Kaspersky’s Global Research and Analysis Team’s Nine Security Predictions for 2015

December 10, 2014

It’s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new, while other items show up on these lists every year. Below are nine predictions from Kaspersky Lab’s Global Research and Analysis Team.

KSB-2015-Predictions

Cybercriminals Merge with APT Groups, Tactics

This is, in fact, one of the most interesting predictions. The idea here, as explicitly noted by Kaspersky Lab’s experts, is that criminal groups will increasingly adopt nation-state tactics. Troels Oerting, the head of Europol’s Cybercrime Center, noted in a speech at Georgetown Law last week that this is already happening.

However, whether they intended to or not, my researcher friends here at Kaspersky brought to my mind a second interesting possibility: that state-sponsored, advanced persistent threat hacking groups, like we’ve seen in cases such as DarkHotel, Regin and Crouching Yeti/Energetic Bear, will begin to merge with hacking campaigns perpetrated by criminals, like those targeting JP Morgan Chase, Target and others.

There are a couple of ways that I see this potentially working: the nation-state groups could work together with criminal groups towards a common goal. This would work well for widely distributed denial of service attacks like those — allegedly coming from Iran — that targeted U.S. banks in 2012 and 2013, and for other sorts of attacks that are designed to cause system downtime.

State groups could also contract their espionage activities out to criminal groups, that will use criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities in critical infrastructure systems at the behest of government groups.

APT Groups Fragment, Attacks Increase and Diversify

Kaspersky researchers believe that as security companies and independent researchers continue naming and shaming big, coordinated government sponsored hacking groups, those groups will be forced to split into smaller, independently operating APT actors. Researchers claim that this will likely lead to more diverse and frequent attacks.

New Bugs in Old, Widely Used Code

As it has been said here, at Threatpost and elsewhere, we are in the age of the Internet-wide bug. As the code-infrastructure of the Internet ages, we are likely to see more bugs in widely deployed implementations. Kaspersky Lab’s Global Research and Analysis team believes that we are only going to see more allegations of deliberate tampering, like in the case of Apple’s GoToFail. We will also see accidental implementation errors affecting broad swaths of the Internet, like in the case of OpenSSL Heartbleed and Shellshock/Bashbug.

Hackers Target Points of Sale, ATMs

Looking back 10 years from now, 2014 may well be the year of the point-of-sale attack. Kaspersky researchers have no reason to believe that attackers will stop targeting point-of-sale systems any time in the near future. They certainly aren’t alone.

ATMs had a bad year too. Considering that most cash machines run the no-longer-supported, more-than-a-decade-old Windows XP, this trend is likely to increase as well.

The Rise of Apple Malware

You can go ahead and sort this into the category of predictions that are made every year. The Masque bug in iOS and the corresponding WireLurker malware targeting iOS devices via Apple and Windows port-machines, had a lot of experts saying that the age of Apple malware is finally upon us. However, the MacDefender malware had the same experts saying similar things back in 2011, as did the Flashback trojan in 2013. Really, only time will tell. Predicting the onslaught of OS X is always a safe bet, though we seem to only get a small handful of Mac malware in a given year and never much more.

Kaspersky Lab’s experts are betting that the increasing market share for OS X devices could finally attract the attention of attackers. They also admit that Apple’s closed-by-default ecosystem makes it harder for malware to successfully take hold of the platform, though some users — particularly those that like to use pirated software — will disable these features. Therefore attackers seeking to hijack OS X systems could find success by bundling their malware with pirated software.

Targeting Ticketing Machines

This prediction likely comes out of South America, a sort of hotspot for cybercrime. Big economies and population centers in countries like Brazil and Argentina tend to see new and different attacks from the rest of the world. Such is the case with Boleto fraud and such was the case when hackers compromised the near-field, communication-enabled ticketing systems at a Chilean public transportation system.

Like ATMs, many of these systems run on hopelessly vulnerable Windows XP systems. Some people may attack these systems in order to “stick it to the man,” Kaspersky Lab researchers say, while others may try to target the payment information they process in an attempt to make bigger bucks.

Pawning Virtual Payment Systems

“As some countries, like Ecuador, rush to adopt virtual payment systems, we expect criminals to leap at every opportunity to exploit these,” Kaspersky researchers reasoned. “Whether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt.”

Apple Pay in the Crosshairs

This will be another fun story to watch unfold. Much has been said about Apple Pay, both good and bad, and anticipation for the payment system, developed by one of the world’s most popular tech firms, is high. Criminal hackers tend to attack popular platforms where the yield is likely high. If no one adopts Apple Pay, then no one will target it. However, if Apple Pay is as popular as Apple’s other traditional and mobile offerings, then we may be writing about Apple Pay hacks sooner rather than later.

On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware/spyware?) into smart TV programming.

“Apple’s design possesses an increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” Kaspersky researchers wrote.

Compromising the Internet of Things

Last but not least, the so-called “Internet of Things” is likely to come under fire in a big way in 2015. We’ve seen demonstrations on connected consumer devices and home security products at Black Hat and DEFCON for a few years now. Much of this, as the Kaspersky experts note, has been theoretical and overhyped. However, a panel of security researchers at a Georgetown Law event last week predicted that ransomware is going to emerge in a big way and scale particularly well on the Internet of Things.

“In 2015, there will surely be in-the-wild attacks against networked printers and other connected devices that can help an advanced attacker maintain persistence and lateral movement within a corporate network,” Kaspersky researchers say. “We expect to see IoT devices form part of an APT group’s arsenal, especially at high-value targets where connectivity is being introduced to the manufacturing and industrial processes.”

As for us regular guys? “On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware/spyware?) into smart TV programming.”