2015 cybercrime trends – things are going to get interesting
TRANSCRIPT
© 2014 IBM Corporation
IBM Security
1© 2014 IBM Corporation
2015 Cybercrime Trends:
Things are Going to Get Interesting
© 2014 IBM Corporation
IBM Security
2
Agenda
Review of 2014 predictions
Review of 2014 threats
2015 Cybercrime predictions
Things to watch for!
© 2014 IBM Corporation
IBM Security
3
I Will Try to:
Avoid generic predictions such as:
– “This year we will see more data breaches”
– “Malware numbers will rise”
Provide other vectors to watch for
– Ripple effects
– Strategic Vs Tactic
4 © 2014 IBM Corporation
2014 Was… Interesting
© 2014 IBM Corporation
IBM Security
5
Our 2014 Predictions:
Source code leaks will accelerate malware release cycles
SMS-forwarding malware will be widely used
Old school malware techniques will make a comeback
Account takeover will move to the victim’s device
Malware research evasion will become more popular
Hey – www.securityintelligence.com has some great webinars
and blogs to demonstrate all of this!
© 2014 IBM Corporation
IBM Security
6
GameOver Zeus – Alive, Dead & Resurrected
Cutwail spam botnet distribution (Blackhole, Pony)
– Ransomware
– DDoS
P2P infrastructure
This became a HUGE BOTNET
Operation Tovar
And…
© 2014 IBM Corporation
IBM Security
7
The Growth in Device Takeover
From simple RATs to advance malware – device takeover was
everywhere
PoS attacks targeted built in remote session solutions
Citadel’s persistent RDP and new targets
© 2014 IBM Corporation
IBM Security
8
Major Breaches
There were so many… Does anyone even remember
P.F.Chang and Evernote by now?
If you want the red pill go to http://hackmageddon.com/
Several (not very surprising) reoccurring themes:
– Zero day exploits in common software
– 3rd party hack
– Use of RATs
Source: hackmageddon.com
© 2014 IBM Corporation
IBM Security
9
Underground Services
9
User Name + Password
OTP SMS
Credentials
OTP SMS
TOR C&C
10 © 2014 IBM Corporation
2015 Cybercrime
© 2014 IBM Corporation
IBM Security
11
More of 2014…
If it ain’t broke don’t fix it!
Malware is constantly adapting to the security market
Cybercriminals are finding new ways to corporate and
overcome cultural differences
Breakdown of boarders – geography and technology
© 2014 IBM Corporation
IBM Security
12
Mobile Threats – New Vectors
We have seen classic threats migrate to mobile:
– Phishing
– Ransomware
– Overlay
We are bound to see mobile specific exploit kits
Bundling frameworks and services (perhaps automated)
Device takeover malware for mobile
NFC, ApplePay – new targets
Mobile malware will target more than SMS
© 2014 IBM Corporation
IBM Security
13
Biometrics for Authentication
Criminals will target biometrics
– How accurate is your biometric?
– Biometrics database security
– The user...
© 2014 IBM Corporation
IBM Security
14
Cybercriminals Will Rely on Anonymity Networks
Accessing TOR and other networks is becoming easier
Safer cybercrime eCommerce platform
Safer for malware infrastructure (i2Ninja, Chewbacca…)
Also presents challenges
Broader adaptation of anonymity networks and encryption
© 2014 IBM Corporation
IBM Security
15
EMV for POS and ATM Means CNP Fraud
Chip and PIN cards will be introduced in the US
Push for more Card Not Present fraud
Look for bad implementation of EMV (EMV replay attacks?)
© 2014 IBM Corporation
IBM Security
16
It’s Not Just About Bank Accounts and Card Data
Cybercriminals are always looking for other ways to monetize
Example - Healthcare:
– Seller:
• Easier to steal
• More profitable than a credit card
– Buyer:
• Harder to detect
• Many opportunities
© 2014 IBM Corporation
IBM Security
17
Summary…but…
Cybercriminals will break borders (technology and geography)
Mobile exploit packs, device takeover, payment targeting and more
Biometrics as a target
The use of anonymity networks and encryption
CNP fraud and attacks on EMV
New monetizing ventures such as healthcare
BUT… There are a couple of other things to watch for!
18 © 2014 IBM Corporation
Things to Watch for
© 2014 IBM Corporation
IBM Security
19
Technology Ripples
Traditional “tactical view” is not enough
Different changes in multiple fields effect cyber security
Close ripples:
– Attacks against other vectors
– New precedents
– New technologies
Distant ripples:
– Geopolitical
– The squeeze effect
© 2014 IBM Corporation
IBM Security
20
Geopolitical & Economical Changes
Changes may affect:
– Targets
– Methodology
– Threat actors
Consider:
– The situation in Russia
– The Snowden leaks
© 2014 IBM Corporation
IBM Security
21
Sony – A Dangerous Precedent
Is your organization ready for such threats?
– The threat may move out of the cyber world
What are your organization’s crown jewels?
© 2014 IBM Corporation
IBM Security
22
New Tech – New Challenges
New technology challenges:
– Wearable tech
– IoT (Internet of Things)
Will ransomware be applied to IoT?
– A car lockdown?
– A house blackout?
– A pacemaker threat?
© 2014 IBM Corporation
IBM Security
23
Remember – Security is in YOUR Hands
© 2014 IBM Corporation
IBM Security
24
Discover the latest IBM solutions and hear real-life experiences from IBM clients who are working with us to drive advanced
security controls into their organizations
IBM Security @ Interconnect delivers:
Three Days of keynotes and general sessions featuring industry thought leaders
100+ Security Sessions including hands-on labs and certification testing
Solution Expo featuring demonstrations of the latest products and services from IBM
Security and IBM partners
More Networking Events than ever to expand and strengthen your sphere of influence
Register at ibm.com/interconnect today!
© 2014 IBM Corporation
IBM Security
25
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes
only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use
of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any
warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement
governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in
all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole
discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any
way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United
States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response
to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated
or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure
and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to
be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems,
products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE
MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.