Cyber-attacks, such as those against Sony Pictures last month, but also Home Depot and Target, as well as the Apple hack that resulted in nude pictures of celebrities being released, will only grow in number next year, according to new research.
Earlier this week, Intel Security released its McAfee Labs November 2014 Threats Report, and the company’s annual 2015 Threats Predictions forecast for the coming year. The security researchers predict cyber-attacks will increase in 2015 as hackers use more advanced techniques to infiltrate networks. Furthermore, cyber-warfare and espionage will also increase as hackers make use of increasingly sophisticated strategies to hide their tracks and steal sensitive data.
There are several predictions in the report that I found most interesting. The first, is an expected increased use of cyber-warfare and espionage tactics. Cyber-espionage attacks will continue to increase in frequency as long-term players will become stealthier information gatherers, while newcomers to cyber-attack capabilities will look for ways to steal sensitive information and disrupt their adversaries, the report explains.
Also, the researchers expect greater Internet of Things attack frequency, profitability and severity. Unless security controls are built-in to their architectures from the beginning, the rush to deploy IoT devices at scale will outpace the priorities of security and privacy. This rush to deploy and the increasing value of data gathered, processed and shared by these devices will draw the first notable IoT paradigm attacks in 2015, the researchers predict.
So-called “Ransomware” is expected to evolve into the cloud as hackers continue to develop its methods of propagation, encryption and the targets it seeks. McAfee Labs predicts ransomware variants that manage to evade security software installed on a system will specifically target endpoints that subscribe to cloud-based storage solutions. Once the endpoint has been infected, the ransomware will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data.
As would be expected, the researchers predict mobile device attacks will continue to grow rapidly due to the growing availability of malware-generation kits and malware source code for mobile devices, which will lower the barrier to entry for cyber-criminals targeting these devices. What’s more, untrusted app stores will continue to be a major source of mobile malware. Traffic to these stores will be driven by “malvertising,” which has grown quickly on mobile platforms.
Finally, McAfee Labs predicts that the aftershocks of Shellshock will be felt for many years due to the number of potentially vulnerable Unix or Linux devices—such as routers, TVs, industrial controllers, flight systems and even critical infrastructure. In 2015, this will drive a significant increase in non-Windows malware as attackers look to exploit the Shellshock vulnerability, the report notes.
“The year 2014 will be remembered as ‘the Year of Shaken Trust,’” says Vincent Weafer, senior vice president, McAfee Labs, part of Intel Security. “This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations’ abilities to protect their data, and organizations’ confidence in their ability to detect and deflect targeted attacks in a timely manner. Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data.”
Do you agree with the McAfee researchers’ predictions? Secondly, whether you agree or disagree, is cyber-security an important issue where you work?