BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Trend Micro: One major data breach a month in 2014?

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 12 Dec 2013 01:44:50 -0700
http://www.gmanetwork.com/news/story/339481/scitech/technology/trend-micro-one-major-data-breach-a-month-in-2014

If you thought this was a bad year in terms of data breaches, wait till
2014 when a major data breach is likely to occur each month.

This was one of eight grim predictions for 2014 by security vendor Trend
Micro, which also predicted the basic two-step verification may no longer
be enough to prevent attacks.

"We will see one major data breach incident a month," chief technology
officer Raimund Genes said inthe company's security predictions for 2014.

Trend Micro said this year's breaches had victimized Adobe, Evernote,
LivingSocial and Yahoo! Japan.

It said major incidents like these may continue to ensue in 2014.

"No organization will be safe from data breaches. Someone will always
attempt to break in to networks using new tools and by exploiting
vulnerabilities," it said.

On the other hand, it said stolen data will be dissected into
better-quality chunks and be more customized before being sold underground.

Trend Micro also said that with Microsoft ending support for Windows XP in
2014, there may be more attacks targeting it since XP remains popular.

"Data suggests that around 20% of PC users still run Windows XP. While the
number may not be as big as the Windows 7 base, they still represent a good
number of potential victims. It doesn’t help that Windows XP still has a
current install base of over 300 million computers inside corporations as
well," it said.

Other tech trends Trend Micro foresees for 2014 include:


- Mobile banking may suffer from more man-in-the-middle attacks and the
basic two-step verification may not be enough to protect users.

- Cybercriminals will increasingly use targeted-attack methodologies like
open source research and customized spear phishing along with multiple
exploits.

- There may be more clickjacking and watering-hole attacks, new exploits of
choice, and attacks via mobile devices.

- Attacks exploiting vulnerabilities in widely used but unsupported
software like Java 6 and Windows XP will intensify.

- The Deep Web will challenge law enforcement, which may struggle to build
capacity against cybercrime on a large scale.

- Public distrust will ensue especially after the exposure of
state-sponsored monitoring activities. This will result in a period of
efforts to restore privacy.

- There may not yet be any major breakthrough in cybercrime as criminals
will wait for a "killer app" with mass appeal to emerge.


Trend Micro also said the next big thing cybercriminals are waiting for
could be in the world of augmented reality, with virtual reality headsets
becoming a disruptive technology.

Banking threats

Trend Micro noted a "notable surge" in online banking, with more than
200,000 infections in the third quarter of 2013.

But it said the banking threats are no longer limited to computers and are
going mobile as well.

"Android will remain the most dominant OS in the market. But this dominance
will continue to be exploited, as we predict the volume of malicious and
high-risk Android apps to reach 3 million by the end of 2014. Though Google
did exert effort to address this, most recently with the release of Android
KitKat, not all users can take advantage of new security features due to
the OS’s heavily fragmented update process," it said.

It also said that while there may be new operating systems like Tizen,
Sailfish and Firefox OS, they may still allow Android apps to run - and
allow cybercriminals to stage multiplatform threats.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: