It’s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year.
As always, some stuff is new, while other items show up on these lists every year. Below there are nine predictions from experts.
Cybercriminals Merge with APT Groups, Tactics. This is, in fact, one of the most interesting predictions. The idea here, as explicitly noted by experts, is that criminal groups will increasingly adopt nation-state tactics. Troels Oerting, the head of Europol’s Cybercrime Center, noted in a speech at Georgetown Law last week that this is already happening. However, whether they intended to or not, my researcher friends brought to my mind a second interesting possibility: that state-sponsored, advanced persistent threat hacking groups, like we’ve seen in cases such as DarkHotel, Regin and Crouching Yeti/Energetic Bear, will begin to merge with hacking campaigns perpetrated by criminals, like those targeting JP Morgan Chase, Target and others.
There are a couple of ways that I see this potentially working: the nation-state groups could work together with criminal groups towards a common goal. This would work well for widely distributed denial of service attacks like those — allegedly coming from Iran — that targeted U.S. banks in 2012 and 2013, and for other sorts of attacks that are designed to cause system downtime.
State groups could also contract their espionage activities out to criminal groups, that will use criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities in critical infrastructure systems at the behest of government groups.
APT Groups Fragment, Attacks Increase and Diversify
Researchers believe that as security companies and independent researchers continue naming and shaming big, coordinated government sponsored hacking groups, those groups will be forced to split into smaller, independently operating APT actors. Researchers claim that this will likely lead to more diverse and frequent attacks.
New Bugs in Old, Widely Used Code
As it has been said here, at Threatpost and elsewhere, we are in the age of the Internet-wide bug. As the code-infrastructure of the Internet ages, we are likely to see more bugs in widely deployed implementations. Experts believe that we are only going to see more allegations of deliberate tampering, like in the case of Apple’s GoToFail. We will also see accidental implementation errors affecting broad swaths of the Internet, like in the case of OpenSSL Heartbleed and Shellshock/Bashbug.
Hackers Target Points of Sale, ATMs
Looking back 10 years from now, 2014 may well be the year of the point-of-sale attack. Researchers have no reason to believe that attackers will stop targeting point-of-sale systems any time in the near future. They certainly aren’t alone.
ATMs had a bad year too. Considering that most cash machines run the no-longer-supported, more-than-a-decade-old Windows XP, this trend is likely to increase as well.
The Rise of Apple Malware
You can go ahead and sort this into the category of predictions that are made every year. The Masque bug in iOS and the corresponding WireLurker malware targeting iOS devices via Apple and Windows port-machines, had a lot of experts saying that the age of Apple malware is finally upon us. However, the MacDefender malware had the same experts saying similar things back in 2011, as did the Flashback trojan in 2013. Really, only time will tell. Predicting the onslaught of OS X is always a safe bet, though we seem to only get a small handful of Mac malware in a given year and never much more.
Experts are betting that the increasing market share for OS X devices could finally attract the attention of attackers. They also admit that Apple’s closed-by-default ecosystem makes it harder for malware to successfully take hold of the platform, though some users — particularly those that like to use pirated software — will disable these features. Therefore attackers seeking to hijack OS X systems could find success by bundling their malware with pirated software.
Targeting Ticketing Machines
This prediction likely comes out of South America, a sort of hotspot for cybercrime. Big economies and population centers in countries like Brazil and Argentina tend to see new and different attacks from the rest of the world. Such is the case with Boleto fraud and such was the case when hackers compromised the near-field, communication-enabled ticketing systems at a Chilean public transportation system.
Like ATMs, many of these systems run on hopelessly vulnerable Windows XP systems. Some people may attack these systems in order to “stick it to the man,” researchers say, while others may try to target the payment information they process in an attempt to make bigger bucks.
Pawning Virtual Payment Systems
“As some countries, like Ecuador, rush to adopt virtual payment systems, we expect criminals to leap at every opportunity to exploit these,” researchers reasoned. “Whether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt.”
Apple Pay in the Crosshairs
This will be another fun story to watch unfold. Much has been said about Apple Pay, both good and bad, and anticipation for the payment system, developed by one of the world’s most popular tech firms, is high. Criminal hackers tend to attack popular platforms where the yield is likely high. If no one adopts Apple Pay, then no one will target it. However, if Apple Pay is as popular as Apple’s other traditional and mobile offerings, then we may be writing about Apple Pay hacks sooner rather than later.
“Apple’s design possesses an increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” researchers wrote.
Compromising the Internet of Things
Last but not least, the so-called “Internet of Things” is likely to come under fire in a big way in 2015. We’ve seen demonstrations on connected consumer devices and home security products at Black Hat and DEFCON for a few years now. Much of this, as the experts note, has been theoretical and overhyped. However, a panel of security researchers at a Georgetown Law event last week predicted that ransomware is going to emerge in a big way and scale particularly well on the Internet of Things.
“In 2015, there will surely be in-the-wild attacks against networked printers and other connected devices that can help an advanced attacker maintain persistence and lateral movement within a corporate network,” researchers say. “We expect to see IoT devices form part of an APT group’s arsenal, especially at high-value targets where connectivity is being introduced to the manufacturing and industrial processes.”
As for us regular guys? “On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware/spyware?) into smart TV programming.”
110 Reykjavik, Iceland