Cyber criminals will intensify their attempts to exploit vulnerabilities in open source apps in 2015.
This is one of the biggest takeaways from a report by security solutions provider, Trend Micro. The 'Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible' also notes targeted attack campaigns will continue to multiply next year, after cyber criminals have achieved noteworthy breaches via targeted attacks in the US.
According to Trend Micro, vulnerabilities in open source protocols, such as Heartbleed and command processors like Shellshock, which remained undetected for years, were heavily exploited this year, leading to serious repercussions.
Just hours after the initial discovery of Shellshock, we saw several malware payloads in the wild, Trend Micro says, adding that distributed DDOS attacks and Internet Relay Chat bots related to the vulnerability's exploitation, which can disrupt business operations, were also spotted.
More than Web surface attacks, however, Shellshock also put users of all Linux-based operating systems and apps, which depended on protocols like HTTP, File Transfer Protocol, and Dynamic Host Configuration Protocol at risk, the report says.
It also notes that continuous security improvements in Microsoft Windows and other big-name operating systems will lead to a decline in their number of vulnerabilities. This will push attackers to instead focus on finding vulnerabilities in open source platforms and apps such as Open SSL v3 as well as OS kernels.
The company urges individuals and organisations to stay protected by regularly patching and updating their systems and software. It also advises organisations to invest in more intelligence-based security solutions backed by trusted global threat information sources, which can thwart exploitation attempts even if patches for vulnerabilities have yet to be issued.
Trend Micro's threat defence experts predict hackers in countries such as Vietnam, UK and India, will pursue the use of targeted attacks and we will see attacks against non-traditional countries like those recently seen against Malaysia and Indonesia-based organisations.
What we are seeing today is not a huge surprise, but cyber criminals have upped the velocity and brutal measures to steal information, says Gregory Anderson, country manager at Trend Micro, SA.
"Following the success of targeted attacks from Chinese and Russian cyber criminals, many hackers from other countries will regard cyber attacks as a more practical method to grab a foothold in an organisation. Additionally, with the incessant barrage of data breaches emerging almost daily, it's reasonable to presume data breaches will be essentially regarded as a common offshoot of the present threat landscape," he adds.
The report points out that threats around banking will continue to become more severe as more unique cyber crime attacks against financial institutions emerge, and financial and banking intuitions must implement two-factor authentication for online services.
"The payment ecosystem will continue to evolve," says Anderson. "Massive transformation is upon us and we will continue to see threat actors trying to manipulate near-field communications as certain platforms gain momentum due to their significant following and users' penchant for adopting the latest and greatest technology."
Share