Online security companies have been making their predictions for 2015, from the malware that will be trying to weasel its way onto our computers and smartphones to the prospect of cyberwar involving state-sponsored hackers.
Here’s a summary of what you should be watching out for online in 2015, based on the predictions of companies including BitDefender, KPMG, AdaptiveMobile, Trend Micro, BAE Systems, WebSense, InfoSec Institute, Symantec, Kaspersky, Proofpoint and Sophos.
The more we do and share online, the more vulnerable we may be to “targeted” attacks to steal our passwords and data. “It is possible that our willingness to share and shop online will let criminals become more selective about who they target,” suggests Stephen Bonner of KPMG. “They won’t need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”
Meanwhile, you may see more spam emails in your inbox in 2015, as the technology used to send them becomes more sophisticated. A parallel trend cited by several of the companies is the prospect of attacks on bigger companies in the private and public sector, with cybercriminals having specific goals in mind.
“Cybercriminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” suggests Trend Micro.
Healthcare is also expected to be a target. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground,” notes InfoSec Institute. “Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data.”
One of the most common forms of malware in 2014 was “ransomware”, where cybercriminals trying to extort money from victims either by locking their devices and demanding a fee to release them, or by accusing them of various unpleasant crimes.
“Users should remain sceptical of any message accusing them of various crimes such as zoophilic behaviour and distributing child pornography,” claims BitDefender. “These threats may be part of ransomware campaigns and could also hit social networks.”
One of the big announcements for Apple in 2014 was the launch of its mobile payments service, Apple Pay. However, several security companies expect cybercriminals to make a concerted effort to crack it and rival services in 2015.
Some of the most high profile vulnerabilities in 2014, such as Shellshock and Heartbleed, provoked discussion about the security of open source code. Several security companies expect this debate to continue in 2015.
“From Heartbleed to Shellshock, it became evident that there are significant pieces of insecure code used in a large number of our computer systems today,” adds Sophos. “The events of 2014 have boosted the cybercriminals’ interest in typically less-considered software and systems – so businesses should be preparing a response strategy.”
Technology like Tor is used for a variety of reasons, including activists anonymising their online activities when under pressure from authoritarian governments. However, this kind of technology will also be used by more cybercriminals in 2015.
BAE’s cyber security boss Scott McVicar also thinks criminals will “go to greater lengths” to hide their identity, which will have an impact on efforts to identify them and nullify their efforts. “Researchers will need to adopt practices from the professional intelligence community and tread more carefully when drawing conclusions about who is ultimately behind cyber attacks,” he says.
The huge number of people using social networks like Facebook is proving an appetising target for malware developers: BitDefender has already published its roundup of popular Facebook scams in 2014, for example.
“Malicious links hidden in atrocious Facebook videos will be on the rise in 2015,” warns the company. “Malicious ‘beheading and murder’ videos are expected to multiply in the following year. Behaviour analysts and psychologists say teenagers are the most susceptible to clicking on shocking videos, as their empathy for victims of violence is lower.”
As more of our devices talk to one another, via the “Internet of Things”, there may be a range of new cybersecurity headaches to think about. WebSense thinks that in 2015, attacks on the Internet of Things will focus more on businesses than individuals with gadgets.
As 2014 ended with the now-infamous hack of Sony Pictures, with intense debate about whether North Korea was involved, security firms see 2015 bringing a greater prospect of cyberattacks on behalf of nation states, even if they don’t run them themselves.
“Cyber warfare is very attractive to small nations. The development of a government-built malware is cheaper than any other conventional weapon and far more accessible to any nation-state. Cyber warfare represents for every government an efficient alternative to conventional weapons,” notes InfoSec Institute.
“North Korea, Syria, and Iran are among the countries that have developed great capabilities that pose a serious threat to major Western states. The risk of a serious attack on the critical infrastructure of a Western government is high, and its attribution will be even more difficult.”
The boundaries between cybercriminal gangs and governments may also blur. “Criminal groups will increasingly adopt nation-state tactics,” predicts Kaspersky. guardian tech
Author: Alfred Rolington, CEO and co-founder of Cyber Security Intelligence Ltd. and BIIA contributing editor
Source: Cyber Security Intelligence