Ivan Wen, Country Manager, Blue Coat Systems Malaysia (pic), said that in the last 12 months there has been a "pivotal acceleration of threats" to the security landscape as the threat environment evolve from hobbyists and cyber criminals, to a much more sophisticated group of adversaries:
We have consistently seen an increase in targeted attacks, often called Advanced Persistent Threats (APT), especially in the form of DDOS or data theft. These attacks are highly public and impactful which not only compromising an organization's network temporarily but also harming the business in various ways. This is very intentional and what is called 'hacktivism.'
Today, it is not just governments and large organisations that fall victim to cyber-attacks, but also specific individuals within organizations. The nature of attacks is swiftly becoming more personalised, targeted toward the individual.
As a result, the rise of malware attacks on mobile devices is also becoming one of the most notable trends in recent cybercrime. In 2014, 'Malvertising' emerged as the leading attack vector mimicking the rise of Web ad traffic. And, there have been many various mobile malwares are leveraged for APT attacks targeted at a specific organization.
As these adversaries become more skilled, the need for more advanced and fully integrated security measures grows. It is also coupled with the facts that today password is no longer secure and traditional security defence remains largely blind to advanced malwares and zero-day attacks.
For 2015, we expect the following trends:
i) Privacy and security concerns will dig in for a long war
Encrypted Traffic will increase so will data breaches. The use of encryption will continue to increase to protect consumer privacy. Malware will increasingly hide behind encryption to evade detection by most enterprises that are struggling to balance employee privacy with attacks hiding behind encryption.
ii) Big media will say no to malvertising
Major media properties will increasingly display ads from partner networks that host malware. As the risks of infection by visitors to their Web properties increase, these media companies will put more pressure on their ad partners to eliminate malvertising.
iii) 2015 will be the year of potentially unwanted software
Potentially unwanted software (PUS) is picking up on mobile devices. Hidden deep down in end-user licensing agreements and frequently missed by users downloading free aps, PUS will increasingly be part of downloads to gather information about the users' web surfing. As PUS is increasingly added to free software by developers seeking to monetize their creations, it will slow down or even destabilize an infected device.
iv) Ransomware on the rise
Ransomware hit a lot of people in 2014. The next logical next step for ransomware creators is to increase value from the pool of victims. Blue Coat predicts that the next real targets will be small businesses or small government organizations, organisations and entities with hundreds of thousands in their bank account. These attacks will involve conducting reconnaissance on target computers/systems. If attacks can access the network storage, attackers can demand higher ransoms.
v) Cyber attack targets the social networks
Cyber attackers will increasingly leverage information from social networks to customize the attacks in a better way. Most targeted attacks have a social context which increases the efficacy. Attackers will exploit their knowledge of target victims to gain access to critical systems and data.
vi) The emergence of espionageware
While it was relatively low in 2014, we expect an increase in the usage of surveillance software that is created by security companies or nation states to monitor certain people. As international conflicts emerge, these tools will inevitably be used to keep track of what people are doing and whether they're a security risk or not.
vii) More vulnerabilities
"Common mode failure" events where a single defect such as Heartbleed and Shellshock, can cause failures to ripple through a system. Vulnerability seekers have had their first taste of this and there's no going back now. In 2015, we expect to see:-
- Increased development and technology costs as developers start to invest more in code analysis on open-source, or move toward commercial alternatives where a 3rd party / licensee can be liable
- More open-source factionalizing
- A slowdown to the pace of innovation overall as vendors are forced to spend more resources on emergency maintenance releases.
Sign up for CIO Asia eNewsletters.