Mobile, IoT Face More Sophisticated Attacks in 2015
Cyber-espionage attacks will continue to increase. Long-term hackers will use stealthier information-gathering techniques. Newcomers will try to outdo adversaries by looking for new ways to steal sensitive information. Small nation-states and terrorist groups will increasingly use cyber-warfare.
The proliferation of IoT devices could give hackers access to personal data, as in the health-care industry, where personal data can be between 10 times and 20 times more valuable than stolen credit card data.
This year will see ongoing discussions about what constitutes “personal information” and the extent to which it may be accessed and shared by state or private entities. Laws may evolve to regulate the use of previously anonymous data sets.
More mobile devices are likely to be attacked as ransomware evolves. The technique of ransomware to target data backed up in the cloud will proliferate in mobile.
A continued rise in mobile ransomware that uses virtual currency as a payment method is expected.
Kits that generate malware and source code for mobile devices will make it easier for cybercriminals to attack mobile devices. “Malvertising” will drive traffic to rogue app stores.
POS (point of sale) attacks will remain lucrative, as consumers adopt digital payment systems on mobile. Despite chip-and-pin cards and card readers, these breaches will continue to grow, due to the huge numbers of POS devices.
Aftershocks from the Shellshock bug, which struck Yahoo in October and exploited a vulnerability in its Linux and UNIX servers, are expected to be felt for many years because there are so many potentially vulnerable devices—from routers to TVs to industrial controllers.
Stack pivoting, return- and jump-oriented programming and a better understanding of 64-bit software will help reveal new vulnerabilities in popular software products.
This year will see growth in the number of techniques used to exploit vulnerabilities in critical and popular applications, and cybercriminals will avoid application sandboxing, which limits environments in which code can execute.