Publications
Partners
Cape Town - Cyber security woes have haunted IT professionals in 2014, but experts suggest that the pain will continue in 2015.
According to security firm Check Point, the bad news for security in 2014 is set to increase as cyber criminals look to exploit software and steal sensitive data and financial information.
In 2013 alone, US government officials responded to 228 700 cyber incidents in federal agencies as part of a $10bn a year effort to contain attacks from both cyber criminals and state actors.
In SA, the problem is as acute, though not widely reported. Cyber criminals often steal personal identities as a way of conducting fraud.
"It costs this country in excess of R3bn per annum in ID theft just from a governmental perspective. Imagine what it costs business," Andrew Kirkland, Trustwave regional director for Africa told Fin24.
He said that local companies have a lax attitude to security of their data and even if there was a breach, public reporting is unlikely.
"In South Africa, no. Nobody's going out there to publicly announce that they had a data breach. That would be quite catastrophic for them."
But hacking is not only about coding. The first target for a cyber criminal is to target the people using computers and smartphones through direct methods such as spam or phishing.
"Often the first kind of vulnerability exploited by attackers is the human one. They use social engineering techniques to trick individuals who work for an organisation into doing something that jeopardises corporate security," said Ghareeb Saad, senior security researcher with the Global Research & Analysis Team, Middle East, Turkey and Africa at Kaspersky Lab.
Hackers have been able to infiltrate corporate networks by using seemingly simple techniques such as sending e-mails designed to appear as if sent from senior management.
Below then are Check Point's top 6 malware threats for 2015:
Zero-second malware
Malware authors are increasingly using obfuscation tools so their attacks can bypass detection by anti-malware products and infiltrate networks. Threat Emulation, also known as sandboxing, is a critical layer of defence against this explosion in unknown infectious agents.
The company said that bots will continue to be a core attack technique, because they’re effective. The Check Point 2014 Security Report found that 73% of companies had existing bot infections a 10% increase compared with 2013 and critically, 77% of these infections were active for more than four weeks.
Mobile matters
Mobile device security remains an ongoing headache for IT professionals with Check Point revealing that 42% of companies had security incidents related to mobile devices, which cost more than $250 000 to tackle.
The company expects mobile security incidents to increase as 44% of organisations do not manage corporate data on employee devices.
Biting into mobile payments
Attackers are likely to step up the intensity of cyber intrusions of mobile payment systems as Apple Pay spurs development of multiple systems.
Compromised payment systems could see real word rewards for attacks which reveal consumer financial data.
Open source, open target
The revelation of Heartbleed, Poodle, Shellshock attacks shocked the IT community because they can potentially target anyone who uses an internet-connected computer.
In 2015, hackers will continue to search for these kinds of vulnerabilities to exploit them before patches can be developed.
Attacks on infrastructure
The Stuxnet, Flame and Gauss malware have taken cyber attacks by nation states to a level where significant damage can be done on infrastructure targets.
In 2014, the FBI arrested US National Weather Service employee Xiafen "Sherry" Chen for illegally downloading restricted files on vulnerabilities in 85 000 US dams.
Nearly 70% of critical infrastructure companies surveyed by the Ponemon Institute suffered a security breach over the last year.
Suspect devices
Criminals will be first adopters for new, internet connected technology. As more devices come online, criminals will look to exploit vulnerabilities to gain access to home networks.
Security researcher Nitesh Dhanjani demonstrated hacking into the Philips Hue LED smart light through a malware script on to a user's computer.
- Follow Duncan on Twitter
