Every year, the ESET researchers put together their predictions for cybercrime attacks for the new year. In last year’s predictions, the emphasis was on internet privacy, a new assault on Androids, and a new wave of hi-tech malware; most of these issues then indeed appeared in blog posts during 2014.
Free eBook: Modern Retail Security Risk – Get your copy now.
Here is a summary of the most important trends we can expect in 2015.
If there is one lesson we have learned in recent years, it is that targeted attacks are a rising trend, and this year won’t be an exception. First of all, in most of these attacks there is a selected target, as opposed to traditional attacks that use any available corporate targets for their purposes. Secondly, these kinds of attacks try to stay unnoticed for longer periods of time. These kinds of attacks have grown over the past several years from 3 identified attacks in 2010 to 53 known attacks in 2014 and probably many others as yet undiscovered. During 2014, we published some examples of these attacks, like the new BlackEnergy campaign or the Windigo Operation. According a report from the United States Identity Theft Resource Center, there were 720 major data breaches during 2014, with 304 of them affecting the health industry (42.2%).
Payment systems in the spotlight
In parallel with the growing use of online payment systems, the cybercrime interest in attacking them grows too. On the other hand, traditional point of sale systems are still widely used, and malware authors are well aware of that. In mid-2014, we published a blog post about the worm Win32/BrutPOS that tries to brute-force its way into PoS machines by trying a variety of (overused) passwords in order to log in via Remote Desktop Protocol (RDP). There are other malware families for POS like JacksPos or Dexter, which could be responsible for big attacks such as Target (data on 40 million cards exposed) or Home Depot, where 56 million cards were exposed during more than five months of attack. (It started in April but was not discovered until almost September when the company announced the leak.)
Bitcoins, ransomware and malware
In line with the previous trend, malware developers will continue putting efforts into online currency and payments systems during 2015. For example, in the largest known operation of its type to date, a hacker reportedly harvested over $600,000 in digital currency in 2014 using a network of compromised machines. Through infected NAS devices, the attacker created a folder named “PWNED” where a program called CPUMiner was stored that was used to mine Bitcoins and also Dogecoins. (Interesting note: this kind of attack creates new money instead of stealing it from compromised users, a brand new way of stealing.) Similarly, the SecureMac site also reported in February of 2014 a Bitcoin miner that affects Mac OS users. The attacks spread as a Bitcoin App recompiled to contain a Trojan. Finally, ransomware will be a key strategy for malware developers, and it will be a more relevant threat in coming years. During 2014, we saw big companies hit by ransomware (like Yahoo, Match and AOL). In July of last year, ESET researchers published their Android/Simplocker analysis, revealing the first Android file-encrypting TOR-enabled ransomware.
Internet of Things -> Attacks on Things
Whole new categories of digital device are getting connected to the Internet, from domestic appliances to home security and climate control – a trend has been dubbed the Internet of Things or IoT. The trend will accelerate in 2015, but sadly we see no reason why these things won’t become a target for cybercrime. During 2014, we saw some evidence of this emerging trend, like attacks on cars shown at Defcon conference using ECU devices or the Tesla car that was hacked to open doors while in motion, as discovered by Nitesh Dhanjani. Attacks and proofs of concept were shown attacking several SMART TVs, Boxee TV devices, biometric systems on smartphones, routers, and also Google glasses! It has to be said that some reporting on IoT hacking has exaggerated the scale of the problem. We mentioned this trend last because, while it probably won’t be a massive problem in 2015, it is an emerging space for cyber crime. We expect it will take a few more years until it is widely targeted. Nevertheless, this will be a trend, not for its quantity but for its uniqueness and innovation.
These are only the most important topics we have identified as big trends for 2015 in the world of malware and cyber-attacks. There are also other current trends like mobile attacks that will continue to rise.
See more at ESET Ireland’s blog.
About ESET Ireland
ESET Ireland will keep your hardware and software performing as it should. The company has hundreds of people around the world working hard every day so customers’ computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.