Lessons from 2014 - the year of the cyber-criminal

Lessons from 2014 - the year of the cyber-criminal
Lessons from 2014 - the year of the cyber-criminal

No one is safe from getting hacked. This has been no more evident than last year when we saw some of the biggest high-end data breaches of large companies ever seen to date. Data, personal records and financial information has been stolen and sold on the black market in a matter of days. eBay, Target and more recently Sony have all been major victims of hacks predicated by a growing and more sophisticated cyber-criminal network. In addition, Poodle, Shellshock and Heartbleed were amongst the major security vulnerabilities exposed in 2014, which have not only shocked the security industry to its core but caused many to reflect on the potential vulnerability of consumers and business IT protection.

As the New Year starts, many questions are now being raised about what the security industry can learn from 2014, what trends will continue to put business critical data at risk and how can security solutions help mitigate cyber-attacks. Whilst working with some of the largest financial institutions and manufacturers in the UK on protecting data against cybercrime, we have pulled together some security exploits businesses need to be aware of in 2015 to ensure a successful approach to data protection of intellectual property.

Increase in known Trojan toolkits and code utilised in targeted attacks and APTs

The technology to take existing malicious functionality and obfuscate it to evade security solutions has been in existence for years and continues to be perfected. Today there's a wide variety of malicious code-based toolkits available for trade in the cyber-underground. In 2015, malicious actors will concentrate their effort on tactics used to infiltrate organisations rather than focusing on developing new Trojan code. Taking existing malicious code functionality, altering and obfuscating it to evade detection will allow malicious actors a ‘lower entry barrier' to commence advanced attacks That, in conjunction with keeping the attack very targeted, will increase the chances of attacks  staying persistent for longer periods of time.

‘Basic web-based attacks' will increase the likelihood of follow up ‘main ingredient' attacks

Unleashing an advanced attack and failing can compromise the entire attack vector of a malicious actor. However, by ‘testing the water' and unleashing basic attacks, cyber-criminals can divulge critical details which can increase the odds of success for subsequent advanced attacks. In 2015, web-based attacks that phish for significant personal details or issue reconnaissance on target computers without appearing too suspicious, will be become more prevalent and start to impact the security of  organisations' IT infrastructure. These types of attacks will also be initiated by malicious actors wishing to harvest sensitive ‘entry level' information from different laterals and put it up for sale in underground ‘threat information exchange' markets. This type of information exchange is therefore going to decrease the overall time needed to commence a successful attack.

More crimeware will bypass traditional security solutions

The cyber-underground was buzzing in 2014 with a social wave of actors that held different types of expertise and toolkits to circumvent current traditional security measures. 2015 will therefore see a reduction in complexity to unleash successful attacks and organisations will face more infections that are not advanced attacks but rather crimeware-based and involve common types of malware. In parallel, IT security technology endeavours to keep pace with their latest cyber-threats and faces a new challenge in 2015 of having reduced availability of cyber-security personnel to deal with threats.

Privilege escalation is the new ‘hot bed' of attack vectors and zero day attacks

Social engineering-based attacks prove to be as effective as zero day exploits to infiltrate organisations. These attacks prey on weak links in the organisation and trick targets into action. However, the real prize for cyber-criminals is in the post infiltration stage where they are able to gain administrative rights on the machine to continue spreading malware and maximise potential data theft. Therefore the use of privilege escalation exploits will become one of the common methods for an attack to stay persistent and maximise its impact in 2015.

‘Hands on' offensive security skills and products to be adopted by security teams

Dedicated products and teams focusing on offensive security research will become more prevalent in 2015. Products and services that utilise a practical approach to detect and dissect resident attacks with fast forensic abilities will be widely adopted by the market. Due to high profile attacks in 2014, the ability to recognise threats that penetrated the network and the context (type of attacks) identified, will be critical to increase the security posture of the organisation as well as recognise the areas in most need of attention. In parallel, security intelligence and information sharing will ‘boom' in 2015. It will become an essential part of the toolkit to stop and survive advanced attacks and give context to attacks to allow security teams to prioritise and invest their time on high-confidence and high-severity security incidents first. The ‘hands-on' approach of analysis, forensics of threats and information sharing of the cyber-attack chain will therefore be very popular in 2015.

2014 was a seminal year for the IT security industry. Whether its cyber-war, industrial espionage or organised cyber-criminal gangs, 2015 is set to see new security challenges continue to arise as malicious actors have proven their ability to circumvent traditional security solutions again and again. With all companies having sensitive intellectual property, it is critical that IT managers take steps to ensure its information is property monitored and secured in 2015.

Contributed by Elad Sharf, security research manager at Performanta.