BreachExchange mailing list archives
Cyber-threats of 2014 revealed
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 24 Dec 2013 20:17:44 -0700
http://eandt.theiet.org/news/2013/dec/2014-cyber-threats.cfm Computer kidnapping, hacking of cars, medical devices or watches, state-sponsored attacks and Obamacare website breaches have been named among the most likely cyber-crimes of 2014. The list of the greatest cyber security threats the world might face in the upcoming year has been compiled by cyber security research teams of a private business security company WatchGuard. 1. Computer kidnapping On the top of the list, according to the WatchGuard analysts, are threats caused by the so called ransomware, a class of malicious software that tries to take a computer hostage. This type of attacks has grown steadily over the past few years, but a particularly nasty variant emerged in 2013. Called the CryptoLocker, the virus has affected millions, probably securing an incredibly high return on investment to the perpetrators. With such a score, WatchGuard believes, CryptoLocker will attract many followers in 2014, who will try to mimic its capabilities. 2. Hacking the Internet of Things The firm believes white and black hat hackers alike will spend more time in the upcoming year trying to crack non-traditional computer devices such as cars, watches, toys and medical devices. While security experts have warned about securing these devices for the past few years, the market is just now catching up with the expectation. 3. Major state-sponsored attack A Hollywood-like scenario might become a reality in 2014, according WatchGuard, with a major state-sponsored attack targeting critical infrastructure. Even if these assets are kept offline, the often-cited Stuxnet proved that motivated cyber attackers could infect non-networked infrastructure, with some potentially disastrous results. Researchers have spent the past few years discovering and studying the vulnerabilities in industrial control systems and supervisory control and data acquisition solutions, and found that these systems have many holes. 4. Harassing the Obamacare website The vulnerable US HealthCare.gov insurance website might become too tempting for the hackers to resist. Between its topical popularity, and the value in its data store, Healthcare.gov is an especially attractive cyber-attack target. Security researchers have already pointed out minor security issues like evidence of unsuccessful web application attacks and attempted Denial-of-Service attacks. 5. High-profile targets suffering chain-of-trust hack Despite most of the top-level victims, including governments and the best-performing businesses having generally exceptional levels of protection, they still could be vulnerable through their partners and contractors. Exploiting such weaker links presents a real temptation for advanced attackers, eager to prove to the world their outstanding skills. The WatchGuard believes the number of attacks exploiting partners to access top organisations will increase in 2014. 6. Meaner malware More attackers might try to explore aggressive strategies in order to impose their will on the victims. Though destroying the victim’s computer has so far mostly been the by product and not the main goal of the hackers’ activities, success of malware such as the CryptoLocker and its countdown timer might inspire cyber-criminals to create more destructive viruses, worms and Trojans in 2014. 7. Exploiting cyber-psychology Soft-skills might become more important in the cyber war as criminals are expected to employ new strategies focusing not solely on the technology but on the user and his or her psychology. The tactics may include more convincing phishing emails and leveraging pop culture to trick the users. However, not only the attackers are expected to leap forward in 2014. WatchGuard believes companies won’t want to stay behind and will try to get rid of outdated strategies and employ security visibility tools to help identify vulnerabilities and set stronger policies to protect crucial data. "With shadowy government agencies building their own botnets, huge data breaches like the one Adobe suffered, and nasty file damaging malware like CryptoLocker, 2013 was an exhausting year for cyber defenders,” said WatchGuard Technologies’ Director of Security Strategy, Corey Nachreiner. “However, with new security visibility tools now available, 2014 should be the year of security visibility. And, although the threat landscape will continue to evolve at a blistering pace, with clever new exploit techniques and criminals focusing on new targets, security professionals should be able to use these new visibility tools to swing the cyber war pendulum back in their direction.”
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Cyber-threats of 2014 revealed Audrey McNeil (Dec 27)