Kaspersky Lab Releases Predictions for 2015

Woburn, MA – December 1, 2014 – This year has shown us that cyber criminals are capable of executing increasingly malicious attacks. In “Predictions,” the first part of the Kaspersky Security Bulletin, experts provide insight on what next year could look like in the security industry. The list includes high-stake, targeted cyber-attacks pinpointing banks and the development of malware that can take cash directly from ATMs. In addition to financial cybercrime, Kaspersky Lab predicts 2015 is likely to have more privacy concerns, security worries about Apple devices and renewed fears about connected devices.

Insights for 2015:

• Attacks against virtual payment systems, which could be extended to the new Apple Pay
• Attacks against ATMs
• Malware incidents where banks are breached using methods coming directly from the targeted cyber-attack playbook
• More Internet-bleeding stories: dangerous vulnerabilities appearing in old code, exposing the Internet infrastructure to menacing attacks
• In-the-wild attacks against networked printers and other connected devices that can help an advanced attacker to maintain persistence and lateral movement within a corporate network
• Malicious software designed for OSX being pushed via torrents and pirated software packages
• A shift where the bigger, noisy cyber-threat actors splinter into smaller units, operating independently of each other. This in turn will result in a more widespread attack base with more diverse attacks coming from more sources.

Top Target: Banks

During a recent investigation, Kaspersky Lab experts discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution. It represented the emergence of a new trend: targeted attacks directly against banks. Once attackers get into a bank’s network, they can siphon enough information that lets them steal money directly from the bank in several ways:

• Remotely command ATMs to dispose cash
• Performing SWIFT transfers from various customers’ accounts
• Manipulating online banking systems to perform transfers in the background

ATMs are vulnerable

Attacks against ATMs seemed to explode in 2014 with several public incidents and a rush globally by law enforcement authorities to respond to this crisis. As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default.

“In 2015, we expect to see further evolution of these ATM attacks with the use of targeted malicious techniques to gain access to the "brain" of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time,” comments Alexander Gostev, Chief Security Expert at Global Research and Analysis Team, Kaspersky Lab.

Attacks against virtual payment systems

The Kaspersky Lab Global Research and Analysis Team expect criminals to leap at every opportunity to exploit payment systems. These fears can also be extended to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions. This is a ripe market for security research and we expect the appearance of vulnerability warnings about weaknesses in Apple Pay, virtual wallets and other virtual payment systems.

“The enthusiasm over the new Apple Pay is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions. Apple’s design possesses and increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” added Gostev. 

The full text of the report is available on the Securelist website.

To read more about privacy tips and know how to protect your finance while online, please visit cybersmart.kaspersky.com.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Sarah Bergeron
781.503.2615
sarah.bergeron@kaspersky.com

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.