Don’t expect to be able to drop your guard anytime soon when it comes to cyber crime, Fortinet warns.
2015 has been forecast as a year where cyber criminals will continue to evolve to be bigger, badder and more sophisticated in their attacks, as law enforcement agencies worldwide move to catch out hackers in their current methods.
One of these predictions is that blastware – a malware that allows hackers to gather valuable data from a system and then destroy it to cover their tracks and delete all trace of them – will cause some damage.
The growing trend of Blastware appeared earlier this year in the form of a malware commonly known as Dorkbot and NGRbot, which tricked webmail or social media users by sending a link that mimicked Skype.
Fortinet’s FortiGuard Labs noticed that with NGRbot, hackers had a code routine built into the malware. If it was tampered with, the malware would self-destruct and wipe out all the information on the hard drive.
This could be problematic for businesses, as the FortiGuard Labs team says it affects the law enforcement’s ability to crack down on cyber crime.
“This is a direct counter response to the rise of incident response services,” they said.
Another devious tactic predicted to help hackers evade law enforcement charges is to frame innocent people by intentionally planting cyber evidence, which will lead investigators astray from the real culprits.
Foritnet has also predicted this evasiveness will mean hackers will target Sandboxes – a current security mechanism being used by law enforcement, which runs malware in isolated machines and monitors it.
The FortiGuard Labs team says malware will be designed to thwart this security technique so attackers can remain at large.
For individuals, home automation, security systems, and webcams are at risk.
Specific types of malware, in particular Trojan horses, infect attachments that are opened on a computer and can remotely control and activate a computer’s functions, including their webcam.
This happened in Pennyslvania in the US. In 2010, a student won a law suit against Harriton High School, which was spying on students (at home as well as at school) using the webcams of their 2300 school-issued laptops.
A ring of hackers known as GhostNet in China has also accessed 1,295 webcams in 103 countries.
For businesses, critical infrastructure such as Human Machine Interfaces and Supply Chain systems as well as network attached storage and routers are at risk.
It’s predicted hackers will cause trouble with third-party components by selling malware that’s then issued to businesses.
Researchers at mobile security firm Lookout this month found malware that pretended to be a ringtone application preloaded onto mobile phones that were being sold in Asian and African countries.
The malware, aptly named ‘DeathRing’, was believed to have been pre-installed somewhere in the supply chain.
“We saw DeathRing in the system partition of the phone – an area of the phone not otherwise accessed by consumers or retailers,” Jeremy Linden, senior security product manager at Lookout said in SecurityWeek.
“It suggests to us that an attacker was somewhere in the distribution process flashing this malware onto the phones before it ever reached the retailers.”
In another case, A Reddit user reported a Chinese-manafactured e-cigarette infected their computer with pre-loaded malware, when it were plugged into the USB port for charging.
Huge data breaches similar to Targets and Home Depot’s this year are predicted to continue into 2015, with cyber criminals finding ways to crack retail and financial systems.
Target’s data breach compromised 70 million user records, while Home Depot’s data breach compromised 56 million user’s credit cards.
Click through here to see a visualization of the world’s biggest data breaches
Foritnet predicts this to be taken one step further to infiltrating assembly lines, factories and healthcare and building management, resulting in revenue and reputation loss for organisations.
Solutions to cyber crime
Businesses need to stay proactive in the face of an attack by moving forward and learning to prevent attacks, rather than just thinking about how to react to them, says Fortinet global strategist Derek Manky.
With hackers moving at lightening speed, organisations must make sure they have sophisticated and up-to-date security measures in place to stop attackers, he says.
This includes selecting a vendor that offers product security incident response teams for instant help when something goes wrong, as well as deep threat research that can prevent hacks before they happen.
“As threats move to attack new product and software solutions, organisations are at even greater risk,” he says.
“It is imperative they choose not just a security solution, but a proactive and intelligent solution, to protect them from the broad breadth and depth of growing attacks that firewall solutions alone will not stop.”