As we all bade farewell to 2014 with the Sony hack and The Interview alongside the bizarre North Korean Internet “disturbances” in clear sight, the issue of what cyber security threats we face in 2015 looms large.
Forbes reports that NetIQ’s senior director of security strategy, Geoff Webb, looks at both broader market context and the details in cyber attack patterns when he assess the year ahead. Webb cites the Target hack at the close of 2013 as a sign of the larger trend of attacks targeting the retail industry in 2014 as an example of his analysis. NBC reports that multiple experts believe that cyber security issues are now more tangible for the general public than ever before, and this has led to a greater awareness of actual threats.
Expect to see these cyber security issues in 2015:
Malware Messages That Make the Grade
It used to be easy to pick out spam or a message with malware attached, but that isn’t going to be true as much anymore. These messages with links or attachments could easily infect your computer, but they were replete with bad grammar, poor-quality images, and other obvious signs that the message wasn’t really sent by anyone legitimate. Now senders of malware have better tools that allow them to lift real logos, images, and language from business websites, and malware itself is getting harder to shut down. Why? Because malware is big business that makes money for users.
What You Can Do
Don’t assume you can spot the fakes; you probably can’t anymore. The safest tactic? Don’t click on links in emails, at all. If you feel you have to, hover over them first with your mouse so you can ensure that they go where they say they do. If it looks even a little off, don’t click it. And absolutely do not open attachments unless you are certain of what they are and who the sender is.
Ransomware In the Cloud and On Your Mobile Devices
Ransomware like Cryptolocker works by infecting a computer or device, locking up documents, and demanding payment from the owner for access to the files. McAfee Labs has been tracking more ransomware attacks on mobile devices recently. And now that ransomware is targeting the cloud, where can you backup safely?
What You Can Do
In addition to taking care with links and attachments which may carry ransomware, backup frequently, and consider using an external hard drive. When you use cloud storage, use a reliable provider. For your document management and file sharing, use high-quality software, keep it updated, and work over secure servers only. If your files get locked, do not pay for access. You probably won’t get it, and this only helps the attackers.
Point-of-Sale Attacks
Remember the Target hack? Forty million consumers were impacted by it, and although card issuers in the US have now switched to EMV cards with microchips in them to improve security, point-of-sale attacks are going to continue. This will especially be true for retailers that need to upgrade their terminals to accept the newer, more secure cards. According to McAfee point-of-sale attacks will also be moving towards mobile systems like Apple Pay, even as Apple and American Express work to replace payment card data online with randomized “tokens.”
What You Can Do
Unfortunately, all you can really do (other than switch to cash only) is carefully monitor your bank statements for unusual activity, make purchases only over secure networks (never over public Wi-Fi, for example), and limit your online purchases to trusted retailers. Of course millions of people probably thought Target was that kind of retailer — but you get the idea.
Personalized Targeting
This isn’t exactly a new trend, but cyber criminals are getting better and better at it.
What You Can Do
Avoid giving out your personal information including your employer, birthdate, hometown, and other personal details on social networking sites. Criminals use these details expertly.
Cyberwar and Espionageware
The Sony hack and its ties to North Korea are making cyber security experts believe that we will soon see more conflicts between nations and political groups online. They also believe we will see more use of malicious software for purposes of to spying on individuals on the part of governments. Based on this concern Amnesty International recently released an anti-spyware tool designed to detect government surveillance software on mobile devices.
What You Can Do
For the average person who is not a high value political target, vigilant security measures — most of the same advice you’d follow for all cyber security concerns — provide the most protection. Always update antivirus software, do not click on links in emails (or be careful when you do), be extremely cautious with attachments, don’t sign into accounts over public Wi-Fi networks, never reveal personal data online or via email, and use strong passwords.
More Open Source Software Holes Surface
One of the things that made the Heartbleed bug of 2014 so serious was that this open source code vulnerability had been there for years when it was discovered. The good news here is simply that people are really taking the time to look for these vulnerabilities; of course, the problem is that some of the people looking aren’t searching to be of help.
What You Can Do
The best thing to do here (other than follow strict security protocols which you should be doing anyway) is to stay informed on this subject so you know when and if you need to take action on behalf of your business or home system.
The Bottom Line
Cyber security is an elusive goal. More threats are coming; the best you can do is stay informed and be vigilant in your security measures.
