The CyberScams You Need to Worry About in 2014

Cyber criminals are expected to have a banner year in 2014 by continuing to exploit vulnerabilities in computer devices—and the people who use them.

Securing these devices will continue to be a challenge for industry as well as consumers. Business leaders must focus on assessments to evaluate and identify possible exposures from weak processes or policies that gives ever-sophisticated criminals an advantage. At the same time, consumers must educate themselves and to prevent behaviors that work in favor of scammers. This means staying on top of your online financial accounts and monitoring your credit on a regular basis for signs of identity theft. (You can do this for free using the Credit Report Card, which updates two of your credit scores for free every month.)

Here are four of the top cyberscams expected this year.

1. POS System Attacks

The recent data breaches that stole payment card and personal information of 110 million Target shoppers, some 1 million-plus Neiman Marcus customers, and other retailers was just the beginning. In a recent report, the FBI said it identified about 20 hacks in the past year that used “memory-parsing” malicious software to attack point-of-sale systems such as cash registers and card-swiping machines.

“We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it,” said an FBI report shared with select retailers.

In most cases, the software used for these POS attacks was installed remotely, allowing hackers to extract information from payment card magnetic stripes such as account numbers, PINs, and users’ personal information while it is in the computer’s live memory, where it very briefly appears in plain text. Some versions sold on the black market even included an option that allowed for “remote upgrades” to make it even harder for corporate security teams to identify and stop attacks.

2. Conquer Rather Than Collect

One trend that began in 2013 is expected to continue this year – attacks aimed at destroying data rather than just collecting it for identity theft profit. With predictions of more sabotage vs. espionage attacks, the take-home message for business as well as consumers: Use remote and offline storage systems and devices for secure backup of sensitive files and records that are vulnerable in corporate security breaches.

3. Ransomware

Ransomware is expected to extend its reach from personal computers to include smartphones and other mobiles devices. The target is bigger too: businesses, not just consumers.

In the past, ransomware campaigns typically demanded payment, allegedly from the FBI or other law enforcement, to unfreeze PCs for supposedly watching porn or to remove bogus online viruses. But now, the success of past ransomware campaigns spark new concerns that future attacks will capture data in corporate-wide computer systems and hold it for ransom.

Now is the time for organizations to plan mitigations for ransomware. Besides running up-to-date anti-malware software from a vendor you trust, backups are extremely important. For many of the systems that get infected by this type of threat, the only guaranteed way to recover data that has been encrypted by attackers is to restore it from backup after the system has been disinfected or rebuilt. Leveraging the cloud to do this is a low-cost option.

4. Targeting Software Developers

Remember October’s data breach of Adobe’s computer system, which leaked names, encrypted credit and debit card numbers and other sensitive information of millions of customers? Some predict more of the same, with hackers increasing their efforts on software developers and users.