They predict organizations will see the following in 2014:
State-sponsored attacks and cyber espionage - Security professionals are keenly aware of the frequency and success rate of state-sponsored cyber attacks, but for many others it is out-of-sight and out-of-mind. Every day, critical infrastructure and organization entities face state-sponsored cyber attacks. Far less common is it for nation states to admit being behind them. But as more countries become equipped, empowered and emboldened to orchestrate these attacks we can only expect the frequency and severity to increase.
Nontraditional, Internet-connected device attacks - There is proof-of-concept evidence that it could be possible to take control of medical devices such as a pacemaker. Though this is a pretty terrifying scenario, it has yet to happen in the real world. Of course, not all devices are as crucial as the pacemaker, but that doesn’t deter hackers who enjoy “pranking” hacks, which target devices connected to the Internet like Internet-controlled thermostats. With more and more things connected to the Internet we can expect these attacks to rise in 2014.
Improved public awareness of the cost of cybercrime - Cybercriminals are targeting a staggering number of people and businesses for the purpose of mass data theft. They are after anything of value such as credit card numbers, personal information (that can be used for identity theft), bank account details, corporate trade secrets and more. As long as this type of data is stored online then it will always be targeted by malicious actors- individual hackers, activist groups, organized crime rings or nation states.
Along with the increased frequency and severity of cyber-attacks comes the responsibility of organizations to report a breach affecting customers or shareholders. The trend over the past few years for companies to be more transparent in disclosing information about data breaches and cyber-security exposures is likely to continue in 2014.
Adobe-like breaches - In October 2013, Adobe announced that there had been a security breach in its systems. The breach included the source code of Adobe’s ColdFusion and Acrobat software along with 150 million active user accounts according to reports. With so many breaches of user data, the data can end up being sold to the highest bidder. With all of that information, it can make issuing attacks or stealing money easier for the attacker later on. But in a case of stolen software or source code, there is also a large risk of a hacker knowing the ins and outs of the software thereby allowing them to write malicious code aimed at weaknesses they find. With the source code at their power, we may be seeing these exploits come to light in 2014 and more Adobe patches being created for the new exploits.
Mobile malware - Along with the growing popularity of mobile devices, malware has been lurking right alongside. Most malware targets the Android operating system. The Android OS is more of an open operating system compared to iOS or the Blackberry OS, allowing developers to have more freedom in the creation of apps, which in turn provides more opportunity for those developers to create malware. With Android being the most popular mobile device operating system out there, we suspect to see the malware volume continue to increase in 2014. As the mobile malware market continues to grow next year, Google will most likely be right there taking steps to further secure the Android operating system.
Ransomware - Thanks to the media hype and the sheer effectiveness of malware such as Citadel and CryptoLocker in 2013, we should expect to see a continued if not an increased use of Ransomware well into 2014. CryptoLocker’s technique of encrypting data on its targets making it unusable even after CryptoLocker is removed proved to be highly effective for the cybercriminals. When something works for the bad guys, they tend to stick with it. The only thing that would possibly hinder the appearances of more Ransomware on the horizon would be the capture of the CryptoLocker group by authorities.
The Onion router - Thanks to the recent arrests of Ross Ulbricht, founder of the Silk Road, and his associates, there will be a lot of chatter about what’s next for TOR and the hidden internet, or Deep Web, as it’s sometimes called. As the FBI proved with the Silk Road arrests however, TOR isn’t completely anonymous anymore. People will be having the discussion about whether or not we will truly be able to remain anonymous online.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.