2014 was the biggest year for malware yet

decrypt 2014 biggest year malware yet ekrmgca
Time to pack up your booze and party hats. I’ve got one more roundup which is sure to make you think twice before downloading that latest New Years music mix online.

Whether it was a cash register down at Home Depot, SCADA systems installed at nuclear power plant facilities, or even just the webcam perched at the crest of your laptop, if there’s any lesson we learned in 2014, it’s that nothing is safe from the ever-present threat of malware and the hackers that create it.

In this final infection inflection I’ll cover the biggest stories that popped up and even give you a glimpse of what you can expect on the wires in 2015.

NSA Leaks

While they technically began in June of 2013, the biggest bombshells from Edward Snowden’s leaked NSA documents arrive in the first half of 2014.

Programs like AURORAGOLD, MUSCULAR, and WARPATH showed us that no amount of encryption or subversive tactics can protect us from the omnipresent eyes of the United States and UK governments.

The worry now is the news that all but the most advanced (and cumbersome) of encryption is not only crackable, but easily subverted through basic social engineering tactics which will open a new battleground that the security conscious must fight on to keep themselves and their data safe.

The agency has since admitted it “may” have overstepped some of its bounds during the course of the past ten years, but it has also shown that it’s willing to fight tooth and nail in order to sustain those powers that were originally afforded to it through the Patriot Act in 2001.

Whether or not we’ll see a true end to these programs, or even slight regulation, remains to be seen, but you can help in the fight by donating to privacy advocate groups like the Electronic Frontier Foundation and ACLU today.

Heartbleed

Unless you were living under a very heavy rock for the past year you’ve heard of the SSL/TLS vulnerability called Heartbleed. The protocol pipe aversion technique scrapes the memory and RAM of a targeted machine and from there is able to translate the normally encrypted data to pull protected user credentials right off a PC, server or other device without a single roadblock.

heartbleed-lock

The bug affected everything from the average desktop all the way up to vital pieces of SCADA hardware installed in major infrastructure projects around the globe. Millions of machines proved vulnerable to the attack, and many vital pieces of Internet communication encryption technology we depend on to keep our messages and traffic patterns under wraps were compromised as the result of just a few missing lines of code.

If a hacker was looking for the “one flaw to rule them all” over the past few years, they didn’t need to search much further than Heartbleed.

Shellshock

Also known in security circles as the Bash Bug (short for ‘Bourne again shell’), Shellshock was one of the most threatening exploits to appear over the course of 2014. The hole, which existed due to a skewed command line in the Linux source code, could give anyone with knowledge of its existence total root control over devices and computers of their choosing.

This included anything running OS X as well as Android phones and tablets. These devices were vulnerable because they run a modified version of the Unix kernel that’s equally vulnerable to the un-patched portion as anything else.

Luckily the Internet security elite were quick to release a series of fixes which plugged the problem up, but there’s no saying just how much money and data was lost while the bug ran rampant without anyone’s knowledge.

The Rise of Mobile Malware

Mobile malware escalated in 2014. Android continued to surge forward as one of the most exploited platforms of all time and even iOS, once thought to be impenetrable, was finally hit by several exploits.

In 2014 Apple found itself wrestling with the cable-caper WireLurker, the malicious Masque malware, and even an appropriately titled threat called “AppBuyer” that charged in-game items to user accounts without their knowledge or permission.

viruspic

These slices of software showed us that while Apple is certainly to be admired for its efforts in the mobile space and is much further ahead of the curve than the rest of the competition, no one is 100% immune to the threat of backdoor trojans and illicit surveillance techniques.

As long as our phones and tablets carry some of our most valuable financial data and identifying information, they will continue to be one of the most highly prized targets for any devious developers operating in the shadows.

POS Scams

As lawyers from Target and Citibank continue to battle it out in the highest courts in the land over the issue of “who’s responsible for losing your $400m,” point-of-sale scams continue to surge in popularity among underground hacking networks.

The technique utilizes weaknesses in Internet-connected cashiers to suck credit card data through compromised networks en masse, resulting in millions of financial accounts being sold on illicit hacking forums for as little as $0.25 a pop depending on how much money is available in each.

Both Home Depot and Target hogged the headlines this year, but dozens of other popular retailers were affected by POS malware like the Backoff variant, Dare Devil, and BlackPOS. Neiman Marcus, UPS, Michael’s, and even the US Postal Service was forced to clean up the mess left behind by skilled card scrapers, and to this day many have not fully recovered from the damage.

Sony Hack

Planning to make a movie about a totalitarian nation? Have 100 terabytes of very crucial employee data lying around? Then you’d better make sure your Internet security team is the best in the world before your movie is ready to hit theaters!

sony hack

While speculation as to whether or not North Korea actually had anything to do with the recent attack on Sony Studios is still running rampant, the attack on Sony has gone down as the largest corporate hack ever pulled off by an independent hacking organization. Social security numbers, email accounts, and home addresses of staffers at the production house (along with some of the top celebrities in the world) were stolen by a group calling themselves the “Guardians of Peace”, who threatened to distribute the spoils of their newly acquired treasure chest if Sony released their upcoming Seth Rogen buddy comedy about two journalists who go to the country and assassinate its reigning dictator, Kim Jong Un.

After first relenting to the demands of GoP, Sony eventually put the movie out anyway, standing up for the right to free speech and showing terrorists around the globe that they’re going to have to try a little harder if they want to try and send the rest of us into submission through spooky skeleton scare tactics.

Lizard Squad

DDoSing is certainly nothing new to 2014, but it has proven itself as one of the most effective ways for rogue programmers to bring down the big boys with the push of a button.

lizardsquad
Matt Cornish/Shutterstock

If you were one of the millions of gamers who tried to celebrate your holidays with a relaxing match of Halo last week you know just how annoying these types of attacks can be. What’s telling is that even with the ancient angles of approach that DDoS’ use to be fully effective, major corporations like Microsoft and Sony still don’t have the tools necessary to deflect the massive influx of traffic that’s inherent to each assault. The companies were both hit twice this year by the same exact hackers, even with the latter attempt prefaced by a warning that it was coming a full month ahead of time.

If we expect these entities to keep us safe from the rest of the world, they’re going to need to step up their game and start taking these types of threats more seriously.

Conclusion

So, there you have it. Whether it was our own government spying on the smartphones in our pockets, a couple of kids from around Europe with too much time on their hands and a little more to prove, or the cash machine down at the local art supply store, it seems like malware became more prevalent and powerful than ever before in 2014.

Hopefully 2015 will be the year that we learn the lessons that the world tried to teach us over the past twelve months, and the security community can come together to protect consumers from themselves and the groups out there who would seek to do them harm.

Image credit: Oskar Orsag/ShutterstockDrical/Shutterstock, Paval Ignatov/Shutterstock, Matt Cornish/Shutterstock

Computing

Nvidia faces attacks from AMD, Intel, and even Google. Should it be worried?

Nvidia announced an expanded array of RTX server solutions designed to leverage the power of ray-tracing at GTC 2019. The effort will help Nvidia take on Google's Stadia in game streaming with GeForce Now, and the company's investments in…
Cars

Tesla Model 3 vulnerability exposed at Pwn2Own; hackers take home the car

A Tesla Model 3 vulnerability was exposed at the Pwn2Own hacking competition. The hackers, who were able to display a message on the electric vehicle's internet browser, won $35,000 and took home the car.
Mobile

24 must-have apps for rooted Android phones and tablets

Rooting your Android device opens up a world of possibilities, along with a few apps. Here are 24 of our favorites, so you can make the most of your rooted device and unleash the true power of Android.
Product Review

The Division 2 brings the most fun we've ever had to Washington, D.C.

After 55 hours with The Division 2, it’s clear that Ubisoft has improved on the original in almost every way. The world is richly detailed, the story missions are wonderful, gunplay and enemy design are great, and the endgame content is…
Mobile

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.
Computing

Microsoft’s Clippy came back from the dead, but didn’t last very long

Before Cortana, Alexa, and Siri even existed, Microsoft Clippy dominated the screens of computers in the 1990s to help assist Microsoft Office users when writing letters. He recently made a bit of a comeback only to die off again.
Computing

How 5G networks will make low-latency game streaming a reality

Faster speeds and more bandwidth are some of the many promises that 5G can deliver, but for gamers, the most important thing is low latency. To achieve low latency, carriers like AT&T and Verizon are exploring hybrid models for game…
Deals

Time to do taxes? Save up to 50 percent on H&R Block tax software this weekend

Tax season is stressful, and with new tax laws in effect this year, it's not a bad idea to get some help. H&R Block has you covered: For two days only, you can save 50 percent on its great software so you can file your taxes online and save…
Computing

Stop dragging windows on your Mac. Here's how to use Split View to multitask

The latest iterations of MacOS offer a native Split View feature that can automatically divide screen space between two applications. Here's how to use Split View on a Mac, adjust it as needed, and how it can help out.
Computing

Breeze through security with these checkpoint-friendly laptop bags

Getting through airport security is a drag, but your laptop bag shouldn’t be. Thankfully, these checkpoint-friendly laptop bags will get you and your gear to your destination with ease.
Computing

The new iMacs push on iMac Pro territory, but how much power do you really need?

With Apple refreshing the higher-end iMacs with newer processors and graphics cards, it moves closer to the iMac Pro. In this guide, we consider the performance, features, and help make sense of the differences between the two.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Robotic companions and computer-aided karaoke

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it's fun to gawk!
Computing

Protect your expensive new laptop with the best Macbook cases

If you recently picked up a new MacBook, you’ll want something to protect its gorgeous exterior. Here, we've gathered the best MacBook cases and covers, whether you're looking for style or protection.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.