Kaspersky’s Global Research and Analysis Team’s Nine Security Predictions for 2015

It’s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new and

It’s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new and some stuff shows up on these lists every year. The following are nine predictions from Kaspersky Lab’s Global Research and Analysis Team.

Cybercriminals Merge with APT Groups, Tactics

This is in fact one of the most interesting predictions. The idea here, as explicitly noted by Kaspersky Lab’s experts, is that criminal groups will increasingly adopt nation-state tactics. Troels Oerting, head of Europol’s Cybercrime Center, noted in a speech at Georgetown Law last week that this is already happening.

However, whether they intended to or not, my researcher friends here at Kaspersky bring to my mind a second interesting possibility: that state-sponsored, advanced persistent threat hacking groups like we’ve seen in cases DarkHotel, Regin and Crouching Yeti/Energetic Bear will begin to merge with hacking campaigns perpetrated by criminals, like those targeting JP Morgan Chase, Target and others.

There are a couple ways I see this potentially working: the nation-state groups could work in concert with criminal groups toward a common goal. This would work well for mass distributed denial of service attacks like those — allegedly coming from Iran — that targeted U.S. banks in 2012 and 2013 and for other sorts of attacks that are designed to cause system downtime.

State groups could also contract their espionage activities out to criminal groups, using criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities in critical infrastructure systems at the behest of government groups.

APT Groups Fragment, Attacks Increase and Diversisfy

Kaspersky researchers believe that as security companies and independent researchers continue naming and shaming big, coordinated government sponsored hacking groups, those groups will be forced to split into smaller, independently operating APT actors. This, researchers say, will likely lead to more diverse and frequent attacks.

New Bugs in Old, Widely Used Code

As has been said here, at Threatpost and elsewhere, we are in the age of the Internet-wide bug. As the code-infrastructure of the Internet ages, we are likely to see more bugs in widely deployed implementations. Kaspersky Lab’s Global Research and Analysis team believes that we are only going to see more allegations of deliberate tampering, like in the case of Apple’s GoToFail; as well as accidental implementation errors affecting broad swaths of the Internet, like in the case of the OpenSSL Heartbleed and Shellshock/Bashbug.

Hackers Target Points of Sale, ATMs

Ten years on, looking back, 2014 may well be the year of the point-of-sale attack. Kaspersky researchers have no reason to believe that attackers will stop targeting point-of-sale systems any time in the near future. They certainly aren’t alone.

ATMs had a bad year too. Considering that most cash machines run the no-longer-supported, more-than-a-decade-old Windows XP, this trend is likely to increase as well.

The Rise of Apple Malware

You can go ahead and sort this into the category of predictions that are made every year. The Masque bug in iOS and the corresponding WireLurker malware targeting iOS devices via Apple and Windows port-machines had a lot of experts saying that the age of Apple malware is finally upon us. However, the MacDefender malware had the same experts saying the same things back in 2011, as did the Flashback trojan in 2013. Only time will tell. Predicting the onslaught of OS X is always a safe bet, though we always seem to get a small handful of Mac malware in a given year and never more.

Kaspersky Lab’s experts are betting that the increasing market share for OS X devices could finally get the attention of attackers. They also admit that Apple’s closed-by-default ecosystem makes it harder for malware to successfully take hold of the platform, though some users — particularly those that like to use pirated software — will disable such features. Therefore attackers seeking to hijack OS X systems could find success bundling their malware with pirated.

Targeting Ticketing Machines

This prediction likely comes out of South America, which is something of a hotspot for cybercrime, in that the big economies and population centers in countries like Brazil and Argentina tend to see new and different attacks from the rest of the world. Such is the case with Boleto fraud and such was the case when a hackers compromised the near-field communication-enabled ticketing systems at a Chilean public transport system.

Like ATMs, many of these systems run on hopelessly vulnerable Windows XP systems. Some people may attack these sorts of systems to “stick it to the man,” Kaspersky Lab researchers say, while others may try to target the payment information they process in an attempt to make bigger bucks.

Pwning Virtual Payment Systems

“As some countries like Ecuador rush to adopt virtual payment systems, we expect criminals to leap at every opportunity to exploit these,” Kaspersky researcher reasoned. “Whether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt.”

Apple Pay in the Crosshairs

This will be another fun story to watch. Much has been said of Apple Pay, both good and bad, and the level of anticipation is high for the payment system developed by one of the world’s most popular tech firms. Criminal hackers tend to attack popular platforms where the yield is high. If no one adopts Apple Pay, then no one will target it. If Apple Pay is as popular as Apple’s traditional and mobile offerings, then we may be writing about Apple Pay hacks sooner rather than later.

“Apple’s design possesses and increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” the Kaspersky researchers wrote.

Compromising the Internet of Things

[Pullquote: On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware/spyware?) into smart TV programming]

Last but not least: the so-called “Internet of Things” is likely to come under fire in a big way in 2015. We’ve been seeing demonstrations on connected consumer devices and home security products at Black Hat and DEFCON for a few years now. Much of this, as the Kaspersky experts note, has been theoretical and overhyped. However, a panel of security researchers at a Georgetown Law event last week predicted that ransomware is going to emerge in a big way and scale particularly well on the Internet of Things.

“In 2015, there will surely be in-the-wild attacks against networked printers and other connected devices that can help an advanced attacker to maintain persistence and lateral movement within a corporate network,” say Kaspersky researchers. “We expect to see IoT devices form part of an APT group’s arsenal, especially at high-value targets where connectivity is being introduced to the manufacturing and industrial processes.”

As for the us regular guys:”On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware/spyware?) into smart TV programming.”