AppRiver Presents Top Security Threat Predictions for 2015

December 10, 2014

AppRiver Presents Top Security Threat Predictions for 2015

AppRiver, a leading provider of email messaging and Web security solutions, has today issued its predictions for the coming year.  Its team of analysts has used indicators gathered from analysis of recent malware developments and criminal activity to determine how the threat landscape will evolve in the near future.

 

AppRiver predicts that:

The bevy of 2014 breaches, and the abundance of credit card and other personal information obtained from them, will lead to an increase in spear-phishing and other more targeted attacks in 2015.  Point-of-sale malware will continue to disrupt big box stores, retailers and restaurants.  The uptick in critical vulnerabilities seen in the last few months will continue as further unexposed weaknesses in widely used platforms and protocols will continue to be a goal for attackers. 

 

Speaking about these predictions, AppRiver’s senior security analyst Fred Touchette, said, “So much private personal information exists on the cyber underground now that criminals will be able to put together very specific personal profiles of their targets thanks to these breaches and coupled with further information gleaned from social media. Recent highly effective social engineering ploys, such as those utilized in ransomware, will continue to terrorize businesses and, while the criminals may begin to get away with less money through awareness and proper backup procedures by the intended targets, there will still be plenty of unsuspecting victims whose data will be at risk and likely compromised, still costing the business itself.”

 

Speaking about POS malware, Troy Gill, manager of security research for AppRiver adds, “These programs are often simple in design and have one job - to siphon credit card and account information from transactions as they happen. The seemingly simple nature of how they make their way into systems is troublesome and is a sure sign that these systems will continue to be major targets throughout 2015.”

 

Other areas where AppRiver’s security analysts voice concerns are: the widening use of individual cloud storage services posing a greater risk to personal, as well as professional targets, as company documents and data comingle with personal files in the cloud; increasingly sophisticated malware will continue to defeat detection by hiding in common services and using non-traditional forms of communication such as TOR or Peer to Peer; and acts of cyber aggression will continue between many nation states including the U.S. and China, as well as remain a tool of warring nations. 

 

However, it’s not all doom as it also believes mobile payment systems will work aggressively to make digital payments through services such as ApplePay, Google Wallet and CurrentC far more secure.

 

Jon French, security analyst at AppRiver concludes, “Vendors have been trying hard to change the way we make transactions - with features such as Near Field Communication and virtual wallets in our mobile devices. Unfortunately its early adoption has left a bit too much to be desired, thanks to security issues, so we can expect mobile payment systems and its architectures as a highly likely target of attack.”

 

 

A complete listing of AppRiver’s 2015 threat predictions immediately follow:

 

Tried and true malware techniques will continue to evolve—Recent,highly-effective social engineering ploys such as those utilized in ransomware will continue to terrorize businesses. The criminals may begin to get away with less money through awareness and proper backup procedures by the intended targets, but there will still be plenty of unsuspecting victims whose data will be at risk and likely compromised, still costing the business itself.

The widening use of individual cloud storage services will begin to pose a larger risk to businesses—The use of Dropbox, OneDrive, Box, Google Drive, as well as all of the other cloud storage services by individuals as a means to more easily access documents in multiple locations will pose a greater risk to personal as well as professional targets as company documents and data comingle with personal files in the cloud.

Point-of-sale (PoS) malware will continue to disrupt big box stores, retailers and restaurants—2014 proved to be the year of the breach and that was due to a rash of PoS style malware. The seemingly simple nature as to how they keep making their way into these systems is also troublesome and is a sign that these systems will continue to be major targets throughout 2015.

Chip Card Technology will begin to force some cyber thieves to change the way they do business—As card issuers are finally moving to either chip and PIN or chip-and-signature technology, we expect to see several changes in the card fraud landscape. Where previously a cards magnetic stripe information could be easily stolen and replicated, cards with chips will not be so easily re-produced. We expect they will have to rely on transactions where the card is not required to be present such as certain online purchases and services. This move may also result in an increase in identity theft as the thieves would be able to create and open new accounts in their victims’ names. 

The bevy of breaches that occurred during 2014 and the abundance of credit card and other personal information obtained from them will lead to an increase in spear-phishing and other more targeted attacks—So much private personal information exists on the cyber underground now that criminals will now be able to put together very specific personal profiles of their targets thanks to these breaches and coupled with further information gleaned from social media. This information will be integral for highly targeted attacks or to be used in such a way as to defeat new card technologies.

The TOR network and P2P networks will see a rise in use by botnets and benign services as well—More sophisticated malware will continue to defeat detection by hiding in common services and using non-traditional forms of communication such as TOR or Peer to Peer. On the other hand Facebook’s new experimental move into the TOR network may inspire other reputable services to want to provide anonymous access thereby enticing new users who may have been unwilling to try them beforehand.

The increasing use of wearable technology will begin to be examined a little deeper as people begin to wonder about where all of the data that they’re processing is ending up—With the ever-expanding marketplace of health and fitness apps coupled with wearable devices monitoring our every move, heartbeat, and location continue to gain popularity, compromised security or just poor privacy settings will leak this personal data out into the world and people will begin to wonder where it is all ending up and what it’s being used for. Expect to see a lot of this data being used in target marketing.

Unexposed vulnerabilities in widely used platforms and protocols will continue to be a goal for attackers—This year showed us some major issues with secure communication like that in SSL as leveraged by Heartbleed and a long time bug in Bash with Shellshock. The discovery of vulnerabilities such as these will continue to be a major goal for attackers and defenders alike.

Mobile Payment Systems work aggressively to make digital payments through services such as ApplePay, Google Wallet and CurrentC much more secure—Vendors have been trying hard to change the way we make transactions with features such as Near Field Communication and virtual wallets in our mobile devices. Unfortunately its early adoption has left a bit too much to be desired thanks to security issues and concerns. Look for these to be addressed immediately and a slow roll out to more retailers in 2015.

The ever-growing increase in mobility could spell trouble for Bring Your Own Device policies—Businesses that have very loose or even no BYOD policies may be in trouble as more and more people are moving to smart devices where business and personal life and data live side by side. This could create a sharp increase in lost or compromised data collected from these devices.

Acts of cyber aggression will continue between many nation states including the U.S. and China, as well as remain a tool of warring nations—We may not be privy to the majority of these attacks against infrastructure or corporate espionage between our collective countries but evidence suggests that the Internet has become an important tool in every aspect of our lives including war and politics. Expect this “boots at home” tactic to remain in the playbook as a first move in most conflicts whether it be just reconnaissance or even the disabling of infrastructures and communications.

 

About AppRiver

AppRiver is a Software-as-a-Service (SaaS) provider offering award-winning email and Web security solutions to businesses of all sizes. Understanding the need to protect networks from today's increasingly complex IT threats, AppRiver offers businesses a comprehensive, yet affordable subscription-based solution that incorporates the latest spam and virus protection, email encryption and Web security on the market. In addition, the company provides a complete managed service for Microsoft Exchange, as well as a bundled Office 365 solution. Since its inception, AppRiver has sustained an impressive 93% customer retention rate while growing its customer base to more than 47,000 companies and 8.5 million mailboxes worldwide. The company maintains offices in Florida, Georgia, Texas, New York, Switzerland and Spain, and is led by an Ernst & Young Florida Entrepreneur of the Year award winner. For more information, please visit ww.appriver.com.

 

###