2014 has been a year chock-full of Malware, Spear-Phishing, and Viruses, and the infamous CryptoLocker (and the following variations).
2014 has also been a rude awakening for some companies regarding I.T. security.
Mike Rogers, chairman of the House Permanent Select Committee on Intelligence noted in the WSJ Dec 25, 2014:
“In 10 years on the House Intelligence Committee I’ve watched a range of national security threats grow and evolve, but none as quickly as cyberwarfare.”
Mike mentions 2 recent examples, the Sony hack and the recent FIN4 gang who hacked into 100 public companies to grab insider information so they could manipulate the stock market. He predicts more of this to come, and urges congress to expand the private-sector’s access to government-classified cyberthreat intelligence.
Shawn Henry, president of cybersecurity firm CrowdStrike Services and a former executive assistant director of the FBI said: “It’s going to take some attacks much greater than what we’re seeing at Sony to allow the public to change course and say, ‘OK, we get it. We recognize how dangerous this is.'”
Here at Technology by Design, we hope you see how serious and important I.T. Security is, before it’s too late.
2015 Top 10 I.T. Security Predictions:
- The Sony hack is claimed to be a harbinger for more nation-state attacks on private sector organizations. Expect a major energy blackout with the press calling it a successful cyber attack on a U.S. energy infrastructure company and blaming Iran, DPRK, China, or Russia, but it turns out to be “rats and squirrels, gnawing on electrical cables.”
- State-sponsored, APT hacking groups will start to merge/cooperate/subcontract with criminal hacking campaigns like those targeting JP Morgan Chase to perform spying activities, steal IP and/or gather intelligence about vulnerabilities in critical infrastructure systems for these foreign governments.
- The Financial- and Defense Industry have doubled their I.T. security budgets in 2014, and during 2015 several other sectors will follow their example, specifically Technology, Healthcare, Manufacturing, and Government.
- Breach detection tools are now making their way into the enterprise, but correctly responding to a data breach is still very hard. Often CEOs will buy the tools, but not the people to run them. Count on a Sony-like chaos-and-panic response from a major healthcare organization driving it out of business.
- With the event of renewed interest in mobile payment, cybercrime’s attention will get focused on this lucrative combo of “mobile & money”. It’s predicted that Apple Pay will be compromised somehow in 2015, and that a new Apple-specific ransomware will spread via phishing attacks on iPhones, targeting cloud accounts.
- 2015 will be the year that trust in effective protection by just antivirus is mostly lost, and additional layers like software whitelisting and breach detection are going mainstream.
- We have not seen the end of POS attacks, but since retailers are going to harden the POS endpoints, cyberheists will move to “middle layer” targets which means payment processors and third-party POS management infrastructure. When “chip-and-pin” finally rolls out, big breaches will finally taper off.
- One of the major companies that was infected in 2014 will not move fast enough to shore up their security infrastructure, and will get reinfected in 2015, resulting in again losing millions of credit cards. Consumers will have gone into deep breach-fatigue and dismiss the risk.
- Board Rooms will realize that “culture trumps compliance” and start top-down security culture initiatives, assisted by technology-driven ethics and compliance programs, which include mandatory security awareness training for all employees.
- 2014 saw a 650% increase in social media spam and 99% of these malicious URLs led to malware or phishing sites. Expect this to grow another 400% in the next 12 months.
As I’ve said before, cybercriminals don’t take holidays. Instead, they use holidays and disasters to work overtime to try to catch you while your guard is down.
3 Scams To Watch For:
1. Phishing emails and Facebook messages claiming that the missing AirAsia Flight QZ8501 has been found.. The message includes a teaser image of a crashed AirAsia jet and invite users to click a “Play” button to view “breaking news footage”. Do NOT click on the link – it will fill your pc with malware.
2. Apple Watch scams. The new Apple Watch will be incredibly popular and be used for a variety of scams that try to infect workstations with malware. There will be lotteries, giveaways, “Free Apple Watch” contests, and promises that if you buy something, you will get an Apple Watch thrown in the deal at no cost. Remember: If a deal sounds too good to be true…IT IS!
3. Anything related to “The Interview”. Cybercriminals have now created an app that researchers at McAfee identified started in South Korea in the last few days, attempting to exploit the media frenzy related to “The Interview” movie. There is a torrent download, and it poses as an Android App to download the movie to mobile devices. It’s a banking Trojan. Be careful not to download anything related to “The Interview” unless you are 100% sure it comes from a legit source. And if you really want to see the movie, go to that website yourself, do not click on any link in an email promising to play the movie.