7 January 2015

Ransomware and Other Big Cyber Threats in 2015

Holly Ellyatt
January 5, 2015

Top 5 cybersecurity risks for 2015

From identity theft and fraud to corporate hacking attacks, cybersecurity has never been more important for businesses, organizations and governments.

Hacking experts warn there are plenty more security risks ahead in 2015 as cyber criminals become more sophisticated. While “traditional” cybercrime such as internet password fraud will still be widespread in 2015, larger scale espionage attacks and hacking the Internet of Things (IoT) will also be risks.

CNBC take a look at the biggest threats to your online world in 2015.

Ransomware — a type of malware which restricts access to the computer system that it infects –will become increasingly sophisticated in its methods and targets, experts at McAfee Labs warned.

"We predict ransomware variants that manage to evade security software installed on a system will specifically target endpoints that subscribe to cloud-based storage solutions such as Dropbox, Google Drive, and OneDrive. Once the endpoint has been infected, the ransomware will attempt to exploit the logged-on user’s stored credentials to also infect backed-up cloud storage data," McAfee’s report on 2015 cyber risks noted.

Ransomware encrypts data and McAfee thought attacks on mobile devices and cloud-backed data would increase.

"Ransomware victims will be in for a rude shock when they attempt to access their cloud storage to restore data—only to find their backups have also been encrypted by the ransomware," the experts said.

More worryingly, ransomware attackers will find as many ways as possible to extract ransom payments from victims to release their encrypted data, McAfee warned.

The Internet of Things

The Internet of Things – the connection of physical devices such as home appliances and cars to the internet — will still be the “Internet of Vulnerabilities,” according to cyber experts.

John Nesbitt, founder of Cyber Senate, a community of global cybersecurity business leaders, echoed experts’ beliefs who said that the IoT is “the main cybersecurity risk for 2015.” “The IoT presents unique security challenges in terms of the number of connected devices present.”

"The IoT will be integrated into every market you can think of – from healthcare to the energy industry and transport network but it hasn’t been designed with security in mind. There are millions of hackers out there that could compromise these interconnected systems. We have sacrificed security for efficiency"

Cyber-espionage

Cyber espionage is becoming the weapon of choice for many national governments – no matter how tight-lipped they may be about any involvement in such activities to undermine their enemies.

As Nesbitt said, “the next world war will be fought on a keyboard,” and we should expect cyber espionage attacks to increase in frequency in 2015, McAfee’s “2015 Threat Predictions” report warned.

"Long-term players will become stealthier information gatherers, while newcomers will look for ways to steal money and disrupt their adversaries," McAfee Labs report states, predicting that more small nation states and terror groups will use cyber warfare.

Cyber theft increases

The stealing of financial information is nothing new, with stolen credit or debit card data on the black market a well-established and lucrative business for cyber criminals.

But as new ways of paying for goods, such as contactless and mobile payments, become the norm for European consumers, there’s a new opportunity for hackers – particularly if retailers don’t store payment data securely, Symantec told CNBC.

"Although this would require cyber criminals to target individual cards and wouldn’t result in large scale breaches or theft like we have seen in the U.S.,the payment technology used won’t protect against retailers who aren’t storing payment card data securely, and they will still need to be vigilant in protecting stored data," Candid Wüest, threat researcher at Symantec Security Response, said.

Insecure Passwords

Easy-to-crack passwords will continue to be a big risk in 2015, analysts said. “Weaknesses of passwords are known, but still lead to many of the high-profile attacks such as the recent iCloud attack,” Symantec’s Sian John said.

"2015 is likely to be the first year when the password starts to be phased out in favour of a number of different multi-factor options. Next year may well be the first year of multi-factor by default," Digital Shadows, a cyber threat intelligence company, told CNBC.

"The mechanisms for password recovery are flawed," John added. "The traditional method of password recovery is asking questions that only you, the real owner, should know. Unfortunately, answers to these questions often can be deduced based on information that can easily be found online — especially given people’s proclivity for "over-sharing" on social media sites."

No comments: