Although the new year has just begun, it’s never too early to prep for emerging security threats. Each year, experts are able to pick out patterns that show what activities cybercriminals might be up to in the coming months, and what malicious strategies they’ll use to achieve their goals. Some of these insights deal with new threats that will come to light in the near future, and others are continued focuses on common attack vectors. Either way, these predictions can prove invaluable when it comes to bolstering security measures and prepping systems for the new year.
Let’s take a look at some of the top cybersecurity predictions experts are making and what enterprises can do to prepare themselves in 2015:
Increasing use of darknets by cybercriminals
According to Trend Micro’s report, “The Invisible Becomes Visible: Trend Micro Security Predictions for 2015 and Beyond,” this year, hackers will continue to leverage darknets and other underground forums for the transaction of crimeware. Although this activity had been occurring in the past, Trend Micro research shows that Deep Web and other darknet services still remain strong despite several similar platforms being shut down in the past year. However, the mere fact that hackers are leveraging these dark corners of the Web isn’t the only issue here.
“It does not help that the prices of malicious wares in underground markets are decreasing as supplies increase,” the report stated. “As more and more players enter the cybercriminal underground economy, ware prices will continue to decline.”
Trend Micro predicted that this will also lead to hackers utilizing even deeper underground channels to ensure that they are able to sell their malicious programs without being detected. In order to solve this issue, Trend Micro encourages law enforcement officials and security firms to delve deeper into the Web to take down these shadowy corners and prevent cybercriminal activity from taking place.
Virtual payment systems come under attack
In light of new payment systems being offered by technology and consumer vendors and being used by customers alike, experts predict that these platforms will become a high-level target for hackers. For instance, many online vendors and some physical stores are now accepting Google Wallet or Apple Pay payments. Patrick Nielsen, Kaspersky Lab’s senior security researcher, told Forbes that although many virtual systems were launched with the promise of increased security, it won’t be long before cybercriminals put these platforms in their crosshairs.
“We expect to see cybercriminals focus more on new payment systems as they are adopted and the potential for criminal financial gain thus increases,” Nielsen said. “This will be in the shape of attacks against banks/virtual currency operators, the end users and their devices and everything in between.”
Nielsen added that attacks like this have in fact already been seen, including malware being leveraged to steal from both banks and virtual wallets on user devices. In order to protect themselves, consumers should monitor the payment activities on their accounts and be sure to address any suspicious activity. In addition, banks and other operators should monitor their networks and put in place extra precautions to ensure that their systems are impenetrable to anyone besides authorized users.
Rise of third-party hacks
Another attack strategy to keep an eye out for this year is the so-called third-party attack, where hackers train their sights on one company in order to leverage the information gained to attack a bigger or more prominent target. According to Wired contributor Kim Zetter, attacks like these have increased in recent months, and enabled hackers to side-step certain security measures by stealing valuable information from nearby sources. For instance, in the Adobe hack of 2012, cybercriminals breached the firm to access the code-signing server, which they then leveraged to sign malware programs with legitimate Adobe certificates.
“Third-party breaches like these are a sign that other security measures have increased,” Zetter pointed out. “Hackers need to resort to stealing certificates because operating systems like Windows now come with security features that prevent certain code from installing on them unless it’s signed with a legitimate certificate.”
With these types of attacks increasing, it’s important that companies ensure information and systems are protected – not only on their side, but also from the side of any partnering organizations. If security exists on both sides, it will be more difficult for hackers to breach a third party to gain access to the bigger fish.
Increase in targeted attacks
The Trend Micro report also predicted an increase in targeted attacks in 2015. Although in the past, attacks like these were mainly seen in the U.S. and Russia, experts believe the net is widening. Targeting cybercriminal activities have also been launched from Vietnam, the U.K. and India. In addition, hacker groups have set their sights on smaller countries like Indonesia and Malaysia, illustrating the increased in this attack vector.
What’s more is that hackers are using new strategies to carry out these malicious activities as well. In the past, many targeted attacks involved spear-phishing and watering hole initiatives. However, experts predict that social media will soon become a main target as well. Even those that have been attacked in the past aren’t necessarily off hackers’ radar.
“Just because they’ve been breached before doesn’t mean they’re safe from future attacks,” the report stated. “Threat actors can still use them to get to even bigger targets, likely their partners or customers.”
Overall, these predictions show that organizations must not only protect against new threats, but they must keep up security to prevent continuing vulnerabilities as well.