What to watchout for this year in security

The year 2014 witnessed a lot of action in cyber breaches and threats making global headlines. The following cyber threat trends for 2015 will empower the IT security teams to stay prepared well ahead of the anticipated threats. As per a Websense report, Healthcare will be the top target for data stealing attacks, Internet of Things will enable cybercrimals to attack businesses, there will be an increase in the credit card hacks and more

- compiled by Preeti Gaur

The year 2014 has witnessed large-scale data breaches at retail chains, attacks on data stored in the Cloud and massive vulnerabilities in decades-old code. The CSOs are pulling up their sleeves in order to safeguard data and the network, but the cybercriminals don’t leave any stone unturned to challenge the existing security systems. “Cybercriminals are continually adapting evasive techniques and methods so they can circumvent the security systems that were specifically put in place to stop them,” said Charles Renert, Vice President of Websense Security Labs. After thoroughly analyzing recent cybercrime trends and tactics, Websense Security Labs have established a few trends for cyber threats. Following are the highlights of the report:

The healthcare sector will see an increase in data stealing attack campaigns

According to the Identity Theft Resource Center, healthcare data accounted for 43 percent of major data breaches reported in 2013. Healthcare records hold a treasure trove of personally identifiable information that can be used in a multitude of attacks and various types of fraud. In an environment still transitioning millions of patient records from paper to digital form, many organizations are still catching-up when it comes to the security challenge of protecting personal data. As a result, cyber-attacks against this industry will increase.

In a medical emergency, when a doctor or nurse needs access to computing resources or data because a patient’s health is at risk, IT policy takes a back seat to the patient’s health. Such behavior can lead to increased risk to cyber threats or insecure access.

Attacks on the Internet of Things (IoT) will focus on businesses, not consumer products

The Internet of Things is set to explode and be one of the main sources of headaches for CSOs this year, inheriting the title from the bring-your-own-devices (BYOD) initiatives. As the Internet of Things accelerates, the connectivity of everyday items, proof-of-concept hacks against refrigerators, home thermostats and cars have been widely reported. However, the real threat from IoT is likely to occur in a business environment. Every new internet-connected device in a business environment further increases a business attack surface. These connected devices use new protocols, present new ways to hide malicious activity and generate more noise that must be accurately filtered to identify true threats.

Attacks are likely to attempt to use control of a simple connected device to move laterally within an organization to steal valuable data. In the coming year, manufacturing and industrial environments, in particular, are likely to see an increase in attack volume.

Credit card thieves will morph into information dealers

Cyber-attacks seeking credit card data are likely to continue in 2015. As the retail sector escalates their defenses and security measures such as Chip and PIN technology are mandated, look for cybercriminals to accelerate the pace of credit card data theft.

With a tiny code modification, that credit card stealing malware can now also steal credentials or any information associated with that terminal, including the user’s identity, customer loyalty programs or other store-related data. If they  collate the massive data collected, they can begin to assemble the individual pieces of data and collect whole profiles of individual users, consisting of multiple credit cards, regional and geographic data, personal information and behavior. This personal information, pulled from the criminal Cloud, will then be worth considerably more than the simple credit card number they have stolen. Thus, those that are now selling credit card accounts are likely to adapt their illegal craft to sell complete personal identity dossiers.

Mobile threats will target credential information more than the data on the device

Although the incidents of mobile malware have exploded year-over-year, they still do not constitute even a single percentage point of overall attacks. With the auto-login capability of mobile apps, mobile devices will increasingly be targeted for broader credential-stealing or authentication attacks to be used at a later date. These attacks will use the smartphone as an access point to the increasing Cloud-based enterprise applications and data resources that the devices can freely access.

New vulnerabilities will emerge from decades-old source code

OpenSSL, Heartbleed and Shellshock all made headlines this year, but have existed within open source code for years, waiting to be exploited. The pace of software development demands that new applications are built on open source, or legacy proprietary source code. As new features and integrations build on top of that base code, vulnerabilities continue to be overlooked. Next year, attackers will successfully exploit seemingly divergent application software through vulnerabilities in the old source code that these applications share.

Email threats will take on a new level of sophistication and evasiveness

Though the Web remains the largest channel for attacks against businesses, new highly-sophisticated email evasion techniques will be introduced and designed to circumvent the latest enterprise-grade defenses. Most users will begin to witness an increase in the amount of spam they receive in their inbox, because most email security measures will be incapable of detecting them in the Cloud scrubbing prior to passing to a user’s inbox. Traditionally used as a lure in past attack scenarios, email will become a more pervasive element of other stages of an attack, including the reconnaissance stage.

As companies increase access to Cloud and social media tools, command and control instructions will increasingly be hosted on legitimate sites

Network administrators monitoring internet activity will flag traffic moving to suspicious sites, but will not think twice if network traffic shows a user visiting Twitter every few hours, or going to Google docs. Criminals will take advantage of this and increasingly place malware Command and Control infrastructure onto these sites. Criminals will increasingly use social and collaborative tools to host their command and control infrastructure. Those charged with protecting business from attack will have a difficult time discerning malicious traffic from legitimate traffic when communications to Twitter and Google Docs are not only allowed, but also encouraged.

There will be new (or newly revealed) players on the global cyber espionage/cyber war battlefield

The techniques and tactics of nation-state cyberespionage and cyberwarfare activities have primarily been successful. As a result, additional countries will develop their own cyber-espionage programs, particularly the ones with a high rate of forecasted economic growth. In addition, because the barrier of entry for cyber activities is minimal compared to traditional espionage and war costs, there will be an increase in loosely affiliated ‘cells’ that conduct cyber-terrorist or cyber warfare initiatives independent from, but in support of, nation-state causes. Watch for increasing cyber espionage activities from countries with high forecasted global economic growth. These countries are more likely to engage in cyberwarfare and espionage activities to protect and advance their growing affluence.