THE INVISIBLE BECOMES VISIBLE
About Jack Berlin
Founded Accusoft (Pegasus Imaging) in 1991 and has been CEO ever since.
Very proud of what the team has created with edocr, it is easy to share documents in a personalized way and so very useful at no cost to the user! Hope to hear comments and suggestions at info@edocr.com.
A TrendLabsSM Report
THE INVISIBLE
BECOMES
VISIBLE
Trend Micro Security Predictions for 2015 and Beyond
Trend Micro LegaL discLaiMer
The information provided herein is for general information
and educational purposes only. It is not intended and should
not be construed to constitute legal advice. The information
contained herein may not be applicable to all situations and
may not reflect the most current situation. Nothing contained
herein should be relied on or acted upon without the benefit
of legal advice based on the particular facts and circumstances
presented and nothing herein should be construed otherwise.
Trend Micro reserves the right to modify the contents of this
document at any time without prior notice.
Translations of any material into other languages are intended
solely as a convenience. Translation accuracy is not guaranteed
nor implied. If any questions arise related to the accuracy of a
translation, please refer to the original language official version
of the document. Any discrepancies or differences created in
the translation are not binding and have no legal effect for
compliance or enforcement purposes.
Although Trend Micro uses reasonable efforts to include
accurate and up-to-date information herein, Trend Micro
makes no warranties or representations of any kind as to
its accuracy, currency, or completeness. You agree that
access to and use of and reliance on this document and the
content thereof is at your own risk. Trend Micro disclaims all
warranties of any kind, express or implied. Neither Trend Micro
nor any party involved in creating, producing, or delivering
this document shall be liable for any consequence, loss, or
damage, including direct, indirect, special, consequential, loss
of business profits, or special damages, whatsoever arising
out of access to, use of, or inability to use, or in connection
with the use of this document, or any errors or omissions
in the content thereof. Use of this information constitutes
acceptance for use in an “as is†condition.
PREDICTIONS
More cybercriminals will turn to darknets
and exclusive-access forums to share and
sell crimeware.1 |
Increased cyber activity will translate to
better, bigger, and more successful hacking
tools and attempts. 2 |
Exploit kits will target Android, as mobile
vulnerabilities play a bigger role in device
infection. 3 |
Targeted attacks will become as prevalent as
cybercrime. 4 |
New mobile payment methods will
introduce new threats. 5 |
We will see more attempts to exploit
vulnerabilities in open source apps. 6 |
Technological diversity will save IoE/IoT
devices from mass attacks but the same
won’t be true for the data they process. 7 |
More severe online banking and other
financially motivated threats will surface.8 |
1
1|
More cybercriminals will turn to
darknets and exclusive-access
forums to share and sell crimeware.
2
2015 Security PredictionS
Severals takedowns occurred this year, thanks
to collaborative public-private partnerships
and efforts. Trend Micro particularly aided in
disrupting GameOver1 operations despite the
malware’s resilience to takedown. We also provided
threat intelligence and research findings to law
enforcers, halting Citadel-related2 attacks against
Japanese banks and contributing to the arrest of
James Bayliss (Jam3s), Aleksandr Andreevich
Panin (Gribodemon), and Hamza Bendelladj (bx1)3
who ran several SpyEye command-and-control
(C&C) servers. These developments, however,
will make anonymity a crucial requirement in
committing cybercrime since security researchers
and law enforcers now have quick access to the
underground. Case in point―the celebrity photos
tied to the iCloud®4 hack that were first leaked on
Reddit and 4chan ended up on the Deep Web5 as
well.
Leveraging the Deep Web and darknet services6
or using untraceable and anonymous peer-to-
peer (P2P) networks like Tor, I2P, and Freenet to
exchange and sell tools and services is no longer
new. We’ve seen cybercriminals use rogue top-
level domains (TLDs) as alternative domains to
further cloak underground markets like Silk Road7,
which was shut down by the Federal Bureau of
Investigation (FBI) after two-and-a-half years of
operation.
We’ve also seen cybercriminals adopt targeted
attack techniques8 to better evade detection,
just as we predicted in 2013. In Africa9, this was
manifested by the exploitation of vulnerabilities
normally associated with targeted attacks via the
distribution of typical cybercrime malware like
ZeuS. Cybercriminals are also increasingly using
remote access tools (RAT) like BlackShades10 in
attacks.
It does not help that the prices of malicious
wares in underground markets are decreasing as
supplies increase. The average price of stolen U.S.
credit card credentials11 has declined from US$3
in 2011 to US$1 in 2013. Compromised account
credential prices have also dropped in the Russian
underground12. Stolen Facebook credentials that
cost US$200 in 2011 only cost US$100 in 2013
while Gmailâ„¢ account credentials that were sold
for US$117 in 2011 were only sold for US$100
in 2013. As more and more players enter the
cybercriminal underground economy, ware prices
will continue to decline. Before long, getting the
greatest number of customers will depend on
who can assure that buyers won’t be caught red-
handed. Sellers will be pushed to go even deeper
underground, particularly into the deep recesses of
the Web.
A comparison of the prices of stolen credit card credentials
from various countries in the Russian underground
revealed a declining trend from 2011 to 2013.
As the bad guys move deeper into the Web,
security firms and law enforcers need to extend
their reach as well to cover the Deep Web and
darknet services. This will require greater effort
and investment. Public-private partnerships will
be needed more than ever to disrupt and take
down cybercriminal operations. Security firms
should continue to provide threat intelligence to
help law enforcers catch perpetrators. Lawmakers
worldwide, meanwhile, need to agree on what
constitutes cybercrime to aid enforcers, regardless
of jurisdiction, to bring bad guys to justice.
US$10
0
AUS CAN USAUKGER
5
2011 2012 2013
1
5
6
44
3
2|
Increased cyber activity will
translate to better, bigger,
and more successful
hacking tools and attempts.
4
2015 Security PredictionS
The constant growth of cyber activities13 worldwide
means that individuals and organizations alike will
continue to succumb to online threats and attacks.
Cybercriminals will, however, set their sights on
bigger targets rather than on individuals, as this
translates to bigger gains.
We’ve seen cybercriminals use point-of-sale (PoS)
RAM scrapers14 to steal millions of customer
data records from some of the biggest retailers
worldwide. Before 2013 ended, Target15 lost
the credit card information of 70 million of its
customers to cybercriminals in a PoS malware
attack. Target wasn’t alone, however, as other
organizations like P.F. Chang’s suffered the same
fate. And months before 2014 is set to end, Home
Depot16 took Target’s place as the biggest breach
victim17 to date. The breached organizations lost
customer data, which damaged their brands and
cost them dearly.
The number of recorded cyber attacks against all sorts
of organizations that handle customer data has been
steadily increasing from 2011 to the present.
http://www.idtheftcenter.org/images/
breach/20052013UPDATEDSummary.jpg
Though majority of breaches result from external
attacks, some, like the Amtrak18 breach, are
caused by insider threats. Reports revealed that an
Amtrak employee has been selling rail passengers’
personally identifiable information (PII) for two
decades before getting found out.
That said, individuals and organizations alike will
do well to assume that all of the data they reveal
online will land in cybercriminals’ hands. We’ll
see two or more major data breach incidents each
month. Banks and financial institutions, along with
customer data holders, will always be attractive
breach targets. As a result, we will continue to see
changes in victims’ upper management19 every
time they succumb to attacks.
So how should organizations and individuals
respond? It’s best to assume compromise.
Individuals should regularly change passwords
while organizations should constantly monitor
their networks for all kinds of threats and
exploitable vulnerabilities.
Waiting for solutions like more secure payment
systems20 and legal sanctions, though already
in the works, is no longer enough. Awareness of
threats is a must and so are ever-ready mitigation
and remediation plans because no one is safe from
compromise.
800
0
473
614
421
2011 2012 2013 2014
400
606*
*As of October 2014
5
3|
Exploit kits will target Android,
as mobile vulnerabilities play a
bigger role in device infection.
6
2015 Security PredictionS
Apart from twice the current number of
Androidâ„¢ threats foreseen in 2015, the number
of vulnerabilities in mobile devices, platforms, and
apps will pose more serious security risks. Data
stored in mobile devices will land in cybercriminals’
hands for use in attacks or selling underground.
8M
0
1.4M
350K
20132012 2014 2015
4M
4M
8M
The cumulative Android threat volume has steadily
been increasing since 2012. We are likely to see the
2014 total to double in 2015.
The vulnerabilities we’ve seen so far did not only
reside on devices21 but also on platforms and apps.
Platform threats like the master key vulnerability22
allowed cybercrooks to replace legitimate apps
with fake or malicious versions. When exploited,
a certain Chinese third-party payment app
vulnerability23, meanwhile, allowed bad guys to
phish information from infected devices.
We will see mobile attackers use tools similar to the
Blackhole Exploit Kit (BHEK) to take advantage of
problems like Android OS fragmentation24. The
success of BHEK25 and similar tools in infecting
computers running different OSs will serve
cybercrooks well in attacking Android devices since
most users either don’t or can’t regularly update
their systems and software. Bad guys can point
vulnerable device users to malicious websites, for
instance. Successful exploitation can then give
them access to any or all of the information stored
in affected devices. Worse, because exploit kits are
known for affecting multiple platforms, should
such a kit be made to target even mobile devices,
who’s to say that the threats infected smartphones
carry won’t spread to any device they have access
to?
A steady rise in the number of mobile banking
malware will be seen as well. Earlier this year,
we saw the cybercriminals behind Operational
Emmental26 prod a European bank’s customers to
install a malicious Android app to gain access to
their accounts. We will see more such attacks amid
the rise in mobile banking popularity.
Traditional computer threats like ransomware and
tactics like darknet service use will also figure in the
mobile landscape. We already saw the first mobile
ransomware27 in the form of REVETON rear its
ugly head this year, along with another malware
that used Tor28 to better evade detection.
Installing malicious apps and visiting malicious
websites will no longer be the sole mobile infection
vectors. Vulnerability exploitation across platforms
will become even bigger mobile threats. Security
vendors should extend vulnerability shielding
and exploit-prevention technologies to include
protection for mobile devices. Finally, mobile
device manufacturers and service providers should
work more closely with one another to come up
with scalable vulnerability-patching solutions to
prevent infection and data theft.
7
4|
Targeted attacks will
become as prevalent
as cybercrime.
8
2015 Security PredictionS
Successful high-profile and widely talked-about
targeted attack campaigns led to the realization
that cyber attacks are effective means to gather
intelligence. Targeted attacks will no longer just
be associated with countries like the United States
or Russia. We’ve seen such attacks originate from
other countries like Vietnam, India, and the United
Kingdom. We’ve seen threat actors set their sights
on countries like Indonesia and Malaysia as well.
In the next few years, we will see even more
diverse attack origins and targets. Threat actors’
motivations will continue to vary. They will,
however, continue to go after top-secret government
data, financial information, intellectual property,
industry blueprints, and the like.
Although majority of targeted attacks seen to date
are initiated by spear-phishing emails or watering
hole tactics, social media will increasingly be
abused as infection vectors in the future. Threat
actors will also explore the viability of exploiting
router vulnerabilities as a means of getting in to
target networks. Organizations that have been
targeted in the past should not be complacent. Just
because they’ve been breached before doesn’t mean
they’re safe from future attacks. Threat actors can
still use them to get to even bigger targets, likely
their partners or customers.
The demand for portable or proxy in-the-cloud
solutions that offer self-defense for security risks
will rise. The popularity of network solutions such
as firewalls and unified threat management (UTM)
software, meanwhile, will decline. Better security
analytics will become crucial to combat targeted
attacks. Organizations should know what is normal
for them and set this as a baseline when monitoring
for threats. Network visualization and heuristic
or behavior detection will also help them avoid
becoming victims. Traditional or conventional
security technologies will no longer be sufficient.
9
5| New mobile payment methods will introduce new threats.
10
2015 Security PredictionS
The recent iPhone® 6 release came with the
introduction of Apple’s version of digital payment―
Apple Payâ„¢. This, along with the increasing use of
Google Walletâ„¢ and other similar payment modes
will act as catalyst for mobile payment to become
mainstream. We will see new threats specifically
target mobile payment platforms in the next few
months akin to the Android FakeID vulnerability29,
which allowed cybercriminals to steal affected
users’ Google Wallet credentials.
This year, apps like WeChat30 also started allowing
users to purchase goods sold by certain retailers
with so-called “credits.†If this becomes big, we will
see cybercriminals take advantage of vulnerabilities
in similar apps to steal money from users.
Although we have yet to see actual attacks and
attempts to breach the Apple Pay31 ecosystem
comprising NFC and Passbook, which holds users’
card information, cybercriminals used the latest
iPhone models32 as social engineering bait two
months before they were even launched. It’s safe
to assume that as early as now, the bad guys are
already looking for vulnerabilities to exploit in
Apple Pay. They will continue to scrutinize NFC as
well.
To stay safe from emerging threats, users would do
well to practice safe computing habits, particularly
those related to NFC use. Individuals who use
NFC readers via their mobile devices should
turn these off when they’re not in use. Locking
their devices will help them avoid becoming a
cybercrime victim. Organizations that accept
mobile payments, meanwhile, should install and
use security solutions that protect from NFC-
related and similar security threats.
11
6| We will see more attempts
to exploit
vulnerabilities
in open source
apps.
12
2015 Security PredictionS
Vulnerabilities in open source protocols like
Heartbleed33 and command processors like
Shellshock34 that remained undetected for years
were heavily exploited this year, leading to serious
repercussions. Just hours after the initial discovery
of Shellshock, we saw several malware payloads35
in the wild. Distributed denial-of-service (DDoS)
attacks and Internet Relay Chat (IRC) bots36
related to the vulnerability’s exploitation, which
can disrupt business operations, were also
spotted. More than Web surface attacks, however,
Shellshock also put users of all Linux-based37 OSs
and apps, which depended on protocols like HTTP,
File Transfer Protocol (FTP), and Dynamic Host
Configuration Protocol (DHCP) at risk.
Shellshock reminded the World Wide Web of
Heartbleed, which put a lot of websites and mobile
apps that used Open SSL at risk earlier this year. A
quick scan of the top 1 million TLDs according to
Alexa38, in fact, revealed that 5% were vulnerable
to Heartbleed. When exploited, Heartbleed allows
attackers to read parts of affected computers’
memory, which may contain confidential
information.
Attackers will continue their search for seemingly
dormant vulnerabilities like Heartbleed and
Shellshock in the coming years. They will keep tabs
on oft-forgotten platforms, protocols, and software
and rely on irresponsible coding practices to get to
their targets. As in 201339, we will see even more
injection, cross-site-scripting (XSS), and other
attacks against Web apps to steal confidential
information. Attacks such as that on JPMorgan
Chase & Co.40, which put over 70 million customers’
personal data at risk, will continue to surface.
Continuous security improvements in Microsoftâ„¢
Windows® and other big-name OSs will lead to
a decline in their number of vulnerabilities. This
will push attackers to instead focus on finding
vulnerabilities in open source platforms and
apps such as Open SSL v3 as well as OS kernels.
Individuals and organizations can, however, stay
protected by regularly patching and updating
their systems and software. Organizations are
also advised to invest in more intelligence-based
security solutions backed by trusted global threat
information sources, which can thwart exploitation
attempts even if patches for vulnerabilities have
yet to be issued.
13
7| Technological diversity will save IoE/IoT devices from
mass attacks but the same
won’t be true for the data they
process.
14
2015 Security PredictionS
Attackers will find IoE/IoT devices viable attack
targets because of the endless possibilities their
use presents. We are bound to see greater adoption
of smart devices like smart cameras and TVs in
the next few years, along with attacks against
their users. As factors like market pressure41 push
device manufacturers to launch more and more
smart devices sans security in mind to meet the
rising demand, so will attackers increasingly find
vulnerabilities to exploit for their own gain.
Despite mass smartification, however, the first
attacks we’ll see on smart appliances as well as
wearable and other IoE/IoT devices will not be
financially motivated. They will be more whitehat
hacks to highlight security risks and weaknesses
so manufacturers can improve their products,
particularly the way they handle data. If and when
these devices are hacked for purposes other than
to bring vulnerabilities to light, cybercriminals will
likely launch sniffer, denial-of-service (DoS), and
man-in-the middle (MiTM) attacks42.
Since IoE/IoT devices remain too diverse and a
“killer app†has yet to emerge, bad guys will not be
able to truly launch attacks against them. Attackers
are more likely to go after the data that resides
in these devices. In 2015, we expect attackers
to hack smart device makers’ databases to steal
information for traditional cyber attacks.
Later on, however, aided by the formation of the
Open Interconnect Consortium (IOC)43 and the
launch of HomeKit44, we expect a shift in tides, as
common protocols and platforms slowly emerge.
As attackers begin to better understand the IoE/
IoT ecosystem, they will employ scarier tactics
akin to ransomware and scareware to extort
money from or blackmail device users. They can,
for instance, hold smart car drivers45 hostage until
they pay up when said vehicles officially hit the
road come 2015. As such, smart car manufacturers
should incorporate network segmentation in their
smart car designs to adequately shield users from
such threats.
15
8|
More severe online banking
and other financially
motivated threats will
surface.
16
2015 Security PredictionS
Weak security practices even in developed countries
like the United States such as not enforcing the
use of two-factor authentication and adoption of
chip-and-pin technology will contribute to the rise
in online banking and other financially motivated
threats.
We’ve seen the online banking malware
volume steadily rise throughout the first half of
201446, 47. Apart from data-stealing ZeuS malware,
VAWTRAK48 also affected a multitude of
online banking customers specifically in Japan,
contributing to the overall volume growth in the
second quarter of the year. Complex operations
like Emmental49, which proved that even the
two-factor authentication measures that banks
employed could be flawed, also figured in the
threat landscape.
140K
70K
0
1Q 2Q 3Q
137K
102K
112K
We continued to see a steady rise in the online banking
malware infections throughout the first half of 2014.
NOTE: “Infection†refers to instances when threats
were found on users’ computers and subsequently
blocked by any Trend Micro security software.
In the next few years, cybercriminals will no longer
just launch financially motivated threats against
computer users, they will increasingly go after
mobile device users as well. They are likely to
use fake apps and Domain Name System (DNS)
changers and launch mobile phishing50 attacks
similar to those we’ve already seen in the past.
They won’t stop at just gaining access to victims’
online banking accounts, they will even go so
far as stealing their identities51. And to come up
with even stealthier mobile threats, we will see
the emergence of packers akin to those used on
computer malware.
The success of targeted attacks in obtaining user
data will also inspire cybercriminals to better
employ reconnaissance to make more money from
their malicious schemes. Cybercrooks will use
proven targeted attack methodologies for short-
selling and front-running schemes.
The growing risks online banking threats pose
should motivate individuals and organizations
alike to use the two-factor authentication measures
and hardware or session tokens that banks and
other financial institutions provide. Payment card
providers in the United States and other countries,
meanwhile, should put data security at the forefront
by making the use of chip-and-PIN cards and PoS
terminals mandatory, especially amid the breaches
hitting big-name companies left and right.
1. Lord Alfred Remorin. (June 2, 2014). TrendLabs Security Intelligence Blog. “GameOver: ZeuS with P2P Functionality
Disrupted.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with-
p2p-functionality-disrupted/.
2. Trend Micro Incorporated. (September 2, 2014). TrendLabs Security Intelligence Blog. “Citadel Makes a Comeback, Targets
Japan Users.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a-
comeback-targets-japan-users/.
3. Trend Micro Incorporated. (May 22, 2014). TrendLabs Security Intelligence Blog. “SpyEye-Using Cybercriminal Arrested
in Britain.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/spyeye-using-
cybercriminal-arrested-in-britain/.
4. Arabelle Mae Ebora. (September 3, 2014). TrendLabs Secuirty Intelligence Blog. “iCloud Hacking Leak Now Being Used as Social
Engineering Lure.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/icloud-hacking-
leak-now-being-used-as-social-engineering-lure/.
5. Vincenzo Ciancaglini, Marco Balduzzi, Max Goncharov, and Robert McArdle. (2013). Trend Micro Security Intelligence. “Deep
Web and Cybercrime: It’s Not All About Tor.†Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/
pdfs/security-intelligence/white-papers/wp-deepweb-and-cybercrime.pdf.
6. Wikimedia Foundation Inc. (October 5, 2014). Wikipedia. “Darknet (File Sharing).†Last accessed October 13, 2014, http://
en.wikipedia.org/wiki/Darknet_(file_sharing).
7. Robert McArdle. (October 3, 2013). TrendLabs Security Intelligence Blog. “Deep Web and Cybercrime―It Is Not Just the Silk
Road.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/deepweb-and-cybercrime-it-
is-not-just-the-silk-road/.
8. Trend Micro Incorporated. (2013). Threat Encyclopedia. “Blurring Boundaries: Trend Micro Security Predictions for 2014
and Beyond.†Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/security-predictions/2014/blurring-
boundaries/.
9. Trend Micro Incorporated. (August 11, 2014). TrendLabs Security Intelligence Blog. “Checking in on Africa: The Latest
Developments in Cybercrime.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/
checking-in-on-africa-the-latest-developments-in-cybercrime/.
10. Rhena Inocencio. (May 26, 2014). TrendLabs Security Intelligence Blog. “The BlackShades RAT―Entry-Level Cybercrime.â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-blackshades-rat-entry-level-
cybercrime/.
11. Trend Micro Incorporated. (April 28, 2014). TrendLabs Security Intelligence Blog. “The Russian Underground, Revisited.†Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-underground-revisited/.
12. Max Goncharov. (2014). Trend Micro Security Intelligence. “Russian Underground Revisited.†Last accessed October 13, 2014,
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf.
13. Ahmad Mukaram. (June 10, 2014). Recorded Future. “Cyberthreat Landscape: Forecast.†Last accessed October 13, 2014,
https://www.recordedfuture.com/cyber-threat-landscape-forecast/.
14. Numaan Huq. (September 11, 2014). TrendLabs Security Intelligence Blog. “2014―An Explosion of Data Breaches and PoS RAM
Scrapers.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of-
data-breaches-and-pos-ram-scrapers/.
15. Gregory Wallace. (May 5, 2014). CNN Money. “Timeline: Retail Cyber Attacks Hit Millions.†Last accessed October 13, 2014,
http://money.cnn.com/2014/02/11/news/companies/retail-breach-timeline/.
16. Jonathan Leopando. (September 9, 2014). TrendLabs Security Intelligence Blog. “Home Depot Breach Linked to BlackPOS
Malware.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/home-depot-breach-
linked-to-blackpos-malware/.
REFERENCES
17. Trend Micro Incorporated. (2014). Threat Encyclopedia. “Home Depot Confirms Breach of U.S. and Canada Stores, Reported to
Be Largest in Record.†Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/special-reports/data-breach/
home-depot-confirms-breach-of-us-and-canada-stores/index.html.
18. Masayoshi Someya. (August 18, 2014). TrendLabs Security Intelligence Blog. “Risks from Within: Learning from the Amtrak
Breach.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/risks-from-within-
learning-from-the-amtrak-data-breach/.
19. Clare O’Connor. (May 5, 2014). Forbes. “Target CEO Gregg Steinhafel Resigns in Data Breach Fallout.†Last accessed October
13, 2014, http://www.forbes.com/sites/clareoconnor/2014/05/05/target-ceo-gregg-steinhafel-resigns-in-wake-of-data-breach-
fallout/.
20. Tracy Kitten. (June 18, 2014). Bank Info Security. “Revamping the U.S. Payments System: Security, Faster Payments Key
to Fed’s 5-Year Plan.†Last accessed October 13, 2014, http://www.bankinfosecurity.com/interviews/feds-role-in-future-
payments-i-2346/op-1.
21. Scott Webster. (March 7, 2013). CNET. “Security Bug Found for Samsung Galaxy S3.†Last accessed October 13, 2014,
http://www.cnet.com/news/security-bug-found-for-samsung-galaxy-s3/.
22. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. “Exploiting Vulnerabilities: The Other Side of Mobile
Threats.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/exploiting-vulnerabilities-
the-other-side-of-mobile-threats/.
23. Weichao Sun. (July 29, 2014). TrendLabs Security Intelligence Blog. “Vulnerabilities in Alipay Android App Fixed.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-in-alipay-android-app-fixed/.
24. Ryan Certeza. (May 31, 2014). TrendLabs Security Intelligence Blog. “The Android Fragmentation Problem.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-android-fragmentation-problem/.
25. Jon Oliver. (July 31, 2013). TrendLabs Security Intelligence Blog. “The Current State of the Blackhole Exploit Kit.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-current-state-of-the-blackhole-exploit-kit/.
26. David Sancho. (July 22, 2014). TrendLabs Security Intelligence Blog. “Finding Holes in Banking Security: Operation Emmental.â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/finding-holes-operation-emmental/.
27. Abigail Pichel. (May 26, 2014). TrendLabs Security Intelligence Blog. “Ransomware Moves to Mobile.†Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-moves-to-mobile/.
28. Weichao Sun. (June 17, 2014). TrendLabs Security Intelligence Blog. “Android Ransomware Uses Tor.†Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/.
29. Simon Huang. (August 12, 2014). TrendLabs Security Intelligence Blog. “The Dangers of the Android FakeID Vulnerability.â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-dangers-of-the-android-fakeid-
vulnerability/.
30. Steven Millward. (March 5, 2014). Tech in Asia. “Starting Today, Chinese Consumers Will Be Able to Buy Almost Anything Inside
WeChat.†Last accessed October 13, 2014, http://www.techinasia.com/wechat-adds-payment-support-for-brands-and-retailers/.
31. Warren Tsai. (September 25, 2014). TrendLabs Security Intelligence Blog. “Apple Pay: Introducing (Secure) Mobile Payments?â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/apple-pay-introducing-secure-
mobile-payments/.
32. Johnliz Ortiz. (July 7, 2014). TrendLabs Security Intelligence Blog. “iPhone 6 Rumors Spur Scams.†Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/iphone-6-rumors-spur-scams/.
33. Pawan Kinger. (April 8, 2014). TrendLabs Security Intelligence Blog. “Skipping a Heartbeat: The Analysis of the Heartbleed
Open SSL Vulnerability.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/skipping-
a-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/.
34. Pavan Thorat and Pawan Kinger. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability Leads to
Shellshock: What It Is, How It Affects You.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-
intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/.
35. Trend Micro Incorporated. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability (Shellshock) Exploit
Emerges in the Wild, Leads to BASHLITE Malware.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-
security-intelligence/bash-vulnerability-shellshock-exploit-emerges-in-the-wild-leads-to-flooder/.
36. Trend Micro Incorporated. (September 26, 2014). TrendLabs Security Intelligence Blog. “Shellshock―How Bad Can It Get?†Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-how-bad-can-it-get/.
37. Trend Micro Incorporated. (2014). Threat Encyclopedia. “About the Shellshock Vulnerability: The Basics of the ‘Bash Bug.’†Last
accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-shellshock-
vulnerability-bash-bug.
38. Maxim Goncharov. (April 10, 2014). TrendLabs Security Intelligence Blog. “Heartbleed Vulnerability Affects 5% of Select Top-
Level Domains from Top 1M.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/
heartbleed-vulnerability-affects-5-of-top-1-million-websites/.
39. OWASP Foundation. (August 26, 2014). OWASP. “Top 10 2013―Top 10.†Last accessed October 13, 2014, https://www.owasp.
org/index.php/Top_10_2013-Top_10.
40. United States Securities and Exchange Commission. (October 2, 2014). “Form 8-K: JPMorgan Chase & Co.†Last accessed
October 13, 2014, http://investor.shareholder.com/JPMorganChase/secfiling.cfm?filingID=1193125-14-362173.
41. Geoff Grindrod. (June 16, 2014). TrendLabs Security Intelligence Blog. “The Smartification of the Home, Part 1.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-smartification-of-the-home-part-1/.
42. David Sancho. (September 4, 2014). TrendLabs Security Intelligence Blog. “The Security Implications of Wearables, Part 1.†Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-security-implications-of-wearables-
part-1/.
43. Open Interconnect Consortium Inc. (2014). Open Interconnect Consortium. “About Us.†Last accessed October 13, 2014,
http://openinterconnect.org/about/.
44. Apple Inc. (2014). Apple Developer. “HomeKit.†Last accessed October 13, 2014, https://developer.apple.com/homekit/.
45. Trend Micro Incorporated. (2014). Threat Encyclopedia. “The Internet of Everything: Layers, Protocols and Possible Attacks.â€
Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/internet-of-everything/ioe-layers-
protocols-and-possible-attacks.
46. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 1Q 2014 Security Roundup: Cybercrime Hits the
Unexpected.†Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/1Q/cybercrime-
hits-the-unexpected/.
47. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 2Q 2014 Security Roundup: Turning the Tables on Cyber
Attacks.†Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/2Q/turning-the-
tables-on-cyber-attacks/.
48. Trend Micro Incorporated. (2014). Threat Encyclopedia. “VAWTRAK Plagues Users in Japan.†Last accessed October 14, 2014,
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack//3141/vawtrak-plagues-users-in-japan.
49. David Sancho, Feike Hacquebord, and Rainer Link. (2014). Trend Micro Security Intelligence. “Finding Holes: Operation
Emmental.†Last accessed October 14, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-
papers/wp-finding-holes-operation-emmental.pdf.
50. Paul Pajares. (February 21, 2012). TrendLabs Security Intelligence Blog. “When Phishing Goes Mobile.†Last accessed October
14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/when-phishing-goes-mobile/.
51. Arabelle Mae Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. “Mobile Phishing Attacks Ask for Government
IDs.†Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phishing-attack-asks-
for-users-government-ids/.
Created by:
Global Technical Support & R&D Center of TREND MICRO
Trend Micro Incorporated, a global leader in security software and
solutions, strives to make the world safe for exchanging digital
information. For more information, visit www.trendmicro.com.
©2014 Trend Micro, Incorporated. All rights reserved. Trend Micro and
the Trend Micro t-ball logo are trademarks or registered trademarks of
Trend Micro, Incorporated. All other product or company names may
be trademarks or registered trademarks of their owners.
THE INVISIBLE
BECOMES
VISIBLE
Trend Micro Security Predictions for 2015 and Beyond
Trend Micro LegaL discLaiMer
The information provided herein is for general information
and educational purposes only. It is not intended and should
not be construed to constitute legal advice. The information
contained herein may not be applicable to all situations and
may not reflect the most current situation. Nothing contained
herein should be relied on or acted upon without the benefit
of legal advice based on the particular facts and circumstances
presented and nothing herein should be construed otherwise.
Trend Micro reserves the right to modify the contents of this
document at any time without prior notice.
Translations of any material into other languages are intended
solely as a convenience. Translation accuracy is not guaranteed
nor implied. If any questions arise related to the accuracy of a
translation, please refer to the original language official version
of the document. Any discrepancies or differences created in
the translation are not binding and have no legal effect for
compliance or enforcement purposes.
Although Trend Micro uses reasonable efforts to include
accurate and up-to-date information herein, Trend Micro
makes no warranties or representations of any kind as to
its accuracy, currency, or completeness. You agree that
access to and use of and reliance on this document and the
content thereof is at your own risk. Trend Micro disclaims all
warranties of any kind, express or implied. Neither Trend Micro
nor any party involved in creating, producing, or delivering
this document shall be liable for any consequence, loss, or
damage, including direct, indirect, special, consequential, loss
of business profits, or special damages, whatsoever arising
out of access to, use of, or inability to use, or in connection
with the use of this document, or any errors or omissions
in the content thereof. Use of this information constitutes
acceptance for use in an “as is†condition.
PREDICTIONS
More cybercriminals will turn to darknets
and exclusive-access forums to share and
sell crimeware.1 |
Increased cyber activity will translate to
better, bigger, and more successful hacking
tools and attempts. 2 |
Exploit kits will target Android, as mobile
vulnerabilities play a bigger role in device
infection. 3 |
Targeted attacks will become as prevalent as
cybercrime. 4 |
New mobile payment methods will
introduce new threats. 5 |
We will see more attempts to exploit
vulnerabilities in open source apps. 6 |
Technological diversity will save IoE/IoT
devices from mass attacks but the same
won’t be true for the data they process. 7 |
More severe online banking and other
financially motivated threats will surface.8 |
1
1|
More cybercriminals will turn to
darknets and exclusive-access
forums to share and sell crimeware.
2
2015 Security PredictionS
Severals takedowns occurred this year, thanks
to collaborative public-private partnerships
and efforts. Trend Micro particularly aided in
disrupting GameOver1 operations despite the
malware’s resilience to takedown. We also provided
threat intelligence and research findings to law
enforcers, halting Citadel-related2 attacks against
Japanese banks and contributing to the arrest of
James Bayliss (Jam3s), Aleksandr Andreevich
Panin (Gribodemon), and Hamza Bendelladj (bx1)3
who ran several SpyEye command-and-control
(C&C) servers. These developments, however,
will make anonymity a crucial requirement in
committing cybercrime since security researchers
and law enforcers now have quick access to the
underground. Case in point―the celebrity photos
tied to the iCloud®4 hack that were first leaked on
Reddit and 4chan ended up on the Deep Web5 as
well.
Leveraging the Deep Web and darknet services6
or using untraceable and anonymous peer-to-
peer (P2P) networks like Tor, I2P, and Freenet to
exchange and sell tools and services is no longer
new. We’ve seen cybercriminals use rogue top-
level domains (TLDs) as alternative domains to
further cloak underground markets like Silk Road7,
which was shut down by the Federal Bureau of
Investigation (FBI) after two-and-a-half years of
operation.
We’ve also seen cybercriminals adopt targeted
attack techniques8 to better evade detection,
just as we predicted in 2013. In Africa9, this was
manifested by the exploitation of vulnerabilities
normally associated with targeted attacks via the
distribution of typical cybercrime malware like
ZeuS. Cybercriminals are also increasingly using
remote access tools (RAT) like BlackShades10 in
attacks.
It does not help that the prices of malicious
wares in underground markets are decreasing as
supplies increase. The average price of stolen U.S.
credit card credentials11 has declined from US$3
in 2011 to US$1 in 2013. Compromised account
credential prices have also dropped in the Russian
underground12. Stolen Facebook credentials that
cost US$200 in 2011 only cost US$100 in 2013
while Gmailâ„¢ account credentials that were sold
for US$117 in 2011 were only sold for US$100
in 2013. As more and more players enter the
cybercriminal underground economy, ware prices
will continue to decline. Before long, getting the
greatest number of customers will depend on
who can assure that buyers won’t be caught red-
handed. Sellers will be pushed to go even deeper
underground, particularly into the deep recesses of
the Web.
A comparison of the prices of stolen credit card credentials
from various countries in the Russian underground
revealed a declining trend from 2011 to 2013.
As the bad guys move deeper into the Web,
security firms and law enforcers need to extend
their reach as well to cover the Deep Web and
darknet services. This will require greater effort
and investment. Public-private partnerships will
be needed more than ever to disrupt and take
down cybercriminal operations. Security firms
should continue to provide threat intelligence to
help law enforcers catch perpetrators. Lawmakers
worldwide, meanwhile, need to agree on what
constitutes cybercrime to aid enforcers, regardless
of jurisdiction, to bring bad guys to justice.
US$10
0
AUS CAN USAUKGER
5
2011 2012 2013
1
5
6
44
3
2|
Increased cyber activity will
translate to better, bigger,
and more successful
hacking tools and attempts.
4
2015 Security PredictionS
The constant growth of cyber activities13 worldwide
means that individuals and organizations alike will
continue to succumb to online threats and attacks.
Cybercriminals will, however, set their sights on
bigger targets rather than on individuals, as this
translates to bigger gains.
We’ve seen cybercriminals use point-of-sale (PoS)
RAM scrapers14 to steal millions of customer
data records from some of the biggest retailers
worldwide. Before 2013 ended, Target15 lost
the credit card information of 70 million of its
customers to cybercriminals in a PoS malware
attack. Target wasn’t alone, however, as other
organizations like P.F. Chang’s suffered the same
fate. And months before 2014 is set to end, Home
Depot16 took Target’s place as the biggest breach
victim17 to date. The breached organizations lost
customer data, which damaged their brands and
cost them dearly.
The number of recorded cyber attacks against all sorts
of organizations that handle customer data has been
steadily increasing from 2011 to the present.
http://www.idtheftcenter.org/images/
breach/20052013UPDATEDSummary.jpg
Though majority of breaches result from external
attacks, some, like the Amtrak18 breach, are
caused by insider threats. Reports revealed that an
Amtrak employee has been selling rail passengers’
personally identifiable information (PII) for two
decades before getting found out.
That said, individuals and organizations alike will
do well to assume that all of the data they reveal
online will land in cybercriminals’ hands. We’ll
see two or more major data breach incidents each
month. Banks and financial institutions, along with
customer data holders, will always be attractive
breach targets. As a result, we will continue to see
changes in victims’ upper management19 every
time they succumb to attacks.
So how should organizations and individuals
respond? It’s best to assume compromise.
Individuals should regularly change passwords
while organizations should constantly monitor
their networks for all kinds of threats and
exploitable vulnerabilities.
Waiting for solutions like more secure payment
systems20 and legal sanctions, though already
in the works, is no longer enough. Awareness of
threats is a must and so are ever-ready mitigation
and remediation plans because no one is safe from
compromise.
800
0
473
614
421
2011 2012 2013 2014
400
606*
*As of October 2014
5
3|
Exploit kits will target Android,
as mobile vulnerabilities play a
bigger role in device infection.
6
2015 Security PredictionS
Apart from twice the current number of
Androidâ„¢ threats foreseen in 2015, the number
of vulnerabilities in mobile devices, platforms, and
apps will pose more serious security risks. Data
stored in mobile devices will land in cybercriminals’
hands for use in attacks or selling underground.
8M
0
1.4M
350K
20132012 2014 2015
4M
4M
8M
The cumulative Android threat volume has steadily
been increasing since 2012. We are likely to see the
2014 total to double in 2015.
The vulnerabilities we’ve seen so far did not only
reside on devices21 but also on platforms and apps.
Platform threats like the master key vulnerability22
allowed cybercrooks to replace legitimate apps
with fake or malicious versions. When exploited,
a certain Chinese third-party payment app
vulnerability23, meanwhile, allowed bad guys to
phish information from infected devices.
We will see mobile attackers use tools similar to the
Blackhole Exploit Kit (BHEK) to take advantage of
problems like Android OS fragmentation24. The
success of BHEK25 and similar tools in infecting
computers running different OSs will serve
cybercrooks well in attacking Android devices since
most users either don’t or can’t regularly update
their systems and software. Bad guys can point
vulnerable device users to malicious websites, for
instance. Successful exploitation can then give
them access to any or all of the information stored
in affected devices. Worse, because exploit kits are
known for affecting multiple platforms, should
such a kit be made to target even mobile devices,
who’s to say that the threats infected smartphones
carry won’t spread to any device they have access
to?
A steady rise in the number of mobile banking
malware will be seen as well. Earlier this year,
we saw the cybercriminals behind Operational
Emmental26 prod a European bank’s customers to
install a malicious Android app to gain access to
their accounts. We will see more such attacks amid
the rise in mobile banking popularity.
Traditional computer threats like ransomware and
tactics like darknet service use will also figure in the
mobile landscape. We already saw the first mobile
ransomware27 in the form of REVETON rear its
ugly head this year, along with another malware
that used Tor28 to better evade detection.
Installing malicious apps and visiting malicious
websites will no longer be the sole mobile infection
vectors. Vulnerability exploitation across platforms
will become even bigger mobile threats. Security
vendors should extend vulnerability shielding
and exploit-prevention technologies to include
protection for mobile devices. Finally, mobile
device manufacturers and service providers should
work more closely with one another to come up
with scalable vulnerability-patching solutions to
prevent infection and data theft.
7
4|
Targeted attacks will
become as prevalent
as cybercrime.
8
2015 Security PredictionS
Successful high-profile and widely talked-about
targeted attack campaigns led to the realization
that cyber attacks are effective means to gather
intelligence. Targeted attacks will no longer just
be associated with countries like the United States
or Russia. We’ve seen such attacks originate from
other countries like Vietnam, India, and the United
Kingdom. We’ve seen threat actors set their sights
on countries like Indonesia and Malaysia as well.
In the next few years, we will see even more
diverse attack origins and targets. Threat actors’
motivations will continue to vary. They will,
however, continue to go after top-secret government
data, financial information, intellectual property,
industry blueprints, and the like.
Although majority of targeted attacks seen to date
are initiated by spear-phishing emails or watering
hole tactics, social media will increasingly be
abused as infection vectors in the future. Threat
actors will also explore the viability of exploiting
router vulnerabilities as a means of getting in to
target networks. Organizations that have been
targeted in the past should not be complacent. Just
because they’ve been breached before doesn’t mean
they’re safe from future attacks. Threat actors can
still use them to get to even bigger targets, likely
their partners or customers.
The demand for portable or proxy in-the-cloud
solutions that offer self-defense for security risks
will rise. The popularity of network solutions such
as firewalls and unified threat management (UTM)
software, meanwhile, will decline. Better security
analytics will become crucial to combat targeted
attacks. Organizations should know what is normal
for them and set this as a baseline when monitoring
for threats. Network visualization and heuristic
or behavior detection will also help them avoid
becoming victims. Traditional or conventional
security technologies will no longer be sufficient.
9
5| New mobile payment methods will introduce new threats.
10
2015 Security PredictionS
The recent iPhone® 6 release came with the
introduction of Apple’s version of digital payment―
Apple Payâ„¢. This, along with the increasing use of
Google Walletâ„¢ and other similar payment modes
will act as catalyst for mobile payment to become
mainstream. We will see new threats specifically
target mobile payment platforms in the next few
months akin to the Android FakeID vulnerability29,
which allowed cybercriminals to steal affected
users’ Google Wallet credentials.
This year, apps like WeChat30 also started allowing
users to purchase goods sold by certain retailers
with so-called “credits.†If this becomes big, we will
see cybercriminals take advantage of vulnerabilities
in similar apps to steal money from users.
Although we have yet to see actual attacks and
attempts to breach the Apple Pay31 ecosystem
comprising NFC and Passbook, which holds users’
card information, cybercriminals used the latest
iPhone models32 as social engineering bait two
months before they were even launched. It’s safe
to assume that as early as now, the bad guys are
already looking for vulnerabilities to exploit in
Apple Pay. They will continue to scrutinize NFC as
well.
To stay safe from emerging threats, users would do
well to practice safe computing habits, particularly
those related to NFC use. Individuals who use
NFC readers via their mobile devices should
turn these off when they’re not in use. Locking
their devices will help them avoid becoming a
cybercrime victim. Organizations that accept
mobile payments, meanwhile, should install and
use security solutions that protect from NFC-
related and similar security threats.
11
6| We will see more attempts
to exploit
vulnerabilities
in open source
apps.
12
2015 Security PredictionS
Vulnerabilities in open source protocols like
Heartbleed33 and command processors like
Shellshock34 that remained undetected for years
were heavily exploited this year, leading to serious
repercussions. Just hours after the initial discovery
of Shellshock, we saw several malware payloads35
in the wild. Distributed denial-of-service (DDoS)
attacks and Internet Relay Chat (IRC) bots36
related to the vulnerability’s exploitation, which
can disrupt business operations, were also
spotted. More than Web surface attacks, however,
Shellshock also put users of all Linux-based37 OSs
and apps, which depended on protocols like HTTP,
File Transfer Protocol (FTP), and Dynamic Host
Configuration Protocol (DHCP) at risk.
Shellshock reminded the World Wide Web of
Heartbleed, which put a lot of websites and mobile
apps that used Open SSL at risk earlier this year. A
quick scan of the top 1 million TLDs according to
Alexa38, in fact, revealed that 5% were vulnerable
to Heartbleed. When exploited, Heartbleed allows
attackers to read parts of affected computers’
memory, which may contain confidential
information.
Attackers will continue their search for seemingly
dormant vulnerabilities like Heartbleed and
Shellshock in the coming years. They will keep tabs
on oft-forgotten platforms, protocols, and software
and rely on irresponsible coding practices to get to
their targets. As in 201339, we will see even more
injection, cross-site-scripting (XSS), and other
attacks against Web apps to steal confidential
information. Attacks such as that on JPMorgan
Chase & Co.40, which put over 70 million customers’
personal data at risk, will continue to surface.
Continuous security improvements in Microsoftâ„¢
Windows® and other big-name OSs will lead to
a decline in their number of vulnerabilities. This
will push attackers to instead focus on finding
vulnerabilities in open source platforms and
apps such as Open SSL v3 as well as OS kernels.
Individuals and organizations can, however, stay
protected by regularly patching and updating
their systems and software. Organizations are
also advised to invest in more intelligence-based
security solutions backed by trusted global threat
information sources, which can thwart exploitation
attempts even if patches for vulnerabilities have
yet to be issued.
13
7| Technological diversity will save IoE/IoT devices from
mass attacks but the same
won’t be true for the data they
process.
14
2015 Security PredictionS
Attackers will find IoE/IoT devices viable attack
targets because of the endless possibilities their
use presents. We are bound to see greater adoption
of smart devices like smart cameras and TVs in
the next few years, along with attacks against
their users. As factors like market pressure41 push
device manufacturers to launch more and more
smart devices sans security in mind to meet the
rising demand, so will attackers increasingly find
vulnerabilities to exploit for their own gain.
Despite mass smartification, however, the first
attacks we’ll see on smart appliances as well as
wearable and other IoE/IoT devices will not be
financially motivated. They will be more whitehat
hacks to highlight security risks and weaknesses
so manufacturers can improve their products,
particularly the way they handle data. If and when
these devices are hacked for purposes other than
to bring vulnerabilities to light, cybercriminals will
likely launch sniffer, denial-of-service (DoS), and
man-in-the middle (MiTM) attacks42.
Since IoE/IoT devices remain too diverse and a
“killer app†has yet to emerge, bad guys will not be
able to truly launch attacks against them. Attackers
are more likely to go after the data that resides
in these devices. In 2015, we expect attackers
to hack smart device makers’ databases to steal
information for traditional cyber attacks.
Later on, however, aided by the formation of the
Open Interconnect Consortium (IOC)43 and the
launch of HomeKit44, we expect a shift in tides, as
common protocols and platforms slowly emerge.
As attackers begin to better understand the IoE/
IoT ecosystem, they will employ scarier tactics
akin to ransomware and scareware to extort
money from or blackmail device users. They can,
for instance, hold smart car drivers45 hostage until
they pay up when said vehicles officially hit the
road come 2015. As such, smart car manufacturers
should incorporate network segmentation in their
smart car designs to adequately shield users from
such threats.
15
8|
More severe online banking
and other financially
motivated threats will
surface.
16
2015 Security PredictionS
Weak security practices even in developed countries
like the United States such as not enforcing the
use of two-factor authentication and adoption of
chip-and-pin technology will contribute to the rise
in online banking and other financially motivated
threats.
We’ve seen the online banking malware
volume steadily rise throughout the first half of
201446, 47. Apart from data-stealing ZeuS malware,
VAWTRAK48 also affected a multitude of
online banking customers specifically in Japan,
contributing to the overall volume growth in the
second quarter of the year. Complex operations
like Emmental49, which proved that even the
two-factor authentication measures that banks
employed could be flawed, also figured in the
threat landscape.
140K
70K
0
1Q 2Q 3Q
137K
102K
112K
We continued to see a steady rise in the online banking
malware infections throughout the first half of 2014.
NOTE: “Infection†refers to instances when threats
were found on users’ computers and subsequently
blocked by any Trend Micro security software.
In the next few years, cybercriminals will no longer
just launch financially motivated threats against
computer users, they will increasingly go after
mobile device users as well. They are likely to
use fake apps and Domain Name System (DNS)
changers and launch mobile phishing50 attacks
similar to those we’ve already seen in the past.
They won’t stop at just gaining access to victims’
online banking accounts, they will even go so
far as stealing their identities51. And to come up
with even stealthier mobile threats, we will see
the emergence of packers akin to those used on
computer malware.
The success of targeted attacks in obtaining user
data will also inspire cybercriminals to better
employ reconnaissance to make more money from
their malicious schemes. Cybercrooks will use
proven targeted attack methodologies for short-
selling and front-running schemes.
The growing risks online banking threats pose
should motivate individuals and organizations
alike to use the two-factor authentication measures
and hardware or session tokens that banks and
other financial institutions provide. Payment card
providers in the United States and other countries,
meanwhile, should put data security at the forefront
by making the use of chip-and-PIN cards and PoS
terminals mandatory, especially amid the breaches
hitting big-name companies left and right.
1. Lord Alfred Remorin. (June 2, 2014). TrendLabs Security Intelligence Blog. “GameOver: ZeuS with P2P Functionality
Disrupted.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/gameover-zeus-with-
p2p-functionality-disrupted/.
2. Trend Micro Incorporated. (September 2, 2014). TrendLabs Security Intelligence Blog. “Citadel Makes a Comeback, Targets
Japan Users.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/citadel-makes-a-
comeback-targets-japan-users/.
3. Trend Micro Incorporated. (May 22, 2014). TrendLabs Security Intelligence Blog. “SpyEye-Using Cybercriminal Arrested
in Britain.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/spyeye-using-
cybercriminal-arrested-in-britain/.
4. Arabelle Mae Ebora. (September 3, 2014). TrendLabs Secuirty Intelligence Blog. “iCloud Hacking Leak Now Being Used as Social
Engineering Lure.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/icloud-hacking-
leak-now-being-used-as-social-engineering-lure/.
5. Vincenzo Ciancaglini, Marco Balduzzi, Max Goncharov, and Robert McArdle. (2013). Trend Micro Security Intelligence. “Deep
Web and Cybercrime: It’s Not All About Tor.†Last accessed October 13, 2014, http://www.trendmicro.com/cloud-content/us/
pdfs/security-intelligence/white-papers/wp-deepweb-and-cybercrime.pdf.
6. Wikimedia Foundation Inc. (October 5, 2014). Wikipedia. “Darknet (File Sharing).†Last accessed October 13, 2014, http://
en.wikipedia.org/wiki/Darknet_(file_sharing).
7. Robert McArdle. (October 3, 2013). TrendLabs Security Intelligence Blog. “Deep Web and Cybercrime―It Is Not Just the Silk
Road.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/deepweb-and-cybercrime-it-
is-not-just-the-silk-road/.
8. Trend Micro Incorporated. (2013). Threat Encyclopedia. “Blurring Boundaries: Trend Micro Security Predictions for 2014
and Beyond.†Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/security-predictions/2014/blurring-
boundaries/.
9. Trend Micro Incorporated. (August 11, 2014). TrendLabs Security Intelligence Blog. “Checking in on Africa: The Latest
Developments in Cybercrime.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/
checking-in-on-africa-the-latest-developments-in-cybercrime/.
10. Rhena Inocencio. (May 26, 2014). TrendLabs Security Intelligence Blog. “The BlackShades RAT―Entry-Level Cybercrime.â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-blackshades-rat-entry-level-
cybercrime/.
11. Trend Micro Incorporated. (April 28, 2014). TrendLabs Security Intelligence Blog. “The Russian Underground, Revisited.†Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-russian-underground-revisited/.
12. Max Goncharov. (2014). Trend Micro Security Intelligence. “Russian Underground Revisited.†Last accessed October 13, 2014,
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-russian-underground-revisited.pdf.
13. Ahmad Mukaram. (June 10, 2014). Recorded Future. “Cyberthreat Landscape: Forecast.†Last accessed October 13, 2014,
https://www.recordedfuture.com/cyber-threat-landscape-forecast/.
14. Numaan Huq. (September 11, 2014). TrendLabs Security Intelligence Blog. “2014―An Explosion of Data Breaches and PoS RAM
Scrapers.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of-
data-breaches-and-pos-ram-scrapers/.
15. Gregory Wallace. (May 5, 2014). CNN Money. “Timeline: Retail Cyber Attacks Hit Millions.†Last accessed October 13, 2014,
http://money.cnn.com/2014/02/11/news/companies/retail-breach-timeline/.
16. Jonathan Leopando. (September 9, 2014). TrendLabs Security Intelligence Blog. “Home Depot Breach Linked to BlackPOS
Malware.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/home-depot-breach-
linked-to-blackpos-malware/.
REFERENCES
17. Trend Micro Incorporated. (2014). Threat Encyclopedia. “Home Depot Confirms Breach of U.S. and Canada Stores, Reported to
Be Largest in Record.†Last accessed October 13, 2014, http://about-threats.trendmicro.com/us/special-reports/data-breach/
home-depot-confirms-breach-of-us-and-canada-stores/index.html.
18. Masayoshi Someya. (August 18, 2014). TrendLabs Security Intelligence Blog. “Risks from Within: Learning from the Amtrak
Breach.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/risks-from-within-
learning-from-the-amtrak-data-breach/.
19. Clare O’Connor. (May 5, 2014). Forbes. “Target CEO Gregg Steinhafel Resigns in Data Breach Fallout.†Last accessed October
13, 2014, http://www.forbes.com/sites/clareoconnor/2014/05/05/target-ceo-gregg-steinhafel-resigns-in-wake-of-data-breach-
fallout/.
20. Tracy Kitten. (June 18, 2014). Bank Info Security. “Revamping the U.S. Payments System: Security, Faster Payments Key
to Fed’s 5-Year Plan.†Last accessed October 13, 2014, http://www.bankinfosecurity.com/interviews/feds-role-in-future-
payments-i-2346/op-1.
21. Scott Webster. (March 7, 2013). CNET. “Security Bug Found for Samsung Galaxy S3.†Last accessed October 13, 2014,
http://www.cnet.com/news/security-bug-found-for-samsung-galaxy-s3/.
22. Gelo Abendan. (August 8, 2013). TrendLabs Security Intelligence Blog. “Exploiting Vulnerabilities: The Other Side of Mobile
Threats.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/exploiting-vulnerabilities-
the-other-side-of-mobile-threats/.
23. Weichao Sun. (July 29, 2014). TrendLabs Security Intelligence Blog. “Vulnerabilities in Alipay Android App Fixed.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-in-alipay-android-app-fixed/.
24. Ryan Certeza. (May 31, 2014). TrendLabs Security Intelligence Blog. “The Android Fragmentation Problem.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-android-fragmentation-problem/.
25. Jon Oliver. (July 31, 2013). TrendLabs Security Intelligence Blog. “The Current State of the Blackhole Exploit Kit.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-current-state-of-the-blackhole-exploit-kit/.
26. David Sancho. (July 22, 2014). TrendLabs Security Intelligence Blog. “Finding Holes in Banking Security: Operation Emmental.â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/finding-holes-operation-emmental/.
27. Abigail Pichel. (May 26, 2014). TrendLabs Security Intelligence Blog. “Ransomware Moves to Mobile.†Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-moves-to-mobile/.
28. Weichao Sun. (June 17, 2014). TrendLabs Security Intelligence Blog. “Android Ransomware Uses Tor.†Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/android-ransomware-uses-tor/.
29. Simon Huang. (August 12, 2014). TrendLabs Security Intelligence Blog. “The Dangers of the Android FakeID Vulnerability.â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-dangers-of-the-android-fakeid-
vulnerability/.
30. Steven Millward. (March 5, 2014). Tech in Asia. “Starting Today, Chinese Consumers Will Be Able to Buy Almost Anything Inside
WeChat.†Last accessed October 13, 2014, http://www.techinasia.com/wechat-adds-payment-support-for-brands-and-retailers/.
31. Warren Tsai. (September 25, 2014). TrendLabs Security Intelligence Blog. “Apple Pay: Introducing (Secure) Mobile Payments?â€
Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/apple-pay-introducing-secure-
mobile-payments/.
32. Johnliz Ortiz. (July 7, 2014). TrendLabs Security Intelligence Blog. “iPhone 6 Rumors Spur Scams.†Last accessed October 13,
2014, http://blog.trendmicro.com/trendlabs-security-intelligence/iphone-6-rumors-spur-scams/.
33. Pawan Kinger. (April 8, 2014). TrendLabs Security Intelligence Blog. “Skipping a Heartbeat: The Analysis of the Heartbleed
Open SSL Vulnerability.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/skipping-
a-heartbeat-the-analysis-of-the-heartbleed-openssl-vulnerability/.
34. Pavan Thorat and Pawan Kinger. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability Leads to
Shellshock: What It Is, How It Affects You.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-
intelligence/shell-attack-on-your-server-bash-bug-cve-2014-7169-and-cve-2014-6271/.
35. Trend Micro Incorporated. (September 25, 2014). TrendLabs Security Intelligence Blog. “Bash Vulnerability (Shellshock) Exploit
Emerges in the Wild, Leads to BASHLITE Malware.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-
security-intelligence/bash-vulnerability-shellshock-exploit-emerges-in-the-wild-leads-to-flooder/.
36. Trend Micro Incorporated. (September 26, 2014). TrendLabs Security Intelligence Blog. “Shellshock―How Bad Can It Get?†Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-how-bad-can-it-get/.
37. Trend Micro Incorporated. (2014). Threat Encyclopedia. “About the Shellshock Vulnerability: The Basics of the ‘Bash Bug.’†Last
accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/the-shellshock-
vulnerability-bash-bug.
38. Maxim Goncharov. (April 10, 2014). TrendLabs Security Intelligence Blog. “Heartbleed Vulnerability Affects 5% of Select Top-
Level Domains from Top 1M.†Last accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/
heartbleed-vulnerability-affects-5-of-top-1-million-websites/.
39. OWASP Foundation. (August 26, 2014). OWASP. “Top 10 2013―Top 10.†Last accessed October 13, 2014, https://www.owasp.
org/index.php/Top_10_2013-Top_10.
40. United States Securities and Exchange Commission. (October 2, 2014). “Form 8-K: JPMorgan Chase & Co.†Last accessed
October 13, 2014, http://investor.shareholder.com/JPMorganChase/secfiling.cfm?filingID=1193125-14-362173.
41. Geoff Grindrod. (June 16, 2014). TrendLabs Security Intelligence Blog. “The Smartification of the Home, Part 1.†Last accessed
October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-smartification-of-the-home-part-1/.
42. David Sancho. (September 4, 2014). TrendLabs Security Intelligence Blog. “The Security Implications of Wearables, Part 1.†Last
accessed October 13, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/the-security-implications-of-wearables-
part-1/.
43. Open Interconnect Consortium Inc. (2014). Open Interconnect Consortium. “About Us.†Last accessed October 13, 2014,
http://openinterconnect.org/about/.
44. Apple Inc. (2014). Apple Developer. “HomeKit.†Last accessed October 13, 2014, https://developer.apple.com/homekit/.
45. Trend Micro Incorporated. (2014). Threat Encyclopedia. “The Internet of Everything: Layers, Protocols and Possible Attacks.â€
Last accessed October 13, 2014, http://www.trendmicro.com/vinfo/us/security/news/internet-of-everything/ioe-layers-
protocols-and-possible-attacks.
46. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 1Q 2014 Security Roundup: Cybercrime Hits the
Unexpected.†Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/1Q/cybercrime-
hits-the-unexpected/.
47. Trend Micro Incorporated. (2014). Threat Encyclopedia. “TrendLabs 2Q 2014 Security Roundup: Turning the Tables on Cyber
Attacks.†Last accessed October 14, 2014, http://about-threats.trendmicro.com/us/security-roundup/2014/2Q/turning-the-
tables-on-cyber-attacks/.
48. Trend Micro Incorporated. (2014). Threat Encyclopedia. “VAWTRAK Plagues Users in Japan.†Last accessed October 14, 2014,
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack//3141/vawtrak-plagues-users-in-japan.
49. David Sancho, Feike Hacquebord, and Rainer Link. (2014). Trend Micro Security Intelligence. “Finding Holes: Operation
Emmental.†Last accessed October 14, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-
papers/wp-finding-holes-operation-emmental.pdf.
50. Paul Pajares. (February 21, 2012). TrendLabs Security Intelligence Blog. “When Phishing Goes Mobile.†Last accessed October
14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/when-phishing-goes-mobile/.
51. Arabelle Mae Ebora. (August 13, 2013). TrendLabs Security Intelligence Blog. “Mobile Phishing Attacks Ask for Government
IDs.†Last accessed October 14, 2014, http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phishing-attack-asks-
for-users-government-ids/.
Created by:
Global Technical Support & R&D Center of TREND MICRO
Trend Micro Incorporated, a global leader in security software and
solutions, strives to make the world safe for exchanging digital
information. For more information, visit www.trendmicro.com.
©2014 Trend Micro, Incorporated. All rights reserved. Trend Micro and
the Trend Micro t-ball logo are trademarks or registered trademarks of
Trend Micro, Incorporated. All other product or company names may
be trademarks or registered trademarks of their owners.