Woburn, MA – December 1, 2014 – This year has shown us that cyber criminals are capable of executing increasingly malicious attacks. In “Predictions,” the first part of the Kaspersky Security Bulletin, experts provide insight on what next year could look like in the security industry. The list includes high-stake, targeted cyber-attacks pinpointing banks and the development of malware that can take cash directly from ATMs. In addition to financial cybercrime, Kaspersky Lab predicts 2015 is likely to have more privacy concerns, security worries about Apple devices and renewed fears about connected devices.
Insights for 2015:
Top Target: Banks
During a recent investigation, Kaspersky Lab experts discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution. It represented the emergence of a new trend: targeted attacks directly against banks. Once attackers get into a bank’s network, they can siphon enough information that lets them steal money directly from the bank in several ways:
ATMs are vulnerable
Attacks against ATMs seemed to explode in 2014 with several public incidents and a rush globally by law enforcement authorities to respond to this crisis. As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default.
“In 2015, we expect to see further evolution of these ATM attacks with the use of targeted malicious techniques to gain access to the "brain" of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time,” comments Alexander Gostev, Chief Security Expert at Global Research and Analysis Team, Kaspersky Lab.
Attacks against virtual payment systems
The Kaspersky Lab Global Research and Analysis Team expect criminals to leap at every opportunity to exploit payment systems. These fears can also be extended to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions. This is a ripe market for security research and we expect the appearance of vulnerability warnings about weaknesses in Apple Pay, virtual wallets and other virtual payment systems.
“The enthusiasm over the new Apple Pay is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions. Apple’s design possesses and increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” added Gostev.
The full text of the report is available on the Securelist website.
To read more about privacy tips and know how to protect your finance while online, please visit cybersmart.kaspersky.com.
About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.
For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter
Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter
Media Contact
Sarah Bergeron
781.503.2615
sarah.bergeron@kaspersky.com
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report "Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.