake, and use World Backup Day to make sure your files are all safe and accounted for.

by Alan Martin, ESET

10 tips for protecting your virtual Bitcoin wallet

One of the most famous recent incidents was the attack on the bitcoin exchange, Bitstamp. On this occasion, 19,000 BTC were stolen after the virtual wallets belonging to the exchange were compromised. The equivalent value of the resulting loss amounted to an astonishing USD 5 million. So, how can you protect yourself? You need to protect both your identity and your wallets from potential digital theft.

  1. Use a versatile Bitcoin client

For the purpose of privacy, and to hide your IP address, you can use a Bitcoin client that allows you to change to a new address with each transaction.

  1. Protect your identity

Be careful when sharing information about your transactions in public spaces like the web, so as to avoid revealing your identity together with your Bitcoin address.

  1. Use an “escrow service”

When you need to buy or sell something and you aren’t sure who is on the other side, you can use an “escrow service.” In these cases, the person who needs to make the payment sends their bitcoins to the escrow service while they wait to receive the item they are buying.

  1. Make a backup of your virtual wallet

With regard to physical storage, as with any critically important backup policy, it is recommended to make frequent updates, use different media and locations, and keep them encrypted.

  1. Encrypt your wallet

Encrypting your wallet is crucial, especially when it is stored online. As you might expect, the use of a strong password is equally essential. With this in mind, you can use tools like DESlock+ to encrypt files that contain any sensitive information. Even better is to encrypt the entire system or user space where these files are located.

  1. Don’t forget about two factor authentication

When using online storage services, it is recommended to use two factor authentication and whenever possible, online services that support the use of hardware wallets.

  1. Avoid using wallets on mobile devices

You should avoid using mobile devices, especially in the case of large sums of money, as they can be lost and/or compromised. In these cases, it is actually better to keep the wallet on equipment that is not connected to the Internet.

  1. Consider using multi-signature addresses

For corporate transactions, or any transactions that require a high level of security, it is possible to use multi-signature addresses, which involve the use of more than one key, the keys usually being stored on separate equipment in the possession of the authorized staff. This way, an attacker will need to compromise all the equipment on which the keys are stored in order to be able to steal the bitcoins, making their task more difficult.

  1. Update your systems regularly

Naturally, any application can have faults, so it is essential to constantly update your Bitcoin clients and your operating system, as well as other products that run on it. Virtual wallets can be affected by any kind of malware that might be hosted on the hardware, so it is recommended to have a properly updated security solution to run full scans on a regular basis.

  1. Get rid of a virtual wallet if you aren’t using it

Lastly, getting rid of a virtual wallet when it is no longer needed requires a careful process to check that it has really been completely destroyed. On Linux systems, you can use the shred command for this purpose, which overwrites the wallet file with random data before deleting it.

Now you know how to protect yourself…

Although it is impossible to guarantee total protection of our assets from digital theft, this shouldn’t stop us from enjoying the use of the technology. So long as we make sure to take the necessary precautions, there’s no reason not to take advantage of the benefits offered by cryptocurrencies as they make inroads into our economy.

by Denise Giusto Bilić, ESET We Live Security


Social Media Users Survey: One in ten had their smartphone lost or stolen

ESET has conducted a survey on social media of smartphone usage ahead of the Mobile World Congress with interesting conclusions: 9.7% of those surveyed users had their phone lost or stolen in the last 12 months, slightly more than 29% do not lock their smartphone, and almost 20% do not backup the content of their smartphone at all.

Last year ESET observed a record number of threats for Android platform – including the first ever file encrypting ransomware for mobile devices. The aim of this survey of around five hundred smartphone users on social media (conducted in February 2015) was to gather data on mobile security.


To protect against any loss of content it is recommended to regularly back up the data stored on a smartphone. Based on ESET’s survey 19.7% of users do not actually back up data at all and 35.7% only do so sometimes, 14.7% do so daily, 19.9% weekly and 10% monthly.


One of the best protection tools against physical breaches of phones is locking the device (security software with Anti-Theft can help locate it as well). However, 29.3 percent do not lock the phone or screen against unwanted access at all, while the majority of those that do – 55.3% – do so with a PIN number, 12.5% use fingerprint and 3% use face detector.


One of the best ways to protect access to business networks as well as personal emails is to use 2-factor authentication. Here we can report a welcome trend, 64.9% of those surveyed already used some form of second authentication for online services (e.g. via text message). This can be especially important for services like online banking which is accessed by 53% of surveyed users. In addition, the survey highlighted the importance of protecting the “cloud” of smartphone users, with 26.9% already using solely these cloud services and 23.1% saving the data both locally and in the cloud.

In January, ESET Ireland has surveyed a thousand Irish computer and mobile users, whether they have ever texted or uploaded a photo of themselves, which would cause them embarrassment if it was made public. 70% of those surveyed in the age group 16-24 have uploaded or texted their embarrassing pictures. The age group 25-34 was just a tiny bit better with 62%, then the numbers slowly decrease down to 14% of those over 55. You can read the full report here.

by Raphael Labaca Castro, ESET and
Urban Schrott, ESET Ireland

7 out of 10 Irish youths shared photos that would embarrass them if made public

February 10th is Safer Internet Day, promoting online safety, particularly to young people. ESET Ireland has just completed its latest Irish online security survey which showed worrying results among Irish youth.

Last year news headlines were full of stories of celebrities online accounts hacked and various private pictures including those of Jennifer Lawrence, Kate Upton, Rihanna, Arianna Grande being stolen. Two years ago ESET Ireland commissioned a survey asking Irish computer and mobile device users if they use any data leakage protection and 74% answered they had no clue what that is. Now the situation seems to have gotten even worse, as not only do people not seem to realise data can get lost or stolen, but they actively put themselves at risk.

In the latest survey by ESET Ireland, carried out in January 2015 by Amárach Research, 1002 Irish of all ages and from all regions were asked if they ever uploaded or shared (to social media, online storage, Snapchat, Instagram, etc.), messaged or texted any picture of themselves that would be embarrassing to them if it was made available to the public and the results were shocking!


No less than 70% of those surveyed in the age group 16-24 have uploaded or texted their embarrassing pictures. The age group 25-34 was just a tiny bit better with 62% being irresponsible, then the numbers slowly decrease down to 14% of those over 55. Region wise Dubliners are the worst offenders with 47% across all ages sending their photos about, while Connaught and Ulster were more conservative with 39%. Income wise, those with higher income lead in carelessness with 43% over 40% of those in the lower income group.

People do not yet seem to realise that once a photo is uploaded it is out there. Online services, cloud storage, emails, social media can and have already been hacked and private data uploaded to them can and has been accessed by unauthorised eyes. If you wouldn’t show an embarrassing photo of yourself insufficiently dressed or having too much fun at a party to your grandmother or your boss, then you’d be better off not uploading or texting it at all.

Do you really need antivirus software for Linux desktops?

This is a shortened version of the article that appeared on ESET’s We Live Security. For the full article, go here.

It started, innocently enough, as a question asked in the ESET Security Forum titled “Eset – Do I Really Need Antivirus On My Linux Distros?” However, the answer to that seemingly simple question on Linux antivirus is more complex than a simple yes-or-no response.

That there’s far less malware for Linux than Windows is not in doubt: A search in ESET’s VirusRadar® threat encyclopedia reveals just a scant few thousand pieces of malicious software for Linux. While that may sound like a large number, ESET processes 250,000 malicious samples every day on average, releasing several thousand signatures for Windows-based malware every few days. And, of course, one should keep in mind that the term “signature” is itself very broad these days: A single signature may be able to detect multiple families of malware; while one family of malware may require tens of signatures to detect all known samples.

Yes, the threatscape out there is dominated by malware that targets Microsoft Windows, but as the world’s most-widely used desktop operating system, Windows is also the most heavily-targeted.

There are many reasons that Linux doesn’t have the same sorts of problem with malware that Windows has, ranging across differences in operating system security models, market fragmentation due to the multitude of distros, and its dearth of acceptance by everyday users as a desktop operating system.

But “few threats” does not mean “no threats at all.” And while some of the more rabid fanatics will point out that Linux doesn’t have a computer virus problem, neither does Windows today: Only about 5-10% of malware reported to ESET’s LiveGrid® threat telemetry system on a daily basis is viral in nature.

Over 99% of the malware observed by ESET on a daily basis is written for the sole purpose of supporting some kind of economically-motivated criminal activity, whether it be a  (Distributed Denial of Service) attack, identify theft, spam, or plain-old robbery, albeit through somewhat newfangled methods of stealing account and transaction credentials for various financial institutions and services.

However, this is not an article about Windows-borne malware, or, at least, that wasn’t the intended topic.  When it comes to Linux and how it fits into criminals’ online activity, the threatscape is a bit different.  Linux has long been a staple of the webhosting world, and if you peer into the silver lining of cloud computing, it often looks more like Tux than, say, Clippy on the inside.  This becomes even more apparent when you look at modern supercomputers:  In 2014’s TOP500 list, just two of the systems listed ran some version of Windows.

I would like to point out then that when I am discussing Linux, I’m referring to the various Linux distributions (or distros, for short) out there, not just the Linux kernel itself.  For that matter, it would be best to extend this concept to cover not just to the distro, but the stack of software that is running on top of it, whether it be a classic LAMP stack for serving up web pages or inside networking gear moving bytes around.

A large part of the Internet runs on Linux, often far away from public view in vast data centers.  Even when Linux is right in front of us, it is often invisible because it is running unnoticed on such devices as modems, routers and set top boxes.  I would like to focus first, though on those data centers.

Linux is very big…

So, what exactly is it that makes Linux ideal for data center environments?  Data centers consist of thousand, tens of thousands or even hundreds of thousands of servers, and managing that many computers rapidly becomes very challenging.  Licensing costs for server operating systems vary, but Linux distros essentially start at free, although enterprises often end up paying for documentation, support and maintenance, or the costs of devoting staff to customizing it as needed.

Likewise, Linux’s support of various network protocols, scripting languages and command shells—that support being typically more diverse than Windows, at least out of the box—means that it is comparatively easy and inexpensive to script management of systems.  And this tends to scale well.

And then there’s performance.  As one of the first operating systems to originate in the Internet era, and coming from an educational rather than commercial background, Linux was designed from the ground up to connect with other systems using standard protocols such as TCP/IP. Indeed, it took Microsoft Windows server operating systems years before they could match Linux in various raw network throughput tests.

…and Linux is very small

Just as Linux scales up to very large computers, it can also be tailored to run on very small devices.  Google’s Android, which largely powers the smartphone and tablet industries, is based on Linux.  You might find devices running Linux throughout your home:  In your family room, such devices as DVRs, media players, set-top boxes and the Smart TVs in your entertainment center might be running Linux, while the broadband modem and network router that connect everything to the Internet run Linux as well.  If smart, digitally-connected kitchen appliances take off, you may also be cooking with Linux one day.

Regardless of what these small devices around your home or office do, though, they have one thing in common:  They don’t look very much like traditional computers.  They don’t have keyboards, or even monitors (unless, perhaps, they are built into your monitor), and you probably access them remotely through your web browser so as to configure and manage them.  If they communicate with you at all, it is perhaps with an LED light or two to let you know they’re working.

The Linux Threatscape

So, what exactly are the threats facing Linux today?

Well, as previously mentioned, Linux usage tends to concentrate in two areas: The very large (data centers) and the very small (embedded in appliances and the like).  In the former case, unless you work around servers all day, you may not be aware of how Linux is behind many of the most popular web sites and relied-upon services we use every day.  And in the latter case, you may simply not be aware that your home router, DVR, set-top box or other “smart” home appliances are running some form of Linux.  Even though both of these cases are not what we traditionally what we think of as “desktops,” it does not mean they are immune to the same kinds of threats, either.

Hosted Linux servers in data centers have long been a part of the malware ecosystem, although probably not in the way most people think of it.   There are many web site hosting companies out there that run outdated, insecure software and have poor system management practices.  They often end up hosting command-and-control servers used by Windows-based malware to phone home for updates and instructions, serve as drop zones used by malware to store stolen information en route to the criminals who have stolen it, and so forth.

Earlier this year, ESET’s researchers uncovered Operation Windigo, an attack mostly targeting Linux servers (some *BSD, Mac OS X Server and even a few Windows servers were also affected), that over the last two years affected over 25,000 servers.  At first glance, 25,000 systems may not seem like a large number, given that many botnets scale to ten or thirty times that size, but when you consider that a single server might host tens, hundreds or even thousands of web sites, the actual number of end users affected by the attack was very large, indeed.

A true anecdote from my own experiences:  A web forum on which I am active was affected by the Windigo campaign for many months.  When I notified the site administrator that I was seeing attempts to pop up advertisements for pornography being blocked by my security software, he told me to check my Windows-based PC for viruses.  It was only several months later that the hosting provider for the forum—a large web host known more for their wallet-friendly pricing than for support or security—admitted that the server on which the site was running had been compromised for the better part of a year.

At the other end of the computing spectrum, we have all of those appliances with computers embedded in them running some version of Linux.  These include devices you might not necessarily think of as computers, such as Smart TVs and DVRs, as well as devices to which you may connect your computer, but do not necessarily think of as having a discrete operating system in them, such as routers, printers, NAS and so forth.  We have seen numerous Smart TVs from companies such as Samsung, Philips and LG that can be taken over remotely, might spy on their users’ viewing habits, or even on the users themselves via built-in webcams.  And there are also worms like RBrute, which modified routers’ DNS settings in order to inject ads, steal credentials and redirect search results.

Threats on the Desktop

Just as the threats targeting Linux servers are very different from those faced by embedded systems, the kinds of attacks on Linux desktops tend to vary as well.

The first thing to understand about attacks on Linux desktops is that these systems are rarely infected by malware such as worms, trojans, viruses and so forth.  While this is partially due to Linux’s security model, the greater reason for this is simply the lack of market penetration by Linux in the desktop space.

These days, malware is used almost exclusively for financial gain by criminals.  In fact, this is so often the case these days that when malware is written for some other purpose, it becomes newsworthy simply for that reason alone.  Case in point:  Win32/Zimuse.  When we do see malware specifically for Linux, it often seems to be written either as a proof of concept or for other research purposes, and is rarely found in the wild on customers’ computers.

This, however, does not mean that Linux is immune to malicious software, especially when it comes to cross-platform threats.  HTML, Java, JavaScript, PDF (Portable Document Format), Perl, php, Ruby and even SWF (Adobe Flash) are all frameworks or languages that are supported under Linux, and these can be just as easily targeted under Linux as under Windows or Mac OS X, although the underlying operating system may still be more difficult to exploit.  Still, having anti-malware software installed means you can receive warning of potential threats.

Likewise, it is not unusual for Linux users to receive file attachments via email, or to be on networks with file shares, both of which can serve as vectors of malware, even if they only target Microsoft Windows.  And, of course, if a Linux-specific worm such as Linux/Ramen was spreading across the network, one would want to protect one’s desktop from it.  But even if the only malware on the network is targeting Windows, having anti-malware software installed can serve as a kind of “early warning” system to notify Linux desktop users that they are connected to an infected network.

As another anecdote, a friend of mine, whom I will call Richard, does exactly this.  A technical writer by vocation, he switched to a Linux-only environment after some bad experiences with Windows Vista.  Richard does maintain an isolated Windows XP system for occasions when he must do something in Windows that cannot be done under Linux, but, regardless of the operating system, all of his computers run anti-malware software.  When people at his office accidentally send an infected file to his Linux desktop, he lets them know in the kind of clear, concise and unambiguous terms used by professional wordslingers.

Closing Thoughts

While Linux desktop systems are not magically immune to malware, they are not saturated with it either, especially in comparison to their Windows brethren.  But, as both Operation Windigo and the escalating increase in Android malware have shown us, wherever a particular platform finds success, criminal elements are not far behind.  While Linux on the desktop remains comparatively malware free today, that may not be the case in the future.  Whether it’s a requirement for compliance reasons, or simply a desire to have an ounce of prevention, anti-malware on the Linux desktop can act as a form of insurance against future attacks.

by Aryeh Goretsky, MVP, ZCSE
Distinguished Researcher

How was Microsoft Windows exploited in 2014?

Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.

The report includes the following information.

  • Vulnerabilities discovered and patched in Microsoft Windows and Office.
  • Statistics about patched vulnerabilities and how they compare with 2013’s statistics.
  • Detailed descriptions of actual exploitation vectors.
  • Vulnerabilities that were exploited in the wild, including a specific table showing ASLR bypass vulnerabilities.
  • Exploitation methods and mitigation techniques for Microsoft’s Internet Explorer web browser (IE).

Last year we saw many exploits that were used for drive-by download attacks. Such attacks are used for silently installing malware. Our report contains detailed information about the nature of drive-by download attacks and how Internet Explorer was improved by Microsoft so that such attacks were mitigated by default.

In the first figure below you can see that Microsoft fixed most of the vulnerabilities in Internet Explorer. Almost all of them belong to the Remote Code Execution type, that is, they can be used to implement drive-by download attacks. This figure includes information about vulnerabilities in Internet Explorer, the Windows GUI subsystem driver, kernel mode drivers, .NET Framework, Windows user mode components and Office.

windows exploitation 1

We can see that a great number of vulnerabilities in the web-browser Internet Explorer have been closed in 2014. Almost all of these vulnerabilities were of the “Remote Code Execution” (RCE) type. This meant that an attacker could execute code remotely in a vulnerable environment, with the help of a specially-crafted web page. Such a web pages could contain special code, called an exploit, to trigger a specific vulnerability. Usually attackers use such exploits for silently installing malware when they detect a vulnerable Windows version. This attack is an example of a drive-by download and this is why we highlighted such exploitations as a major trend in attacks on Internet Explorer, as shown in the Figure below:

windows exploitation 2
Our report includes a specific section describing mitigation techniques that were introduced by Microsoft in the last year. This section covers Windows, Internet Explorer and the EMET tool. Such security features address several types of attack surface. For example, a feature introduced for IE called Out-of-date ActiveX control blocking is useful for blocking all exploits based on vulnerabilities in old versions of Oracle’s Java plugin.

We also look at Local Privilege Escalation (LPE) attacks that are used by attackers for bypassing the browser’s sandbox or to run unauthorized code introduced by malware in kernel mode. In the last year Microsoft addressed a much smaller number of vulnerabilities for win32k.sys than it did in 2013. Unfortunately, today this driver is a major source of such vulnerabilities and often used by attackers.

Cybercrime Trends & Predictions for 2015

Every December the ESET researchers put together their predictions for cybercrime attacks for the coming year. Last year, the emphasis was on internet privacy, a new assault on Androids, and a new wave of hi-tech malware; most of these issues have indeed appeared in blog posts during 2014. Today we offer a summary of the most important trends for 2015.

Targeted attacks

If there is one lesson we have learned in recent years, it is that targeted attacks are a rising trend, and next year won’t be an exception. Most commonly known as Advanced Persistent Threats (APTs), their main differences from traditional cyber-attacks are target selection, plus silence and duration of attack. First of all, in most of these attacks there is a selected target, as opposed to traditional attacks that use any available corporate targets for their purposes. Secondly, these kinds of attacks try to stay unnoticed for longer periods of time. In this context, it is important to note that the attack vector is often targeted social engineering techniques or 0-day exploits.

According to APTnotes repository (a site that collects APT attacks from various publicly-available documents and notes, sorted by year) these kinds of attacks have grown over the past several years from 3 identified attacks in 2010 to 53 known attacks in 2014 and probably many others as yet undiscovered. During 2014 we have published some examples of these attacks, like the new BlackEnergy campaign or the Windigo Operation.

According a report from the United States Identity Theft Resource Center there have been 720 major data breaches during 2014, with 304 of them affecting the health industry (42.2%):

These stats are based on well-known public attacks, so it is reasonable to think that the statistics showing a growing trend is real; the true number, however, is probably bigger, taking into account attacks that never reach the public record because of confidentiality reasons.

Payment systems in the spotlight

In parallel with the growing use of online payment systems, the cybercrime interest in attacking them grows too. At this point, it is already obvious that cybercriminals will continue putting efforts into payment systems as more money circulates on the web. In 2014 alone, we have seen attacks like the one that affected some Dogevault users in May, when some users reported withdrawals just before the site was taken down. Apparently, the funds were in another wallet that contains more than a hundred million Dogecoins, an online currency.

On the other hand, traditional point of sale systems are still widely used and malware authors are well aware of that. In mid-2014 we published a blog post about the worm Win32/BrutPOS that tries to brute-force its way into PoS machines by trying a variety of (overused) passwords in order to log in via Remote Desktop Protocol (RDP).

There are other malware families for POS like JacksPos or Dexter, which could be responsible for big attacks such as Target (data on 40 million cards exposed), or The Home Depot, where 56 million cards were exposed during more than five months of attack (it started in April but was not discovered until almost September, when the company announced the leak).

It is interesting to note that since the BlackPOS source code was leaked in 2012, it will probably facilitate the creation of new variants of this threat that will increase over the next few years.

Bitcoins, ransomware and malware

In line with the previous trend, malware developers will continue putting efforts into online currency and payments systems during 2015.

For example, in the largest known operation of its type to date, a hacker reportedly harvested over $600,000 in digital currency earlier this year using a network of compromised machines. Through infected NAS devices the attacker created a folder named “PWNED” where a program called CPUMiner is stored that can be used to mine Bitcoins and also Dogecoins. Interesting note: this kind of attack creates new money instead of stealing it from compromised users, a brand new way of stealing.

Similarly, the SecureMac site also reported in February a Bitcoin miner that affects Mac OS users. The attacks spreads as a Bitcoin App, a legitimate app recompiled to contain a Trojan.

Finally, ransomware will be a key strategy for malware developers and it will be a more relevant threat in coming years. During 2014, we have seen big companies hit by ransomware (like Yahoo, Match and AOL). In July, ESET researchers published their Android/Simplocker analysis, revealing the first Android file-encrypting TOR-enabled ransomware. In December, in a panel discussion at Georgetown Law called “Cybercrime 2020: The Future of Online Crime and Investigations” it was said that “ransomware is the future of consumer cybercrime”.

Internet of Things -> Attacks on Things

Whole new categories of digital device are getting connected to the Internet, from domestic appliances to home security and climate control, and this trend has been dubbed the Internet of Things or IoT. The trend will accelerate in 2015 but sadly we see no reason why these things won’t become a target for cybercrime. During this year we have seen some evidence of this emerging trend, like attacks on cars shown at Defcon conference using ECU devices or the Tesla car that was hacked to open doors while in motion, as discovered by Nitesh Dhanjani. Attacks and proofs of concept were shown attacking several SMART TVs, Boxee TV devices, biometric systems on smartphones, routers and also Google glasses!

It has to be said that some reporting on IoT hacking has exaggerated the scale of the problem. We mentioned this trend last because, while it probably won’t be a massive problem next year, it is an emerging space for cyber crime. We expect it will take a few more years until it is widely targeted. Nevertheless, this will be a trend, not for its quantity but for its uniqueness and innovation.


These are only the most important topics we have identified as big trends for 2015 in the world of malware and cyber-attacks. There are other current trends like mobile attacks that will continue to rise and much more information to be shared from us.


Get every new post delivered to your Inbox.

Join 104 other followers