Cyber criminals are going to start using the techniques deployed by nation states as they look to launch attacks that go undetected for longer and gain access to sensitive data.
The challenges for those trying to remain secure will become slightly tougher next year as the cyber criminals not only mimic nation state attacks but also look to find weaknesses in the expanding network of connected devices.
According to the latest threat report from McAfee 2015 is set to be a busy time in the security market as threats like ransomware head into the cloud and mobile attacks evolve.
“2014 saw a huge range of high profile industry attacks, which undoubtedly shook confidence in long-standing Internet trust models, consumer confidence in organisations’ abilities to protect their data, and organisations’ confidence in their ability to efficiently detect and respond to targeted attacks in a timely manner. As we move into 2015, it is vital that moves are taken to restore trust," said Raj Samani, EMEA chief Technology officer, Intel Security.
"In order to do this we need to implement new security postures that shrink time-to-detection through the superior use of threat intelligence data, as well as continue working closely with public sector in dismantling cybercriminal operations. Ultimately, we need to get to a security model that’s built-in by design, seamlessly integrated into every device at every layer of the computing stack," he added.
McAfee is also expecting the EU to start to push for more stringent data protection laws, which could have major repercussions if as predicted the fines for suffering a breach rise significantly.
Along with the new - cloud. mobile and internet of thing based attacks - there will also be plenty of traditional problems with McAfee warning that hackers will continue to look for vulnerabilities in software applications.
2015 predictions from McAfee Labs
1. Increased use of cyber warfare and espionage tactics - Cyber espionage attacks will continue to increase in frequency as long-term players will become stealthier information gatherers, while newcomers to cyber-attack capabilities will look for ways to steal sensitive information and disrupt their adversaries.
2. Greater Internet of Things attack frequency, profitability, and severity - Unless security controls are built-in to their architectures from the beginning, the rush to deploy IoT devices at scale will outpace the priorities of security and privacy. This rush and the increasing value of data gathered, processed, and shared by these devices will draw the first notable IoT paradigm attacks in 2015.
3. Privacy debates intensify - Data privacy will continue to be a hot topic as governments and businesses continue to grapple with what is fair and authorised access to inconsistently defined “personal information.”
4. Ransomware evolves into the cloud- Ransomware will evolve its methods of propagation, encryption, and the targets it seeks. More mobile devices are likely to suffer attacks.
5. New mobile attack surfaces and capabilities - Mobile attacks will continue to grow rapidly as new mobile technologies expand the attack surface.
6. POS attacks increase and evolve with digital payments - Point of sale (POS) attacks will remain lucrative, and a significant upturn in consumer adoption of digital payment systems on mobile devices will provide new attack surfaces that cybercriminals will exploit.
7. Shellshock sparks Unix, Linux attacks - Non-Windows malware attacks will increase as a result of the Shellshock vulnerability.
8. Growing exploitation of software flaws - The exploitation of vulnerabilities is likely to increase as new flaws are discovered in popular software products.
9. New evasion tactics for sandboxing - Escaping the sandbox will become a significant IT security battlefield.