Cyber-threats of 2014 revealed

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://eandt.theiet.org/news/2013/dec/2014-cyber-threats.cfm

Computer kidnapping, hacking of cars, medical devices or watches,
state-sponsored attacks and Obamacare website breaches have been named
among the most likely cyber-crimes of 2014.

The list of the greatest cyber security threats the world might face in the
upcoming year has been compiled by cyber security research teams of a
private business security company WatchGuard.

1. Computer kidnapping

On the top of the list, according to the WatchGuard analysts, are threats
caused by the so called ransomware, a class of malicious software that
tries to take a computer hostage. This type of attacks has grown steadily
over the past few years, but a particularly nasty variant emerged in 2013.
Called the CryptoLocker, the virus has affected millions, probably securing
an incredibly high return on investment to the perpetrators. With such a
score, WatchGuard believes, CryptoLocker will attract many followers in
2014, who will try to mimic its capabilities.

2. Hacking the Internet of Things

The firm believes white and black hat hackers alike will spend more time in
the upcoming year trying to crack non-traditional computer devices such as
cars, watches, toys and medical devices. While security experts have warned
about securing these devices for the past few years, the market is just now
catching up with the expectation.

3. Major state-sponsored attack

A Hollywood-like scenario might become a reality in 2014, according
WatchGuard, with a major state-sponsored attack targeting critical
infrastructure. Even if these assets are kept offline, the often-cited
Stuxnet proved that motivated cyber attackers could infect non-networked
infrastructure, with some potentially disastrous results. Researchers have
spent the past few years discovering and studying the vulnerabilities in
industrial control systems and supervisory control and data acquisition
solutions, and found that these systems have many holes.

4. Harassing the Obamacare website

The vulnerable US HealthCare.gov insurance website might become too
tempting for the hackers to resist. Between its topical popularity, and the
value in its data store, Healthcare.gov is an especially attractive
cyber-attack target. Security researchers have already pointed out minor
security issues like evidence of unsuccessful web application attacks and
attempted Denial-of-Service attacks.


5. High-profile targets suffering chain-of-trust hack

Despite most of the top-level victims, including governments and the
best-performing businesses having generally exceptional levels of
protection, they still could be vulnerable through their partners and
contractors. Exploiting such weaker links presents a real temptation for
advanced attackers, eager to prove to the world their outstanding skills.
The WatchGuard believes the number of attacks exploiting partners to access
top organisations will increase in 2014.

6. Meaner malware

More attackers might try to explore aggressive strategies in order to
impose their will on the victims. Though destroying the victim’s computer
has so far mostly been the by product and not the main goal of the hackers’
activities, success of malware such as the CryptoLocker and its countdown
timer might inspire cyber-criminals to create more destructive viruses,
worms and Trojans in 2014.

7. Exploiting cyber-psychology

Soft-skills might become more important in the cyber war as criminals are
expected to employ new strategies focusing not solely on the technology but
on the user and his or her psychology. The tactics may include more
convincing phishing emails and leveraging pop culture to trick the users.

However, not only the attackers are expected to leap forward in 2014.
WatchGuard believes companies won’t want to stay behind and will try to get
rid of outdated strategies and employ security visibility tools to help
identify vulnerabilities and set stronger policies to protect crucial data.

"With shadowy government agencies building their own botnets, huge data
breaches like the one Adobe suffered, and nasty file damaging malware like
CryptoLocker, 2013 was an exhausting year for cyber defenders,” said
WatchGuard Technologies’ Director of Security Strategy, Corey Nachreiner.

“However, with new security visibility tools now available, 2014 should be
the year of security visibility. And, although the threat landscape will
continue to evolve at a blistering pace, with clever new exploit techniques
and criminals focusing on new targets, security professionals should be
able to use these new visibility tools to swing the cyber war pendulum back
in their direction.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.