Cyber-espionage expected to surge in 2015: McAfee Labs
Cyber-warfare has been batted around everywhere from IT circles to popular culture, almost reaching a fever pitch recently surrounding suspicion and reports regarding the breach at Sony Pictures.
Nevertheless, cyber-warfare is expected to become a regular tactic – especially for “small nation states and terror groups” – in 2015, with a focus on gathering valuable intel on both high-profile people and intellectual property as well as operational intelligence.
They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks. At the same time, long-term cyber espionage players will implement better methods to remain hidden on a victim’s network, using better and more sophisticated stealth technologies and other means to remain below the operating system and out of sight.
On a more tangible level for everyday Internet users, the Intel Security brand outlined a number of other security threats expected to dominate soon, many of which are expected to affect – if not hamper – the growth of the Internet-of-Things movement.
McAfee highlighted an emerging field dubbed “Cybercrime-as-a-Service,” positing that stolen health credentials are valued at roughly $10 each – 10 to 20 times the value of a stolen U.S. credit card number. With the fervor and hype surrounding connected devices and apps particularly geared toward health and fitness, that is a worrisome prospect for end users and tech brands alike.
Mobile attacks will inevitably continue, now with more attention on the deployment of malware-generation kits and malware source code. Researchers also warned about the further establishment of “untrusted app stores” spreading mobile malware.
Near field communications (NFC) digital payment technology might really be seeping into the mainstream – not just because of the imminent debut of the Apple Watch but also because it will be serve as a “new attack surface to exploit.” However, researchers suggested this might actually be avoidable through a little end user education and getting people to simply tinker with NFC security and features on their mobile devices.
Nevertheless, personal data will still be – if not more – vulnerable elsewhere, according to the McAfee report. Point-of-sale systems in stores – the source of Target’s infamous credit card breach in 2013 – are still cash cows for cyber criminals. POS systems and other tech employed by major retailers ties back both to the ocean of data collected from connected devices and also the threat of cyber-espionage, as explained in the report:
Many retailers now build rich profiles about their customers-including buying habits and product interests, credit history, location history, contact details, and more. Further, successful retailers’ strategic, operational, and financial plans can be quite valuable to the right buyer. Some cybercriminals appear to be using an APT-based cyber espionage approach to infiltrate retailers’ systems, from which they surreptitiously gather intelligence beyond credit card information to sell to the highest bidder.
Researchers expect this to continue throughout 2015 even as major credit card giants such as MasterCard and Visa gear up the roll out of chip-and-pin cards to their U.S. customers soon.
Looking back on the last year, McAfee identified a 112 percent increase in mobile malware samples — now exceeding five million – with an 86 percent growth in suspected URLs this quarter. McAfee Labs even detected approximately 307 new threats every minute during the third quarter of 2014 alone.
If those numbers aren’t enough, McAfee has also observed a 1,076 percent surge in malicious signed binaries over the past two years.
Additional threats called out on the McAfee Labs forecast include more non-Windows malware attacks in the wake of Shellshock, more software exploitation, and ransomware targeting cloud and mobile data.
Chart via McAfee Labs