Espionage, Device Attacks Surge in 2015: McAfee

Friday, December 12, 2014 @ 02:12 PM gHale


Cyber espionage and attacks on connected devices will surge in 2015, according to McAfee Labs’ annual threats predictions report for the coming new year.

Cyber warfare should become a regular tactic — especially for “small nation states and terror groups” — in 2015, with a focus on gathering valuable intelligence on high-profile people and intellectual property as well as operational intelligence.

RELATED STORIES
Spotlight on Internal Vulnerability
Breach: When Minutes Count
Data Breach Awareness on Rise
Malware Creation Skyrockets in Q3

Researchers talked about the attack possibility:

“They will attack by launching crippling distributed denial of service attacks or using malware that wipes the master boot record to destroy their enemies’ networks. At the same time, long-term cyber espionage players will implement better methods to remain hidden on a victim’s network, using better and more sophisticated stealth technologies and other means to remain below the operating system and out of sight.”

On a more tangible level for everyday Internet users, the report outlined other security threats expected to dominate soon, many of which could affect the growth of the Internet-of-Things movement.

McAfee highlighted an emerging field dubbed “Cybercrime-as-a-Service,” positing that stolen health credentials are valued at roughly $10 each – 10 to 20 times the value of a stolen U.S. credit card number. With the fervor and hype surrounding connected devices and apps particularly geared toward health and fitness, that is a worrisome prospect for end users and tech brands alike.

Mobile attacks will inevitably continue, now with more attention on the deployment of malware-generation kits and malware source code. Researchers also warned about the further establishment of “untrusted app stores” spreading mobile malware.

Near field communications (NFC) digital payment technology might really be seeping into the mainstream – not just because of the imminent debut of the Apple Watch but also because it will be serve as a “new attack surface to exploit.” However, researchers suggested this might actually be avoidable through a little end user education and getting people to simply tinker with NFC security and features on their mobile devices.

Nevertheless, personal data will still be vulnerable elsewhere, according to the McAfee report. Point-of-sale systems in stores are still cash cows for cyber criminals. POS systems and other tech employed by major retailers ties back to the ocean of data collected from connected devices and also the threat of cyber espionage, as explained in the report:

“Many retailers now build rich profiles about their customers-including buying habits and product interests, credit history, location history, contact details, and more. Further, successful retailers’ strategic, operational, and financial plans can be quite valuable to the right buyer. Some cybercriminals appear to be using an APT-based cyber espionage approach to infiltrate retailers’ systems, from which they surreptitiously gather intelligence beyond credit card information to sell to the highest bidder.”

Researchers expect this to continue throughout 2015 even as major credit card giants such as MasterCard and Visa gear up the roll out of chip-and-pin cards to their U.S. customers soon.

Looking back on the last year, McAfee identified a 112 percent increase in mobile malware samples — now exceeding five million — with an 86 percent growth in suspected URLs this quarter. McAfee Labs even detected approximately 307 new threats every minute during the third quarter of 2014 alone.

If those numbers aren’t enough, McAfee has also observed a 1,076 percent surge in malicious signed binaries over the past two years.

Additional threats called out on the McAfee Labs forecast include more non-Windows malware attacks in the wake of Shellshock, more software exploitation, and ransomware targeting cloud and mobile data.



Leave a Reply

You must be logged in to post a comment.