Cybersecurity Threats 2015: More Espionage, More Apple Malware

Cybercriminals will
train their gaze on
Apple more often
next year. Attacks
on OS X have
begun to rise, and
an acceleration of
those attacks is
likely, SentinelOne
noted, because
Apple continues to
grow its share of
the enterprise
market, where it
has become a
darling of
executives who are
ripe targets for
hackers. Apple's
security problems
are compounded by
its reputation as a
"safe" platform.

C yberspies will flourish and hackers will target Apple
devices more often in 2015.
Until now, Russia, China and the United States have
dominated the cyberespionage scene, but their success will
start to attract new players to the practice.
"We can expect some of the developing economies --
countries forecasted for high economic growth -- to engage
in these activities to protect their growth status," Carl
Leonard, a senior manager at Websense Security Labs ,
told TechNewsWorld. "Those players have yet to be
revealed."
"Cells" that will remain independent of the nation-states
they're operating in will supplement those efforts, launching
operations that advance the objectives of their native
countries, according to Websense. That kind of activity
already has been seen in Russia and China.
Russian cyberattacks on the West, as a form of retaliation
for political actions taken against the Kremlin, will continue,
forecast SentinelOne .
A lack of accountability within the Beijing regime will
allow China's cyberespionage efforts to continue unabated,
the firm also said.
Further, there will be an acceleration of cyberespionage
activity by Pakistan, SentinelOne predicted, mostly directed
at India. It will be outsourced, with contractors hired to
write malware and orchestrate attacks.
Apple in Crosshairs
Pakistan may be in the forefront of a trend SentinelOne
predicted for 2015: Attacks as a Service.
Instead of shopping here and there to gather the tools for an
attack, SentinelOne explained, an attacker will be able to
go to a website, choose malware, choose what to steal --
banking credentials, healthcare records, credit card numbers
and such -- request a number of infections, and pay for the
package.
While most cyberespionage has been directed at computer
systems, cyberspies increasingly will target mobile devices,
predicted Michael Shaulov, CEO of Lacoon Mobile
Security .
"We're going to see more attacks that are leveraging WiFi
hotspots, fake base stations or even more aggressive
exploitation of mobile browsers or messaging applications,"
he told TechNewsWorld.
Cybercriminals will train their gaze on Apple more often
next year.
Attacks on Apple's OS X desktop operating system have
begun to rise, SentinelOne noted.
An acceleration of those attacks is likely, the firm said,
because Apple continues to grow its share of the enterprise
market, where it has become a darling of executives who
are ripe targets for hackers.
Apple's security problems are compounded by its reputation
as a "safe" platform, according to SentinelOne. That has
resulted in the production of few products that can handle
advanced threats against Apple devices.
The same is true for Apple's mobile platform, iOS.
"iOS was reasonably very safe up until recently, but over
the last two to three months, cybercriminals have leveraged
the apps in the platform to attack the devices," Lacoon's
Shaulov said.
"That makes sense, because iOS is getting more traction in
the market," he added, "and the data being placed on the
iOS devices is more valuable."
Internet of Things
The Internet of Things also will become an attack surface
in 2015.
Printers, smart TVs, appliances, wearable computers -- a
whole host of cloud connected devices will be a new source
of cyberthreats in the coming year, predicted Willy
Leichter, global director of cloud security for CipherCloud.
"It's like any new technology. The standards haven't
solidified. No one has looked at the underlying security," he
told TechNewsWorld.
"There are also a lot of open source tools used by these
devices that may have vulnerabilities," Leichter added.
Although they will leverage the IoT in 2015, hackers will
be less interested in victimizing consumers than in using
smart devices to target businesses, noted Websense's
Leonard.
"Because these devices are Web-enabled," he said, "they
give hackers an additional entry point into a business. That's
what's going to intrigue the malware authors and what
they'll be attacking in 2015."
Breach Diary
Nov. 23. Symantec releases report on Regin, a
nation-state quality spyware program that it says has
been snooping on governments, infrastructure providers,
researchers and individuals since at least 2008.
Nov. 24. Sony Pictures Entertainment shuts down
its computers after its sites are vandalized by group
calling itself the "Guardians of Peace." Systems could be
offline from one day to three weeks, Sony said.
Nov. 25. ARC Group, of New York City, donates
US$500,000 in software and services to University of
Albany to establish a center to investigate and resolve
cybersecurity breaches.
Nov. 26. IntelCrawler identifies Point of Sale
malware that it's calling "d4re|devil," or Daredevil,
which is attacking ticket machines and electronic kiosks,
incuding ticket machines used in mass transit systems.
Malware contains both RAM scraping and keylogging
capabilities.
Nov. 27. Home Depot, in SEC filing, reports it's
facing at least 44 lawsuits stemming from data breach this
year that placed at risk 56 million payment cards of its
customers.
Nov. 27. Gigya, a targeted marketing provider,
reports traffic to its website is being redirected to server
informing visitors that company's website has been hacked
by Syrian Electronic Army.
Nov. 28. Poland's Supreme Audit Office reports
country's government institutions are ill-prepared for
cyberattacks and not cooperating well-enough to deal
with online threats.
Upcoming Security Events
Dec. 4. How to Stop Email Cyberattacks in their
Tracks. 1 p.m. ET. Webinar sponsored by Agari.
Free with registration.
Dec. 4. Cyber Response in Q4: Special
Considerations for End-of-the-Year Priorities. Noon
ET. Webinar sponsored by RSA Conference. free
with registration.
Dec. 4. Detecting and Deciphering Sophisticated
Malware C2 for Intelligence Gain. 1 p.m. ET. Black
Hat webinar. Free with registration.
Dec. 5. Be an Onion not an Apple. 9 a.m.-4 p.m.
ET. Capital Technology University, 11301 Springfield
Rd., Laurel, Maryland. Workshop sponsored by
Cybersecurity Forum Initiative. $195/seat.
Dec. 8-11. Black Hat Trainings. The Bolger
Center, Potomac, Maryland. Course Registation:
before Dec. 6, $2,700-$4,000; after Dec. 10, $3,800-
$4,300.
Dec. 9. The Modern DDoS Attack: Learn How
Companies are Responding. Noon, ET. Webinar
sponslored by Arbor Networks. Free with registration.
Dec. 9. ISIS Use of Cyber. 4 p.m.-7:30 p.m.
Enterprise Hall, GW Virginia Science & Technology
Campus, 44983 Knoll Square, Ashburn, Virginia.
Free with RVSP.
Dec. 10. Fill the Security Gaps in Your Firm's
Mobile Deployment. 1 p.m. ET. Webinar sponsored by
Lacoon Mobile Security. Free with registration.
Dec. 11. How to Manage a Data Breach Involving
Multiple Covered Entity Clients. 1-2 p.m. ET.
Webinar sponsored by AHA Solutions. Free with
registation.
Jan. 19, 2015. B-Sides Columbus. Doctors
Hospital West, 5100 W Broad St., Columbus, Ohio.
Fee: $20.
March 24-27, 2015. Black Hat Asia 2015. Marina
Bay Sands, Singapore. Registration: before Jan. 24,
$999; before March 21, $1,200; after March 20, $1,400.

Source:Cybertech