ESET’s global research team unveils the top security risks for 2015.
ESET®, a global pioneer in proactive protection for more than two decades, has compiled and published a summary of the top cybercrime trends and predictions for 2015. These highlights are explored in further detail in ESET’s Cybercrime Trends & Predictions 2015 report. While last year’s focus was on internet privacy and Android malware, new areas of InfoSecurity risks are bubbling to the top in 2015.
“As infrastructure in Asia-Pacific region improves steadily, an increasing number of consumers are adopting technology for day-to-day tasks. Online retail is a great example of this – it’s estimated to be a $525.5B industry in the region. Online banking, mobile wallets, and wearable devices too are poised for similar growth and impact. As more consumers and devices connect to the internet, the risk of cybercrime is also increasing. It’s vital that we remain vigilant and continue to take proactive measures to secure our data and online activities. With the right security solutions in place, it’s possible to stay protected and feel confident online.“ said Parvinder Walia, Sales Director for APAC at ESET.
Targeted attacks on the rise Targeted attacks continue to become more sophisticated in 2015. Often referred to as Advanced Persistent Threats (APT), they differentiate from traditional cyber attacks. Designed to silently target a specific victim, these targeted attacks can often lurk undetected on less secure networks.
“The attack vector for targeted attacks most commonly takes advantage of social engineering attacks,” said Pablo Ramos, head of the research lab at ESET Latin America. “This is where psychological manipulation is used to encourage potential victims into performing actions or divulging confidential information. Attacks also take the form of zero-day exploits, where attacks exploit newly discovered vulnerability on a particular operating system or application.”
During 2014, ESET’s We Live Security blog published a number of deep dives into targeted attacks, such as BlackEnergy campaign and the Operation Windigo.
Digital payment systems attract more malware
“As users begin to adopt online payment systems as a means to pay for services and goods, these systems become more attractive to malware authors interested in financial gain,” continued Ramos.
2014 saw the largest known digital payment attack to date, with a hacker reportedly harvesting more than $600,000 USD in Bitcoins and Dogecoins by using a network of infected machines.
ESET reported about attacks against the Dogevault site in May, where users of the popular online wallet reported unauthorised withdrawals from their accounts before the site was forced to go offline when attackers destroyed site data. An estimated value of $56,000 USD was stolen from Dogevault online wallet users.
We have also seen brute-force attacks, such as Win32/BrutPOS, that attempted to access password-protected accounts by hammering them with popular passwords to gain remote access – a reminder to us all to use strong, unique passwords.
Internet Of Things – new toys for hackers
As new devices connect to the Internet and store more data, they also become an attractive attack vector for cybercriminals. During 2014, we have seen more evidence of this growing trend, like attacks on cars shown on Defcon conference using the ECU devices, or the Tesla car that was hacked to open doors while in motion.
Attacks and proof of concepts were also shown on several SMART TVs, Boxee TV devices, biometric systems on smartphones, routers – not to mention Google glasses.
“This is an emerging space for cybercrime and should remain an area of focus for security industry,” added Camilo Gutierrez, Senior Security Researcher at ESET Latin America. “While it may take years to become a serious prevalent threat, we must act now to better prevent these types of attacks.”
The full report is now available on WeLiveSecurity.com. You can read the report here: http://www.welivesecurity.com/2014/12/18/cybercrime-trends-predictions-2015/.
ESET has also published a webinar focused on the security lessons learned in 2014. This webinar is geared at helping businesses set their security posture in the forthcoming year.