Targeted attacks and sophisticated spam
The more we do and share online, the more vulnerable we may be to “targeted” attacks to steal our passwords and data. “It is possible that our willingness to share and shop online will let criminals become more selective about who they target,” suggests Stephen Bonner of KPMG.
“They won’t need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”
Meanwhile, you may see more spam emails in your inbox in 2015, as the technology used to send them becomes more sophisticated.
“Cybercriminals upping their game are perfecting their campaign abilities previously associated only with advanced, targeted attacks. These advanced tactics designed to evade most modern email security solutions are quickly becoming the new norm as more sophisticated email threats increase,” suggests WebSense.
“As a result, although spam volumes are decreasing, most users will begin to witness an increase in the amount of spam they receive in their inbox, because most email security measures will be incapable of detecting them in the Cloud scrubbing prior to passing to a user’s inbox.”
Banking and healthcare companies at risk
companies is the prospect of attacks on bigger companies in the private and public sector, with cybercriminals having specific goals in mind.
“Cybercriminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions, and customer data holders remaining to be attractive targets,” suggests Trend Micro.
“Weak security practices like not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.”
Healthcare is also expected to be a target. “Companies operating in the sector are a privileged target because of the wealth of personal data they manage, and that represents a precious commodity in the criminal underground,” notes InfoSec Institute.
“Healthcare data are valuable because medical records can be used to commit several types of fraudulent activities or identity theft. Their value in the hacking underground is greater than stolen credit card data.”
WebSense’s Carl Leonard agrees. “The healthcare industry is a prime target for cybercriminals. With millions of patient records now in digital form, healthcare’s biggest security challenge in 2015 will be keeping personally identifiable information from falling through security cracks and into the hands of hackers.”
Ransomware on the rise
One of the most common forms of malware in 2014 was “ransomware” – cybercriminals trying to extort money from victims either by locking their devices and demanding a fee to release them, or by accusing them of various unpleasant crimes.
“Users should remain sceptical of any message accusing them of various crimes such as zoophilic behaviour and distributing child pornography,” claims BitDefender. “These threats may be part of ransomware campaigns and could also hit social networks.”
Symantec notes the growth of one particular strain of ransomware, Cryptolocker, which it claims accounted for 55% of all ransomware in October this year, encrypting people’s files then demanding money to unencrypt them.
“Holding encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the crooks. However recently ransomware makers have started leveraging online and electronic payment systems such as Bitcoins, Webmoney, Ukash, greendot (MoneyPak) to get around this challenge,” it explains.
“Crooks like the relative anonymity and convenience of electronic payments and these are already readily available, putting businesses and consumers at greater risk from losing data, files or memories.”
Mobile payments could be hot... for criminals
One of the big announcements for Apple in 2014 was the launch of its mobile payments service, Apple Pay. However, several security companies expect cybercriminals to make a concerted effort to crack it and rival services in 2015.
“Apple Pay is not alone in the market – other payment systems have or will be introduced by other companies and trade associations. Not all of these payment systems have been thoroughly tested to withstand real-world threats, and we may see attacks targeting mobile commerce in 2015,” claims Trend Micro.
“Apple Pay certainly addresses some of the weaknesses that have facilitated recent attacks on Point-of-Sale (PoS) systems. However, this should not be cause for complacency, since attackers will usually look for other weaknesses once an avenue of attack has been closed off,” adds Symantec.
For now, those weaknesses may come in other forms of payment, according to Sophos. “Cybercriminals will be looking for flaws in these systems, but the present designs have several positive security features. Expect cybercriminals to continue abusing traditional credit and debit cards for a significant period of time as they are the easier target for now,” it suggests.
How popular Apple Pay and rivals are will also be a factor. “Criminal hackers tend to attack popular platforms where the yield is likely high. If no one adopts Apple Pay, then no one will target it. However, if Apple Pay is as popular as Apple’s other traditional and mobile offerings, then we may be writing about Apple Pay hacks sooner rather than later,” claims Kaspersky.
No comments:
Post a Comment