Looking back at the year of 2014 was a year of the mega data breach, which has influenced most of retailers like Target, Sally Beauty, Michaels and many more. Apart from this, software vulnerability was found on a large scale as an evolving threat that observed in 2014 year. So let’s see what is stored in 2015 for us?
Whether we can mitigate cyber crime to an appropriate level or it will evolve in a severe way. One thing is sure that malware/threat creators and its protectors will have intensified conflict.
Here, we are going to narrate 9 security challenges for 2015 year which web users should take in consideration.
1. IOT- A potential danger:
The number of IOT (Internet of Things) devices connected to the Internet is growing extensively and potentially risky for people due to their inter-connectivity. Symantec expects that plug and play devices like security cameras, alarms, lighting and climate control devices are at risk and cyber criminals could misuse them. Less security is responsible for IOT devices (home routers, smart TVs, car apps) that could welcome hackers to take advantage of such devices. IOT devices can put sensitive information at risk while transmitting it with each other due to lack of encryption, so attackers can easily intercept it. IOT devices make our life easy, but without proper inbuilt security, they can pose risks to our privacy. To mitigate risk associated with IOT devices, individuals and organizations should confirm about the way in which the device accessed and where the device collects the information.
2. Mobile Device – A ripe fruit for attackers:
With the increase demand of a Smartphone, it seems a ripe fruit for cyber criminals. All reasons that can harm your dearer Smartphone.
- Individuals now store their confidential information in their Smartphone.
- They download apps from third party sources.
- They do not keep basic antivirus security.
- Individuals do online transactions without keeping security in mind.
Moreover, cloud storage can be accessed (ie. Google Drive) via Smartphone that stores huge data and attackers will have huge data resource. Numerous apps in Android platforms have vulnerabilities and cyber culprits could employ banking malware, Blackhole exploit kit, master key vulnerabilities or third party vulnerabilities to exploit the device. According to Trend Micro, in 2014, nearly 4 million android threats have been recorded, which would possibly increase to 8 million in 2015.
3. POS Systems:
Retail breaches are on high and affected world’s well-known retail brands. The reason behind these breaches is malware intrusion on POS (Point-Of-Sale) system. Hackers were successful in exploiting POS system by installing malware with various techniques like ram scrapper, software update tool, compromise of admin system, brute force attack. Such malware is able to collect credit card number of system memory and capture data from inter process communication. In 2014, major retail breach happened on Target, P.F. Chang, Dairy Queen, and Home Depot. All these retail stores were breached due to malware intrusion on the POS system. Traditional antivirus fails to detect variant of POS malware hence, it work silently on the system. Cyber criminals take huge time and money to develop malware against retail industry. In 2015, the small retailers would also be the next target of cyber culprits.
4. Underground Selling Data:
Experts believe that in 2015, selling underground data will increase, as hackers are inventing new techniques to find a loophole in the enterprise system. However, it is not very easy to crack down cyber culprits because of the wide usage of internet that can make someone to stay anonymous over the web. Many computers used in cyber crime are hacked or controlled by somebody far away. When cyber criminals target any organizations, it can cause a serious issue for organization’s customers results into receiving more spam or phishing emails, attached malicious files that could take control of a customer’s PC.
Criminals purchases the Darknet services (a private network) or untraceable P2P (Peer-to-Peer) network, including Tor, I2P, and sell & buy other services & tools in the underground market. Criminals use the TLD domain to conceal the identity of underground market like Silk Road. As the suppliers are increasing in the underground, the prices of stolen information have been decreasing. For example, the price of credit card data has declined from $3 to $1 in 2013. Facebook’s stolen credentials, cost $100 in 2013 versus $300 in 2011.
5. Ransomware Scams in Light:
According to one report, in 2013 Ransomware frauds grew by 500%; this growth was due to success of Cryptolocker ransomware. Cryptolocker encrypts files and ask for a payment amount to decrypt it. It not only encrypts the files, but also targets shared network files. Currently, attackers use an electronic payment system like Bitcoin, Webmoney to get the paid ransom amount.
Cyber culprits can remain anonymous and damage businesses & customers by exploiting data, files etc. Ransomware can enter into the PC system via a few techniques like to entice users to buy antivirus, click on the malicious pop ups or advertisements, visiting an infected website. To mitigate this malware, users should enable firewall and antivirus in a PC, avoid inside links in emails and enable pop-up blocker.
In the next few years, this idea will work as a great tool for cyber criminals, as the encryption is still in a pioneer stage and many users are still not aware about encryption or adopt encryption.
6. Financially Motivated Threats:
Finance sectors always been a soft target for hackers and there has been a gradual increase in online banking malware in the last few months. Zeus malware, VAWTRAK are some of examples of banking malware that affected thousands of customers in Japan. Even two-factor authentication failed against Emmental operation run by hackers.
With the growing use of smartphones, hackers are now targeting devices that are being used for banking transactions. Trend Micro believes that fake applications, DNS name changes and the mobile phishing attack will upset the financial sector that will not only gain customers’ credentials but will also steal their identities.
7. DDoS- Still a Hurdle:
DNS (Domain Name System) and NTP (Network Time Protocol) servers are the main target of cyber criminals to make a DDoS attack successful. DNS and NTS amplification attack impersonates the server and sends a small request in reply; the server sends an overwhelming number of packets to the victim resulting in flooding the victim’s network. The DNS amplification attack is able to enhance the size of the attack up to 54 times using SNMP, NetBIOS and other protocols to begin amplification attacks. Many experts believe that in 2015, amplification attack will make new headlines. Organizations should set up a proper security to lessen large-scale DDOS attacks.
8. Decades Old Source Code:
It is time to rethink about the decades old source code in many platforms to avoid potential vulnerability in Open source platforms. Attackers can easily gain access of such platforms to exploit the old written code, which can put thousands of users at risk.
In 2015, attackers will target new applications to make them vulnerable. The use of third party tools is increasing, so the adoption of open source programming in new software and services has really surpassed. Unfortunately, security is not built into software development cycles and third parties never properly scrutinized during code integration.
9. A path ahead in SSL security (SHA1 to SHA2):
As cyber crime is evolving, there is a requirement of better security from the business and customer point-of-view. Recently Google has announced to sun setting the use of SHA1 algorithm in upcoming version of Google Chrome Browser. It shows that SSL security indeed an upgraded protection for online transactions. By following Google’s announcement we have started to provide SHA2 enabled certificate to all our prospective customers. In future SSL protocol will have higher bit encryption and modern algorithm to protect unwanted cyber frauds.
The above given web security predictions of 2015 year help organizations, developers, individuals as well security experts to prepare against the potential worst situation that could happen in near future. The time has come for web users to stop the evolving cyber crime by taking proper security precautions.