Web-based exploit kits, Bitcoin-mining botnets to evolve in 2014: study

2014 is expected to bring an evolution of web-based exploit kits and Bitcoin-mining botnets, pointing to the need for comprehensive lifecycle protection that detects threats and mitigates risks with context-aware intelligence, according to the Dell SonicWALL Threat Research Team’s annual threat report.

Sophisticated malware that infects both mobile and desktop systems is expected to increase, noted the report. Android will still be the leading platform for mobile device and will continue to be the focus for many cybercriminal attacks.

Windows XP – one of the top 15 affected products in 2013 – will continue to realize a surge of attacks as its support life cycle is ending in 2014. Organizations that do not migrate to a newer version of Windows and continue to use Windows XP are especially vulnerable without Microsoft support and patching. Researchers also expect to see exploits targeting Windows 7/8 to increase in 2014.

As bitcoin gains in popularity and value, cybercriminals have once again set their target on obtaining the digital currency through malicious activities. In late 2013, SonicWALL researchers observed an increase in bitcoin-mining botnets, which were designed to hijack computing power to mine for bitcoins with zero hardware or energy expenses to the criminal operation. Dell expects this trend to continue well into 2014 as long as the value of bitcoin remains high.

The report also revealed significant findings from calendar year 2013, focusing on trends in zero-day vulnerabilities and new cybercriminal tactics.

At 78 billion hits globally, remotely accessed malware opens the door to risk that can cause significant damage before organizations are able to quarantine and remediate.

Browser-based attacks lead the list with Java being the number one targeted application, followed closely by Internet Explorer, and Adobe Flash Player. Other notable zero-days targeted Adobe Reader and the Windows operating system.

Dell SonicWALL threat researchers witnessed a rise in bots relying on SSL-encrypted communication to Command and Control servers. This is designed to evade detection by disguising communication in an encrypted session.  

2013 also saw the end of the BlackHole exploit kit with the author’s arrest in October. As a result, the SonicWALL Threat Research Team expects 2014 to bring an increase of new exploit kits discovered in the wild. 

For the first time, in 2013, SonicWALL threat researchers saw cybercriminals begin to deploy more robust ransomware that leverages asymmetric-key encryption to encrypt critical data on infected machines. They observed a new Cryptolocker Trojan that, unlike traditional Ransomware, leaves system access intact but encrypts various documents and executables found on the system.