by Raimund Genes
It’s that time of the year again – when security experts are called upon to take stock of the past 12 months and get their crystal balls out to predict the major industry trends for the coming year. Trend Micro always aims to be first to provide a comprehensive assessment of the threat landscape over the next 12 months and 2014 is no different.
This year’s report, The Invisible Becomes Visible, warns that targeted attacks on UK organisations and even attacks launched by hackers based here, could take off in 2015.
Our reasoning is that the tools and techniques to launch such campaigns are becoming increasingly democratised and no longer the preserve of a relatively small number of hackers. The US, China and Russia have up until now been associated with the majority of targeted attack activity – especially the kind related to state-sponsored espionage. That’s about to change though, and already non-traditional targets in countries like Indonesia and Malaysia are coming under attack.
We can also expect attackers to evolve their skills – using social media as an infection vector, and targeting routers and wi-fi enabled wearables. Here are a few pointers to keep your organisation safe:
- Assume you will be hacked: 2015 will see more breaches, and big name firms will be targeted for greater returns
- Keep apps and devices updated in the face of renewed attempts to exploit bugs in open source apps
- Roll-out security analytics, network visualisation and behaviour/heuristic tools for improved threat detection
- Enforce two factor authentication for employees/customers if you’re in financial services
Android still under fire
Next year will be no easier for Android – 2015 will see the emergence of an exploit kit targeted at the platform and designed to take advantage of fragmentation. Hackers will also try to exploit vulnerabilities through cross-platform interaction, meaning devices plugging into networks will be at risk. Users are advised to keep devices and apps up-to-date.
Other trends for 2015 in the report include:
- Continued use of the darknet by cybercriminals to evade detection by law enforcers.
- Apple Pay and NFC-related mobile payment technologies will come under attack
- IoT devices will escape attack thanks to their heterogeneity, but the data stored on devices will instead be targeted.