Cybercriminals on a fast forward mode with emerging technologies

2014 was a grim reminder that cybercriminals are getting bolder and vicious

PCQ Bureau
New Update
symantec year trends

2014 was a grim reminder that cybercriminals are getting bolder and vicious. They have been relentlessly working towards planting the stealthiest and most sophisticated attacks. With attacks becoming smarter and sharper, all indications are that 2015 will open up greater opportunities for cybercriminals

– Sanjay Rohtagi, President - Sales, India, Symantec



Today, India is at the cusp of digital transformation, with the growing internet and smartphone penetration as well as other trends like cloud, big data and social witnessing a massive uptake. Advancements in newer trends like the Internet of Things also means consumers will have increased connectivity across their devices, gadgets and machines – and with this connectivity comes the potential for a whole new range of security risks.

Will the Internet of Things usher in a new wave of security attacks? As countries move towards their smart nation master plans, what role will Big Data play? What’s next in the mobile security space? The coming year will pose a lot more issues that will affect individual consumers, businesses and governments, resulting in a struggle between those wishing to create new threats and exploit vulnerabilities and those looking to protect against them.


1)    Mobile devices will become even more attractive targets: Mobile devices will continue to become a target for cyber attackers especially as they store up a trove of personal and confidential information and are switched on all the time, making them the perfect targets. Mobile devices will become even more valuable as mobile carriers and retail stores transition to mobile payments. For example, as Apple Pay takes off as a payment method, attackers are likely to rigorously test the security in place around near field communication (NFC) payments.


2)    Privacy will continue to be sacrificed for mobile apps: As mobile users continue to trade their privacy in exchange for mobile apps, many Internet users are reluctant to share banking and personal identifiable information online, others are willing to share information about their location, and mobile device battery life as well as allow access to photos, contact lists and fitness information, all in exchange for mobile apps. They don’t know what they are agreeing to when downloading apps, when it comes to trading information for apps.



3)    Attacks on the Internet of Things (IoT) will focus on smart home automation: With smart home automation gaining popularity amongst consumers across Asia Pacific and Japan, Symantec anticipates that commoditized ‘plug and play’ consumer devices such as CCTV cameras and remote access controls for alarms, lighting and climate control will be exploited by cybercriminals. Unfortunately not many of these devices are deployed with internet security in mind. These devices tend to have limited memory and system resources and do not have the computing power of a typical desktop. Cybercriminals can easily find, target and exploit these IoT devices. We won’t see any large-scale attacks leveraging IoT, but instead one-off attacks against connected devices such as home routers, smart TVs and connected car apps, for example, for sensitive and private information.


4)    The Cloud will take us to Infinity and Beyond: In 2015, more and more data will be hosted in the cloud but as this move occurs, businesses will need to take a closer look at data governance and ensure their data is cleaned before it is hosted in the cloud. Legacy data left unmanaged will continue to accumulate and present a persistent challenge for businesses. For consumers, the cloud in 2015 represents an infinite amount of personal information being hosted remotely and debate around the right to access, control, and protect private data in the cloud will continue to escalate.


5)    Machine learning will be a game changer in the fight against cybercrime: A new generation of business platforms is emerging from the convergence of machine learning and big data and it will be a game changer in cybersecurity. Machine learning is a form of deep learning that may be considered as the first step in artificial intelligence. There is a critical need to stay ‘proactive’ against threats, instead of reacting to them and machine learning will help security vendors stay one step ahead of cybercriminals. The ability for machine learning to predict cyber-attacks will improve detection rates and may just be the key that reverses the trend on cybercrime.



6)    Scammers will continue to run profitable ransomware scams: The growth of ransomware was largely due to the success of Ransomcrypt, commonly known as Cryptolocker (designed to encrypt a user’s files and request a ransom for the files to be unencrypted). It causes even more damage to businesses where not only the victims’ files are encrypted but also files on shared or attached network drives. Holding encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the crooks. However, recently ransomware makers have started leveraging online and electronic payment systems such as Bitcoins, Webmoney, Ukash, greendot (MoneyPak) to get around this challenge. Crooks like the relative anonymity and convenience of electronic payments and these are readily available, putting businesses and consumers at greater risk from losing data, files or memories.


7)    The prominent data leaks of 2014 will keep cybersecurity in the spotlight in 2015: With the interconnected nature of a global internet and cloud infrastructures, cross-border flow of data is unavoidable and needs to be appropriately addressed. 2015 will see the evolution of the Personal Data Protection Act especially in the Asia Pacific region as it makes a real impact in people’s lives, towards ensuring that individuals and organizations have the right mindset with regards to online security and cybercrime prevention.


8)    Distributed denial-of-service (DDoS) will continue to rise as a threat: Year 2014 saw an increase in Unix servers being compromised and their high bandwidth being used in DDoS attacks. The motivation of the attacker in this case varies widely, with hacktivism, profit, and disputes being the main reasons. Considering the ease of conducting large DDoS attacks, Symantec expects that the DDoS trend will continue to grow.



9)    User behavior will take center stage as security moves beyond passwords: With the password system complexity constantly under attack by cybercriminals, security vendors and providers have constantly been facing challenges on providing users a seamless experience. Adopting multi-factor authentication techniques such as one-time passwords or iris and fingerprint scanning are alternate safeguard methods, but they may not be the safest options. The true solution to protect valuable information lies in users’ behavior, which is ultimately how we can prevent our personal online assets and identities from being compromised.


10)    The front lines of cybersecurity will be strengthened by closer industry partnerships and collaborations: The security industry together with telecommunication providers and governments from around the world are joining forces to beat the war on cybercrime. In 2015, attackers will continue to look for new vulnerabilities so that they can ‘hack the planet’. Open source platforms will continue to address these vulnerabilities through greater industry coordination, collaboration and response.


While the increasing flow of data from smart devices, apps and other online services is enticing for cybercriminals, there are steps businesses and consumers can consider to better protect themselves. No doubt, increased mobility and Internet of Things will enable users to take the next big leap in technology adoption, but it will also give rise to extreme vulnerable scenarios where both the user and the data will be compromised to a great extent. The need of the hour is to create a strong framework of policies and regulations to secure the internet enabled infrastructure of government, organization, household and even individuals.

Source: Symantec