Healthcare will see a substantial increase of data stealing attack campaigns; attacks on IoT will focus on businesses, says Websense Security Labs
Healthcare sector will see an increase in data stealing attacks
Healthcare records hold a treasure trove of personally identifiable information that can be used in a multitude of attacks and various types of fraud. In an environment still transitioning millions of patient records from paper to digital form, many organizations are playing catch-up when it comes to the security challenge of protecting personal data. As a result, cyber-attacks against this industry will increase.
Attacks on the IoT will focus on businesses
As the Internet of Things accelerates the connectivity of everyday items, proof-of-concept hacks against refrigerators, home thermostats and cars have been widely reported. However, the real threat from IoT will likely occur in a business environment over consumer. Every new internet-connected device in a business environment further increases a business attack surface. These connected devices use new protocols, present new ways to hide malicious activity and generate more noise that must be accurately filtered to identify true threats.
Credit card thieves will morph into information dealers
As the retail sector escalates their defenses and security measures such as Chip and PIN technology are mandated, look for cybercriminals to accelerate the pace of their credit card data theft. In addition, these criminals will begin to seek a broader range of data about victims.
Mobile threats will target credential information more
With the auto-login capability of mobile apps, mobile devices will increasingly be targeted for broader credential-stealing or authentication attacks to be used at a later date. These attacks will use the phone as an access point to the increasing Cloud-based enterprise applications and data resources that the devices can freely access.
New vulnerabilities will emerge from decades-old source code
OpenSSL, Heartbleed and Shellshock all made headlines this year, but have existed within open source code for years, waiting to be exploited. The pace of software development demands that new applications are built on open source, or legacy proprietary source code. As new features and integrations build on top of that base code, vulnerabilities continue to be overlooked.
Email threats will take on a new level of sophistication
Though the Web remains the largest channel for attacks against businesses, new highly-sophisticated email evasion techniques will be introduced and designed to circumvent the latest enterprise-grade defenses. Traditionally used as a lure in past attack scenarios, email will become a more pervasive element of other stages of an attack, including the reconnaissance stage.
Criminals will use social and collaborative tools to host their command
Criminals will increasingly use social and collaborative tools to host their command and control infrastructure. Those charged with protecting business from attack will have a difficult time discerning malicious traffic from legitimate traffic when communications to Twitter and Google Docs are not only allowed, but also encouraged.
There will be new players on the global cyber espionage battlefield
The techniques and tactics of nation-state cyberespionage and cyberwarfare activities have primarily been successful. As a result, additional countries will look to develop their own cyber-espionage programs, particularly in countries with a high rate of forecasted economic growth.