New threat trends like malvertising, exploitation of legacy protocols, et al, share the spotlight among the predictions for 2015 by Cyberoam.
Dark clouds over Internet of Things (IoT)
This year IoT will gain wider visibility due to its advancements as well as vulnerabilities. As SCADA systems adopt IOT, their exposure to cyber threats will increase. Remotely connected and automated building control systems also face a similar challenge. Around 2.2 million SCADA and BACnet devices are already exposed to potential cyber-threats as these are identifiable via SHODAN - a search engine for Internet-connected devices.
The Geo-political landscape is changing dramatically around the world and Internet cannot remain insulated from its effects; in fact Internet has become a critical tool for government sponsored propagandas, espionage and cyber-attacks. APT malwares sometimes used in these campaigns grossly undermine legal boundaries.
Legacy Protocols on target
POODLE, Shellshock and Heartbleed are examples of vulnerabilities in code, which sit hidden for years before been discovered and exploited. The legacy protocols on which Internet seems to run all so well are far from perfect and cyber criminals will continue to exploit the loopholes to their advantage. Some of these protocols being open source face a larger threat. Moreover, as the Internet makes transition from IPv4 to IPv6, cybercriminals would hunt for latent security gaps.
Given that healthcare sector is making rapid strides globally in embracing technology and digitising patient care along with storing personally identifiable information, there is a need to strengthen information security. Securing Healthcare data is critical as it is at a higher risk given the fact that this data fetches much higher value in black market than credit card numbers, because it can provide access to bank accounts or help in obtaining prescriptions for controlled drugs. Healthcare sector needs significant improvements in its cyber-preparedness.
Malvertising and Attacks on E-mail
2014 saw ad networks on reputed websites like Yahoo, AOL and Google being compromised to distribute malvertisements. Malvertising (placing malware laden advertisements on reputed/popular webpages) is likely to become more of a nuisance in 2015. Ad networks are continually compromised and threat actors are relying on the fact that blocking every ad or testing every ad network is not a practical solution.
Demand for Context Aware Security
Networks these days generate huge amount of data. This data contains enough cues to offer patterns of human behaviour that can be used to predict and prevent cyber-attacks. However, comprehending and co-relating data out of various logs and reports to get meaningful information requires time and skills. Besides, it carries the risk of human oversight. Enterprises need a security model to harness this information and interpret network traffic to identify suspicious patterns and events. In such a scenario, Big Data analytics tools can offer huge help in co-relating the data with a given user model to spot risky users and trends in a network.
iOS on the radar of cyber-criminals; Android attacks to continue
Mobile malwares will make a major impact in 2015, as more people are now using handheld devices to access critical business data from cloud apart from banking and payments. In this scenario, the new Android OS, Lollipop, will be put to test. At the same time, as enterprises embrace Apple apps and use of iOS-based devices grows, these are getting on the radar of cyber criminals. Recent trends suggest that in 2015, iOS will get hit by phishing attacks and malwares on a larger scale
Solving the puzzle called 'Password'
The quest for replacing 'password' as an authentication procedure will gain momentum. It is reported that an increasing number of millennials in the US prefer Apple's Fingerprint Scan for authentication purpose. However, scaling up biometric authentication techniques like fingerprint scan is a big challenge. Moreover, standalone biometric authentication is not as full proof as thought earlier.