2015 security predictions: IoT attacks to join cloud breaches and ransomware

Think 2014 has been a bad year for security, with high-profile cloud breaches and system hacks? Well, things aren't going to get any better in 2015.

2014 has been a bad year when it comes to security, with hackers focusing their attention high-profile targets ranging from Apple to Sony. But security headaches look set to continue in 2015, with hackers going after targets both old and new.

Security researchers at Malwarebytes Labs, provider of the number one user-installed anti-malware solution, has compiled a list of predictions of what we'll see next year in terms of malware, phishing, mobile threats and more.
  1. We'll see an increase in fileless payloads: In an effort to circumvent detection as well as more complex obfuscation techniques new types of malware has been created that doesn't leave a physical file on the system but rather only runs in memory, making it difficult to detect and especially difficult to remove. This will likely be a trend adopted by new and existing malware families in 2015 and the antivirus and anti-malware communities will makes necessary changes to combat this new threat.
  2. There will be a rise in mobile ransomware: What we see on the PC side, we soon see on the mobile side. We have already seen mobile malware variants that encrypt phone data and demand payment to retrieve. Pre-existing phone backup options will make this threat less severe, however many users still might be willing to pay to get their data back.
  3. Standardization of data streams will deliver multiple payloads through a single web session: An up and coming trend in the exploit market is loading numerous types of malware onto a victim system during a drive-by exploit. This is done because of the malware market process wherein one group controls the malware, and another group controls the distribution of the malware. In this case, one distributor is utilizing the same data stream during an exploit to install numerous malware on the victim system.
  4. Angler EK will likely become the leading exploit kit: Angler Exploit Kit is the first EK to introduce file less exploits and also one of the first one to utilize 0-Day Flash Exploits. In addition to how often it is already being used, it is likely that we will see it as the main exploit kit of choice for 2015.
  5. More and more people may begin to buy into the idea or notion that their smartphone may be more important than their wallet: Our mobile devices make our lives easier and do it while we are on the go. We take pictures, have conversations, pay our bills and entertain ourselves from these small, powerful devices. Despite this, however, the attitude towards physically and digitally securing our phones will remain the same, with few users making the required effort to do so.
  6. Phishers will continue to use sophisticated and effective tactics to get users to hand over their information. It's highly likely that, due to the bombardment of PI-stealing breaches at large companies, the pool of spear phishing targets will be larger and not just limited to a select few (like executives).
  7. The first major Internet of Things attack will be noticed: Both mainstream media and the general public will hear about the first major hacker attack against an internet connected device (that was previously not connected). Take, for example, a thermostat that can be controlled over the internet.
  8. We'll witness a rise in mobile banking Trojans: We have already seen this increase in the last year, and we are going to continue to see more in the future. With more people using mobile devices to bank, it's becoming more popular for malware authors to exploit. Creating a fake site that looks like a mobile banking site may be a bit easier for malware authors since many sites are limited to keep the data processing low.
  9. We'll see more cloud-related breaches: Cloud security is now more important than desktop security. This is due to the fact that users are uploading tons of personal data like images or documents to 'cloud' storage, a storage mechanism available anywhere in the world. This makes it easy for an attacker to gain access if they are able to compromise the account. In addition, with the trend of users making purchases, downloading games, songs, movies, etc. through cloud services, the attractiveness of these accounts has increased and we will see more of an effort against gamers and video/music streamers.
  10. Adware will behave more and more like viruses: Potentially Unwanted Programs (PuPs) are a nuisance to the modern user because of their high requirements for system resources and constant bombardment of advertising. However, we have seen numerous instances this year of PUPs actually going a step further and installing near-malicious and full-malicious software on the host system. This trend may very well become more prevalent in the coming year as the war against junk software leads some developers to dabble in illegal activities to make a profit.

The bottom line

Vigilance is going to be required by all, covering everything from cloud to individual mobile devices. This means more headaches for IT admins and the need for greater vigilance over BYOD any IoT devices that existing within corporations. Also, the idea that cloud breaches will continue should make companies sit up and pay attention, given the huge fallout from the Sony attack.

See also: