The Kaspersky Lab Security Bulletin for 2015 is filled with interesting insights and predictions for both job anxiety and possibly job security! The company noted that 2014 demonstrated that cyber criminals are capable of executing increasingly malicious attacks. In their 2015 “predictions” their list includes high-stake, targeted cyber-attacks pinpointing banks and the development of malware that can take cash directly from ATMs. In addition to financial cybercrime, there will be more privacy concerns, security worries about Apple devices and renewed fears about connected devices.
“Predictions” for 2015:
- Attacks against virtual payment systems, which could be extended to the new Apple Pay
- Attacks against ATMs
- Malware incidents where banks are breached using methods coming directly from the targeted cyber-attack playbook
- More Internet-bleeding stories: dangerous vulnerabilities appearing in old code, exposing the Internet infrastructure to menacing attacks
- In-the-wild attacks against networked printers and other connected devices that can help an advanced attacker to maintain persistence and lateral movement within a corporate network
- Malicious software designed for OSX being pushed via torrents and pirated software packages
- A shift where the bigger, noisy cyber-threat actors splinter into smaller units, operating independently of each other. This in turn will result in a more widespread attack base with more diverse attacks coming from more sources.
The top target? Banks…a classic game of follow the money. Recent investigations have found schemes that actively target banks. Once attackers get into a bank’s network, they can siphon enough information that lets them steal money directly from the bank in several ways:
- Remotely command ATMs to dispose cash
- Performing SWIFT transfers from various customers’ accounts
- Manipulating online banking systems to perform transfers in the background
ATMs are vulnerable and 2014 was a big year for those attacks with several public incidents and a rush globally by law enforcement authorities to respond to this crisis. As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default.
And lastly, attacks against virtual payment systems are expected to continue as criminals leap at every opportunity to exploit payment systems which will extend to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions.
Sounds like another fun year for cyber security!