10 Cybersecurity Predictions for 2015

Posted by Malcovery Security on Tue, Dec 30, '14

2015_red-12014 was a non-stop year of hacks and headlines when cyber criminals pushed the limits of conventional security to the breaking point. From celebrity phishing to the White House network, Wall Street powerhouses to the corner Dairy Queen, no one was safe. What will we see in 2015 and how will we respond? In this article, we’ll explore the top 10 cybersecurity predictions for 2015.

Prediction #1: Password re-use attacks will increase.

It is well documented that following each major password dump by the criminals a wave of secondary “password guessing” attacks hits large enterprises. This process will gain prevalence and criminal tools will automate the “guess scanning” of any new password from any source, whether Breach, Malware, or Phishing.

Prediction #2: Increased diversity in phishing targets.

While large banks and Internet companies will be heavily targeted, other industries will be phished as well. 

2014 included huge increases in:

  • Dating sites (ChristianMingle.com, Match.com)
  • Email providers (AOL/gmail/live.com/Yahoo)
  • Gaming companies (Steam, Bable.net, WOW)
  • ISPs (Bell.CA, CenturyLink, Comcast, Cox)
  • Mobile providers (ATT, Telia, Vodafone, BT, Verizon)
  • Tax offices (Australia, Canada, HMRC, Impots.gouv.fr, IRS)
  • Online businesses (Careerbuilder, Dropbox, Netflix, Twitter)

Prediction #3: Webmail phish targeted against businesses.

Because of the practice of Single Sign On in many organizations, as well as the Social engineering advantages of being able to send email as an insider, Webmail will continue to be heavily phished. Often these phish will be targeted at top executives or key data brokers within the organization.

Prediction #4: Congress will react to breaches.

After the Target hearing, it was clear that Congress was ANXIOUS to show its value by regulating something related to data breaches. With both houses in one party, we will certainly see legislation introduced, likely addressing:

  • SEC filings of risk, and stock holder disclosures
  • Criminal penalties for being breached
  • New regulations superseding PCI

Prediction #5: New data archival technologies.

Card breaches, data breaches, and the Sony debacle will lead the industry to adopt new “offline archival” practices. Data breaches leaking 25-year-old sensitive documents, including PII and Healthcare data are inexcusable. Companies will re-evaluate what SHOULD be reachable online. New technologies will emerge to address this challenge.

Prediction #6: DDOS attacks cause Open DNS Resolver attention.

In the current environment, 5,000 Open DNS Resolvers can create a 400-500 Gbps DDOS attack. We all know the problem, but we have lacked the momentum to achieve the solution. This will be the year that changes.

Prediction #7: Wiper malware commoditized.

Wiper malware will become the new tool of choice for hacktivists and digital anarchists. A “Script Kiddie Friendly” Wiper attack tool will be readily available during 2015.

Prediction #8: Fundamental ccTLD/gTLD re-examination.

Domain names registered entirely for fraud with false, incomplete, or misleading WHOIS information are being protected by current Registrar policies. MILLIONS of fraudulent domains are being registered each month. Privacy policies are being used to shield criminals in unprecedented ways.

Prediction #9: Vulnerable webserver issue addressed.

We will see multiple attempts, with little chance to succeed, by industry and/or regulators to address the issue of vulnerable websites being weaponized by criminals.

Prediction #10: Mac-targeted Malware will become common.

As Apple computer products grow in popularity, and as businesses diversify their attack exposure by choosing Apple products, we will see an increase in Mac-targeted malware.

What do you think of our 2015 predictions? Share your thoughts in the comments section below.

We learned a lot in 2014. Click the button below for instant access to the full webinar - State of Cybersecurity: A Look Back at 2014 and What to Expect in 2015. 

Topics: Cybersecurity

   
View Webinar Now