Report addresses Internet of Things attacks and intrusions targeting credit cards
Cybersecurity made headlines and headaches in 2014, with large-scale information breaches in retail chains, attacks on data stored in the cloud, and the revelation of massive vulnerabilities in old code created decades ago. Aware of this issue, researchers at Websense Security Labs presented top cybersecurity predictions for 2015 to help global companies interpret threat trends and prevent them from defending against innovative and sophisticated attacks.
Charles Renert, vice president of Websense Security Labs, explains that cyber criminals are constantly adapting intrusive techniques and methods to circumvent security systems specifically designed to stop them. "Through careful and detailed analysis of recent cybercrime trends and tactics, we've established one element common to all these predictions: threat activity is increasing in frequency and sophistication."
Among the highlights of the report, whose full version is available at http://www.websense.com/2015predictions, they are:
1. Increase in campaigns for data theft attacks in the healthcare sector
Healthcare industry records gather a lot of important and personally identifiable information that can be used in numerous attacks and various types of fraud. In a landscape where millions of patient files are still transitioning from paper to digital format, many organizations are only now beginning to face the security challenges of protecting personal information. Therefore, cyber attacks in this sector will increase.
2. Internet of Things (IoT) attacks will focus on businesses, not consumer products
As the Internet of Things accelerates the connectivity of everyday items, attacks against refrigerators, home thermostats and cars increase. However, the real threat from IoT is likely to occur in a commercial rather than a consumer environment. Every new internet-connected device in a company's environment increases the likelihood of attacks. These connected devices use new protocols, provide new ways to hide malicious activity, and generate more noise that must be accurately filtered to identify the true threats. Attacks will likely attempt to use control of a simple connected device to literally break into an organization and steal valuable data. In the coming year, the industrial and manufacturing sectors will witness an increase in the volume of attacks.
3. Credit card thieves will turn into information dealers
As the retail sector increases its defenses and with mandatory security measures – incorporating chip and PIN technology, cyber criminals are expected to accelerate the pace of theft of credit card data. In addition, they will begin to seek a more comprehensive range of information about victims. This more complete dossier, with more wealth of personal information from individual users, consisting of multiple credit cards, geographic and regional data, behavior and personal data, will increasingly be marketed in the same way as stolen credit cards today.
4. Mobile threats will focus more on credential information than on-device data
With the mobile apps auto login feature, mobile devices will be more targeted for larger scale attacks to steal authentication credentials to be used in the future. These attacks will use the phone as an access point for enterprise applications, increasingly cloud-based, and data resources accessed unrestricted by devices.
5. New vulnerabilities will arise from old source code
OpenSSL, Heartbleed, and Shellshock made headlines this year, but they've been around in open source for years, waiting to be explored. The pace of software development requires new applications to be based on open source or legacy and proprietary source code. As new features and integrations build on this code base, vulnerabilities continue to be ignored. In the next year, criminals will successfully exploit the software of divergent applications through vulnerabilities in the old source code shared by these applications.
6. Email threats will take on a new level of sophistication and evasion
While the Web will continue to be the biggest channel for attacks against companies, new highly sophisticated e-mail evasion techniques will be introduced and developed to overcome the latest corporate defenses. Traditionally used as a decoy in past attack scenarios, email will become a more pervasive element of other phases of an attack, including the reconnaissance phase.
7. As companies increase access to the cloud and use of social media tools, command and control instructions must be hosted on legitimate websites
Cybercriminals will increasingly use social and collaborative tools to command and control their infrastructure. Those responsible for protecting companies from attacks will find it difficult to discern between malicious and legitimate traffic in a context where communications with Twitter and Google Docs are not only allowed, but encouraged.
8. There will be new (or newly revealed) participants in the global espionage/cyber warfare battleground
The techniques and tactics of espionage and cyber warfare between nations were largely successful. As a result, countries will develop their own cyber espionage programs, particularly in nations that are forecast to have a high rate of economic growth. Additionally, as the barrier to entry for cyber activities is minimal compared to the costs of traditional warfare and espionage, there may be an increase in new informally affiliated “cells” that will carry out cyber-terrorist initiatives or cyber-warfare independently, but in support of nation-state causes.
EN 
PT 
