{"id":5192,"date":"2014-12-10T05:00:05","date_gmt":"2014-12-10T10:00:05","guid":{"rendered":"http:\/\/kasperskydaily.com\/uk\/?p=5192"},"modified":"2019-11-22T10:15:47","modified_gmt":"2019-11-22T10:15:47","slug":"kasperskys-global-research-and-analysis-teams-nine-security-predictions-for-2015","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.uk\/blog\/kasperskys-global-research-and-analysis-teams-nine-security-predictions-for-2015\/5192\/","title":{"rendered":"Kaspersky&#8217;s Global Research and Analysis Team&#8217;s Nine Security Predictions for 2015"},"content":{"rendered":"<p>It\u2019s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new and some stuff shows up on these lists every year. The following are nine predictions from Kaspersky Lab\u2019s Global Research and Analysis Team.<\/p>\n<p><strong>Cybercriminals Merge with APT Groups, Tactics<\/strong><\/p>\n<p>This is in fact one of the most interesting predictions. The idea here, as explicitly noted by Kaspersky Lab\u2019s experts, is that criminal groups will increasingly adopt nation-state tactics. Troels Oerting, head of Europol\u2019s Cybercrime Center, noted in a speech at Georgetown Law last week that this is already happening.<\/p>\n<p>However, whether they intended to or not, my researcher friends here at Kaspersky bring to my mind a second interesting possibility: that state-sponsored, advanced persistent threat hacking groups like we\u2019ve seen in cases DarkHotel, Regin and Crouching Yeti\/Energetic Bear will begin to merge with hacking campaigns perpetrated by criminals, like those targeting JP Morgan Chase, Target and others.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Darkhotel?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Darkhotel<\/a> APT in a single video: <a href=\"http:\/\/t.co\/NRqAl4docX\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/NRqAl4docX<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/531854094135091202?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 10, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There are a couple ways I see this potentially working: the nation-state groups could work in concert with criminal groups toward a common goal. This would work well for mass distributed denial of service attacks like those \u2014 allegedly coming from Iran \u2014 that targeted U.S. banks in 2012 and 2013 and for other sorts of attacks that are designed to cause system downtime.<\/p>\n<p>State groups could also contract their espionage activities out to criminal groups, using criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities in critical infrastructure systems at the behest of government groups.<\/p>\n<p><strong>APT Groups Fragment, Attacks Increase and Diversisfy<\/strong><\/p>\n<p>Kaspersky researchers believe that as security companies and independent researchers continue naming and shaming big, coordinated government sponsored hacking groups, those groups will be forced to split into smaller, independently operating APT actors. This, researchers say, will likely lead to more diverse and frequent attacks.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>@Kaspersky expects to see a shift in 2015 where the #APT groups splinter into smaller units, operating independently<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Ft63n&amp;text=%40Kaspersky+expects+to+see+a+shift+in+2015+where+the+%23APT+groups+splinter+into+smaller+units%2C+operating+independently\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>New Bugs in Old, Widely Used Code<\/strong><\/p>\n<p>As has been said here, at Threatpost and elsewhere, we are in the age of the Internet-wide bug. As the code-infrastructure of the Internet ages, we are likely to see more bugs in widely deployed implementations. Kaspersky Lab\u2019s Global Research and Analysis team believes that we are only going to see more allegations of deliberate tampering, like in the case of Apple\u2019s GoToFail; as well as accidental implementation errors affecting broad swaths of the Internet, like in the case of the OpenSSL Heartbleed and Shellshock\/Bashbug.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Major Bash vulnerability affects <a href=\"https:\/\/twitter.com\/hashtag\/Linux?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Linux<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/Unix?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Unix<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/Macs?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Macs<\/a>. \u201cIt\u2019s super simple&amp;every version of Bash is vulnerable\u201d <a href=\"http:\/\/t.co\/xsTuXtCrEM\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/xsTuXtCrEM<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/514878008608686080?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 24, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Hackers Target Points of Sale, ATMs<\/strong><\/p>\n<p>Ten years on, looking back, 2014 may well be the year of the point-of-sale attack. Kaspersky researchers have no reason to believe that attackers will stop targeting point-of-sale systems any time in the near future. They certainly aren\u2019t alone.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>The next stage will see attackers compromising the networks of banks to manipulate #ATM #machines in real time<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2Ft63n&amp;text=The+next+stage+will+see+attackers+compromising+the+networks+of+banks+to+manipulate+%23ATM+%23machines+in+real+time\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>ATMs had a bad year too. Considering that most cash machines run the no-longer-supported, more-than-a-decade-old Windows XP, this trend is likely to increase as well.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\"Tyupkin <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#malware<\/a> is an example of the attackers taking advantage of weaknesses in the ATM infrastructure\" <a href=\"https:\/\/t.co\/sAZuW1maYd\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/sAZuW1maYd<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/519790599335997441?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 8, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>The Rise of Apple Malware<\/strong><\/p>\n<p>You can go ahead and sort this into the category of predictions that are made every year. The Masque bug in iOS and the corresponding WireLurker malware targeting iOS devices via Apple and Windows port-machines had a lot of experts saying that the age of Apple malware is finally upon us. However, the MacDefender malware had the same experts saying the same things back in 2011, as did the Flashback trojan in 2013. Only time will tell. Predicting the onslaught of OS X is always a safe bet, though we always seem to get a small handful of Mac malware in a given year and never more.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">WireLurker is no more. <a href=\"https:\/\/twitter.com\/hashtag\/WireLurker?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#WireLurker<\/a> is gone: <a href=\"https:\/\/t.co\/yjdK4xgX06\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/yjdK4xgX06<\/a> <a href=\"http:\/\/t.co\/gSGd2tSELf\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/gSGd2tSELf<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/530664719615401986?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 7, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Kaspersky Lab\u2019s experts are betting that the increasing market share for OS X devices could finally get the attention of attackers. They also admit that Apple\u2019s closed-by-default ecosystem makes it harder for malware to successfully take hold of the platform, though some users \u2014 particularly those that like to use pirated software \u2014 will disable such features. Therefore attackers seeking to hijack OS X systems could find success bundling their malware with pirated.<\/p>\n<p><strong>Targeting Ticketing Machines<\/strong><\/p>\n<p>This prediction likely comes out of South America, which is something of a hotspot for cybercrime, in that the big economies and population centers in countries like Brazil and Argentina tend to see new and different attacks from the rest of the world. Such is the case with Boleto fraud and such was the case when a hackers compromised the near-field communication-enabled ticketing systems at a Chilean public transport system.<\/p>\n<p>Like ATMs, many of these systems run on hopelessly vulnerable Windows XP systems. Some people may attack these sorts of systems to \u201cstick it to the man,\u201d Kaspersky Lab researchers say, while others may try to target the payment information they process in an attempt to make bigger bucks.<\/p>\n<p><strong>Pwning Virtual Payment Systems<\/strong><\/p>\n<p>\u201cAs some countries like Ecuador rush to adopt virtual payment systems, we expect criminals to leap at every opportunity to exploit these,\u201d Kaspersky researcher reasoned. \u201cWhether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt.\u201d<\/p>\n<p><strong>Apple Pay in the Crosshairs<\/strong><\/p>\n<p>This will be another fun story to watch. Much has been said of Apple Pay, both good and bad, and the level of anticipation is high for the payment system developed by one of the world\u2019s most popular tech firms. Criminal hackers tend to attack popular platforms where the yield is high. If no one adopts Apple Pay, then no one will target it. If Apple Pay is as popular as Apple\u2019s traditional and mobile offerings, then we may be writing about Apple Pay hacks sooner rather than later.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Apple Pay. Next time cybercriminals will not mess with celebrities\u2019 pics, but their money <a href=\"http:\/\/t.co\/ICDOK64XxP\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/ICDOK64XxP<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/509758479444090881?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 10, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cApple\u2019s design possesses and increased focus on security (like virtualized transaction data) but we\u2019ll be very curious to see how hackers will exploit the features of this implementation,\u201d the Kaspersky researchers wrote.<\/p>\n<p><strong>Compromising the Internet of Things<\/strong><\/p>\n<p>[Pullquote: On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware\/spyware?) into smart TV programming]<\/p>\n<p>Last but not least: the so-called \u201cInternet of Things\u201d is likely to come under fire in a big way in 2015. We\u2019ve been seeing demonstrations on connected consumer devices and home security products at Black Hat and DEFCON for a few years now. Much of this, as the Kaspersky experts note, has been theoretical and overhyped. However, a panel of security researchers at a Georgetown Law event last week predicted that ransomware is going to emerge in a big way and scale particularly well on the Internet of Things.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">A fascinating story how <a href=\"https:\/\/twitter.com\/JacobyDavid?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@JacobyDavid<\/a> hacked his smart home <a href=\"https:\/\/t.co\/ckTyeMVLUp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/ckTyeMVLUp<\/a> <a href=\"http:\/\/t.co\/q4LiqsBnA4\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/q4LiqsBnA4<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/515189019617918976?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 25, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cIn 2015, there will surely be in-the-wild attacks against networked printers and other connected devices that can help an advanced attacker to maintain persistence and lateral movement within a corporate network,\u201d say Kaspersky researchers. \u201cWe expect to see IoT devices form part of an APT group\u2019s arsenal, especially at high-value targets where connectivity is being introduced to the manufacturing and industrial processes.\u201d<\/p>\n<p>As for the us regular guys:\u201dOn the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware\/spyware?) into smart TV programming.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new and<\/p>\n","protected":false},"author":42,"featured_media":5195,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[],"class_list":{"0":"post-5192","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news"},"hreflang":[{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/kasperskys-global-research-and-analysis-teams-nine-security-predictions-for-2015\/5192\/"}],"acf":[],"banners":"","maintag":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/comments?post=5192"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5192\/revisions"}],"predecessor-version":[{"id":17989,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/posts\/5192\/revisions\/17989"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media\/5195"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/media?parent=5192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/categories?post=5192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.uk\/blog\/wp-json\/wp\/v2\/tags?post=5192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}