It is interesting to note that since the BlackPOS source code was leaked in 2012, it will probably facilitate the creation of new variants of this threat that will increase over the next few years. There are other malware families for POS like JacksPos or Dexter, which could be the responsible ones for big attacks on Target wherein 40 million cards’ data was stolen or Home Depot where 56 million cards were leaked after more than 5 months of the attack that started in April and was not discovered until almost September, when the company announces the leak. In mid-2014 ESET published a blog post on We Live Security about the worm Win32/BrutPOS that tries to brute-force its way into PoS machines by trying a variety of (overused) passwords in order to log in via Remote Desktop Protocol (RDP). On the other hand, point of sale systems are still a current technology and malware authors are well aware of that. At this point, it is already obvious that cybercriminals will continue putting efforts into payment systems the more money circulates on the web.
In parallel with the growing use of online payment systems, the cybercrime interest on attacking them grows too. In December of 2014, in a panel discussion at Georgetown Law’s called “Cybercrime 2020: The Future of Online Crime and Investigations” it was mentioned that “ ransomware is the future of consumer cybercrime”.
#Eset cyber security 2015 android#
During 2014, we saw big companies like Yahoo, Match or AOL get hit by ransomware and ESET researchers also published Android/Simplocker analysis, the first Android File-Encrypting TOR-enabled Ransomware. Ransomware will be a key point for malware developers and it will be a more relevant threat in the following years. These stats are based only on well-known public attacks, so it is reasonable to think that the statistics showing a growing trend is real the amount, however, should be bigger, taking into account attacks that never reach the public space because of confidentiality reasons. In this context, it is important to notice that the attack vectors are predominantly Social Engineering Attacks or zero-day exploits.Īccording to APTnotes repository- a site that collects APT attacks from various publicly-available documents and notes, sorted by year- these kinds of attacks have grown over the past several years from three identified attacks in 2008 to 75 known attacks in 2014 and probably many others as yet undiscovered. Secondly, these kinds of attacks try to stay unnoticed for longer periods of time. In most of these attacks, there is a specific target, as opposed to traditional attacks that use any available corporate targets for their purposes. Most commonly known as Advanced Persistent Threats (APTs), their main differences with traditional cyber-attacks are target selection, duration of attack and stealth. If there is one lesson IT security researchers have learned in recent years, it is that targeted attacks are an increasing trend. At the start of the year, ESET, the global leader in proactive digital protection, correctly laid emphasis on internet privacy, new assaults on the Android operating system and the new wave of high-tech malware in its predictions for the main threats that business and home users would face. Mohamed Djenane, Security Specialist, ESET Middle East, discusses predictions for the top IT security trends that will dominate headlines in 2015.Ģ014 was a big year for the cyber security industry with shocking revelations emerging of data breaches of immense scale conducted against some of the largest and most prestigious global organisations.
0 kommentar(er)
