ESET®, a global pioneer in proactive protection for more than two decades, has compiled and published a summary of the top cybercrime trends and predictions for 2015. These highlights will be explored in further detail in ESET’s Cybercrime Trends & Predictions 2015 report coming soon on WeLiveSecurity.com. While last year’s focus was on internet privacy and Android malware, new areas of InfoSecurity risks are bubbling to the top in 2015.
Targeted attacks on the rise
Targeted attacks continue to become more sophisticated in 2015. Often referred to as Advanced Persistent Threats (APT), they differentiate from traditional cyber attacks. Designed to target specific victim and be silent, targeted attacks often can lurk undetected on less secure networks.
“The attack vector for targeted attacks most commonly takes advantage of social engineering attacks,” said Pablo Ramos, Head of Research Lab ESET Latin America. “This is where psychological manipulation is used to encourage potential victims into performing actions or divulging confidential information. Attacks also take the form of zero-day exploits, where attacks exploit newly discovered vulnerability on a particular operating system or application.”
During 2014, ESET’s We Live Security blog published a number of deep dives into targeted attacks, such as BlackEnergy campaign and the Operation Windigo.
Digital payment systems attract more malware
“As users begin to adopt online payment systems as a means to pay for services and goods, these systems become more attractive to malware authors interested in financial gain,” continued Ramos.
2014 saw the largest known digital payment attack to date, with a hacker reportedly harvesting more than $600,000 USD in Bitcoins and Dogecoins by using a network of infected machines.
ESET reported about attacks against the Dogevault site in May, where users of the popular online wallet reported unauthorised withdrawals from their accounts before the site was forced to go offline when attackers destroyed site data. An estimated value of $56,000 USD was stolen from Dogevault online wallet users.
We have also seen brute-force attacks, such as Win32/BrutPOS, that attempted to access password-protected accounts by hammering them with popular passwords to gain remote access - a reminder to us all to use strong, unique passwords.
Internet Of Things - new toys for hackers
As new devices connect to the Internet and store more data, they also become an attractive attack vector for cybercriminals. During 2014, we have seen more evidence of this growing trend, like attacks on cars shown on Defcon conference using the ECU devices, or the Tesla car that was hacked to open doors while in motion.
Attacks and proof of concepts were also shown on several SMART TVs, Boxee TV devices, biometric systems on smartphones, routers - not to mention Google glasses.
“This is an emerging space for cybercrime and should remain an area of focus for security industry,” added Camilo Gutierrez, Senior Security Researcher at ESET Latin America. “While it may take years to become a serious prevalent threat, we must act now to better prevent these types of attacks.”
More information
The full report will be soon available on WeLiveSecurity.com. In the interim, you can read more about these findings on ESET’s WeLiveSecurity.com blog.ESET has also published a webinar focused on the security lessons learned in 2014. This webinar is geared at helping businesses set their security posture in the forthcoming year.
About ESET
Since 1987, ESET® has been developing record award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.