{"id":6979,"date":"2014-12-10T10:01:07","date_gmt":"2014-12-10T15:01:07","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=6979"},"modified":"2020-02-26T10:58:18","modified_gmt":"2020-02-26T15:58:18","slug":"ksb2014-predictions","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/ksb2014-predictions\/6979\/","title":{"rendered":"Kaspersky&#8217;s Global Research and Analysis Team&#8217;s Nine Security Predictions for 2015"},"content":{"rendered":"<p>It\u2019s December, and in the security industry that means one thing: predictions from experts about what trends will emerge in the next year. As always, some stuff is new, while other items show up on these lists every year. Below are <a href=\"https:\/\/securelist.com\/analysis\/kaspersky-security-bulletin\/67864\/kaspersky-security-bulletin-2014-predictions-2015\/\" target=\"_blank\" rel=\"noopener\">nine predictions from Kaspersky Lab\u2019s Global Research and Analysis Team<\/a>.<\/p>\n<p><strong>Cybercriminals Merge with APT Groups, Tactics<\/strong><\/p>\n<p>This is, in fact, one of the most interesting predictions. The idea here, as explicitly noted by Kaspersky Lab\u2019s experts, is that criminal groups will increasingly adopt nation-state tactics. <a href=\"https:\/\/threatpost.com\/ec3-head-paints-bleak-cybercrime-picture\/109742\" target=\"_blank\" rel=\"noopener nofollow\">Troels Oerting<\/a>, the head of Europol\u2019s Cybercrime Center, noted in a speech at Georgetown Law last week that this is already happening.<\/p>\n<p>However, whether they intended to or not, my researcher friends here at Kaspersky brought to my mind a second interesting possibility: that state-sponsored, advanced persistent threat hacking groups, like we\u2019ve seen in cases such as <a href=\"https:\/\/www.kaspersky.com\/blog\/talk_security_wirelurker_darkhotel\/\" target=\"_blank\" rel=\"noopener nofollow\">DarkHotel<\/a>, <a href=\"https:\/\/www.kaspersky.com\/blog\/regin-apt-most-sophisticated\/\" target=\"_blank\" rel=\"noopener nofollow\">Regin<\/a> and <a href=\"https:\/\/business.kaspersky.com\/crouching-yeti-got-caught-anyway\/2309\" target=\"_blank\" rel=\"noopener nofollow\">Crouching Yeti\/Energetic Bear<\/a>, will begin to merge with hacking campaigns perpetrated by criminals, like those targeting JP Morgan Chase, Target and others.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Darkhotel?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Darkhotel<\/a> APT in a single video: <a href=\"http:\/\/t.co\/NRqAl4docX\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/NRqAl4docX<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/531854094135091202?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 10, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There are a couple of ways that I see this potentially working: the nation-state groups could work together with criminal groups towards a common goal. This would work well for widely distributed denial of service attacks like those \u2014 allegedly coming from Iran \u2014 that targeted U.S. banks in 2012 and 2013, and for other sorts of attacks that are designed to cause system downtime.<\/p>\n<p>State groups could also contract their espionage activities out to criminal groups, that will use criminal tools and expertise to perform spying activities, steal intellectual property or gather intelligence about vulnerabilities in critical infrastructure systems at the behest of government groups.<\/p>\n<p><strong>APT Groups Fragment, Attacks Increase and Diversify<\/strong><\/p>\n<p>Kaspersky researchers believe that as security companies and independent researchers continue naming and shaming big, coordinated government sponsored hacking groups, those groups will be forced to split into smaller, independently operating APT actors. Researchers claim that this will likely lead to more diverse and frequent attacks.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>@Kaspersky expects to see a shift in 2015 where #APT groups splinter into smaller units, operating independently #KLReport<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F3Gg9&amp;text=%40Kaspersky+expects+to+see+a+shift+in+2015+where+%23APT+groups+splinter+into+smaller+units%2C+operating+independently+%23KLReport\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>New Bugs in Old, Widely Used Code<\/strong><\/p>\n<p>As it has been said here, at <a href=\"https:\/\/threatpost.com\/be-ready-next-internet-bug-wont-be-the-last\/109188\" target=\"_blank\" rel=\"noopener nofollow\">Threatpost<\/a> and elsewhere, we are in the age of the Internet-wide bug. As the code-infrastructure of the Internet ages, we are likely to see more bugs in widely deployed implementations. Kaspersky Lab\u2019s Global Research and Analysis team believes that we are only going to see more allegations of deliberate tampering, like in the case of Apple\u2019s GoToFail. We will also see accidental implementation errors affecting broad swaths of the Internet, like in the case of <a href=\"https:\/\/www.kaspersky.com\/blog\/heartbleed-howto\/\" target=\"_blank\" rel=\"noopener nofollow\">OpenSSL Heartbleed<\/a> and <a href=\"https:\/\/www.kaspersky.com\/blog\/what_is_the_bash_vulnerability\/\" target=\"_blank\" rel=\"noopener nofollow\">Shellshock\/Bashbug<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Major Bash vulnerability affects <a href=\"https:\/\/twitter.com\/hashtag\/Linux?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Linux<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/Unix?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Unix<\/a>, <a href=\"https:\/\/twitter.com\/hashtag\/Macs?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Macs<\/a>. \u201cIt\u2019s super simple&amp;every version of Bash is vulnerable\u201d <a href=\"http:\/\/t.co\/xsTuXtCrEM\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/xsTuXtCrEM<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/514878008608686080?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 24, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>Hackers Target Points of Sale, ATMs<\/strong><\/p>\n<p>Looking back 10 years from now, 2014 may well be the year of the point-of-sale attack. Kaspersky researchers have no reason to believe that attackers will stop targeting point-of-sale systems any time in the near future. They certainly aren\u2019t alone.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>In the next stage, we will see attackers compromising the networks of banks to manipulate #ATM #machines in real time #KLReport<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F3Gg9&amp;text=In+the+next+stage%2C+we+will+see+attackers+compromising+the+networks+of+banks+to+manipulate+%23ATM+%23machines+in+real+time+%23KLReport\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p>ATMs had a bad year too. Considering that most cash machines run the no-longer-supported, more-than-a-decade-old Windows XP, this trend is likely to increase as well.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">\"Tyupkin <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#malware<\/a> is an example of the attackers taking advantage of weaknesses in the ATM infrastructure\" <a href=\"https:\/\/t.co\/sAZuW1maYd\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/sAZuW1maYd<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/519790599335997441?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">October 8, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><strong>The Rise of Apple Malware<\/strong><\/p>\n<p>You can go ahead and sort this into the category of predictions that are made every year. <a href=\"https:\/\/www.kaspersky.com\/blog\/wirelurker_vulnerability_revealed\/\" target=\"_blank\" rel=\"noopener nofollow\">The Masque bug<\/a> in iOS and <a href=\"https:\/\/www.kaspersky.com\/blog\/wirelurker-ios-osx-malware\/\" target=\"_blank\" rel=\"noopener nofollow\">the corresponding WireLurker malware<\/a> targeting iOS devices via Apple and Windows port-machines, had a lot of experts saying that the age of Apple malware is finally upon us. However, the MacDefender malware had the same experts saying similar things back in 2011, as did the Flashback trojan in 2013. Really, only time will tell. Predicting the onslaught of OS X is always a safe bet, though we seem to only get a small handful of Mac malware in a given year and never much more.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">WireLurker is no more. <a href=\"https:\/\/twitter.com\/hashtag\/WireLurker?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#WireLurker<\/a> is gone: <a href=\"https:\/\/t.co\/yjdK4xgX06\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/yjdK4xgX06<\/a> <a href=\"http:\/\/t.co\/gSGd2tSELf\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/gSGd2tSELf<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/530664719615401986?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 7, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Kaspersky Lab\u2019s experts are betting that the increasing market share for OS X devices could finally attract the attention of attackers. They also admit that Apple\u2019s closed-by-default ecosystem makes it harder for malware to successfully take hold of the platform, though some users \u2014 particularly those that like to use pirated software \u2014 will disable these features. Therefore attackers seeking to hijack OS X systems could find success by bundling their malware with pirated software.<\/p>\n<p><strong>Targeting Ticketing Machines<\/strong><\/p>\n<p>This prediction likely comes out of South America, a sort of hotspot for cybercrime. Big economies and population centers in countries like Brazil and Argentina tend to see new and different attacks from the rest of the world. Such is the case with <a href=\"https:\/\/www.kaspersky.com\/blog\/boletos_what_can_we_learn\/\" target=\"_blank\" rel=\"noopener nofollow\">Boleto fraud<\/a> and such was the case when hackers compromised the near-field, communication-enabled ticketing systems at a <a href=\"https:\/\/securelist.com\/blog\/virus-watch\/67283\/android-nfc-hack-allow-users-to-have-free-rides-in-public-transportation\/\" target=\"_blank\" rel=\"noopener\">Chilean public transportation system<\/a>.<\/p>\n<p>Like ATMs, many of these systems run on hopelessly vulnerable Windows XP systems. Some people may attack these systems in order to \u201cstick it to the man,\u201d Kaspersky Lab researchers say, while others may try to target the payment information they process in an attempt to make bigger bucks.<\/p>\n<p><strong>Pawning Virtual Payment Systems<\/strong><\/p>\n<p>\u201cAs some countries, like Ecuador, rush to adopt virtual payment systems, we expect criminals to leap at every opportunity to exploit these,\u201d Kaspersky researchers reasoned. \u201cWhether social engineering the users, attacking the endpoints (cellphones in many cases), or hacking the banks directly, cybercriminals will jump all over directly monetized attacks and virtual payment systems will end up bearing the brunt.\u201d<\/p>\n<p><strong>Apple Pay in the Crosshairs<\/strong><\/p>\n<p>This will be another fun story to watch unfold. <a href=\"https:\/\/threatpost.com\/rich-mogull-on-apple-pay\/108367\" target=\"_blank\" rel=\"noopener nofollow\">Much has been said about Apple Pay<\/a>, both good and bad, and anticipation for the payment system, developed by one of the world\u2019s most popular tech firms, is high. Criminal hackers tend to attack popular platforms where the yield is likely high. If no one adopts Apple Pay, then no one will target it. However, if Apple Pay is as popular as Apple\u2019s other traditional and mobile offerings, then we may be writing about Apple Pay hacks sooner rather than later.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Apple Pay. Next time cybercriminals will not mess with celebrities\u2019 pics, but their money <a href=\"http:\/\/t.co\/ICDOK64XxP\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/ICDOK64XxP<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/509758479444090881?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 10, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<div class=\"pullquote\">On the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware\/spyware?) into smart TV programming.<\/div>\n<p>\u201cApple\u2019s design possesses an increased focus on security (like virtualized transaction data) but we\u2019ll be very curious to see how hackers will exploit the features of this implementation,\u201d Kaspersky researchers wrote.<\/p>\n<p><strong>Compromising the Internet of Things<\/strong><\/p>\n<p>Last but not least, the so-called \u201cInternet of Things\u201d is likely to come under fire in a big way in 2015. We\u2019ve seen demonstrations on connected consumer devices and home security products at Black Hat and DEFCON for a few years now. Much of this, as the Kaspersky experts note, has been theoretical and overhyped. However, a panel of security researchers at a Georgetown Law event last week predicted that ransomware is going to emerge in a big way and scale particularly well on the Internet of Things.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">A fascinating story how <a href=\"https:\/\/twitter.com\/JacobyDavid?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@JacobyDavid<\/a> hacked his smart home <a href=\"https:\/\/t.co\/ckTyeMVLUp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/ckTyeMVLUp<\/a> <a href=\"http:\/\/t.co\/q4LiqsBnA4\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/q4LiqsBnA4<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/515189019617918976?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 25, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u201cIn 2015, there will surely be in-the-wild attacks against networked printers and other connected devices that can help an advanced attacker maintain persistence and lateral movement within a corporate network,\u201d Kaspersky researchers say. \u201cWe expect to see IoT devices form part of an APT group\u2019s arsenal, especially at high-value targets where connectivity is being introduced to the manufacturing and industrial processes.\u201d<\/p>\n<p>As for us regular guys? \u201cOn the consumer side, IoT attacks will be limited to demonstrations of weaknesses in protocol implementations and the possibility of embedding advertising (adware\/spyware?) into smart TV programming.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kaspersky Lab experts make predictions about what trends will emerge in the security industry in 2015.<\/p>\n","protected":false},"author":42,"featured_media":6980,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[891,14,820,658,352,892,97],"class_list":{"0":"post-6979","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-9-predictions","9":"tag-apple","10":"tag-apple-pay","11":"tag-internet-of-things","12":"tag-kaspersky-lab","13":"tag-predictions","14":"tag-security-2"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/ksb2014-predictions\/6979\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/ksb2014-predictions\/4441\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/ksb2014-predictions\/4375\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/ksb2014-predictions\/4910\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/ksb2014-predictions\/6381\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/ksb2014-predictions\/5765\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/ksb2014-predictions\/6381\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/ksb2014-predictions\/6979\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/ksb2014-predictions\/6979\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/9-predictions\/","name":"9 predictions"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6979","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=6979"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6979\/revisions"}],"predecessor-version":[{"id":33409,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/6979\/revisions\/33409"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/6980"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=6979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=6979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=6979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}