Story image

The biggest malware threats of 2014 and top 2015 predictions

03 Dec 14

This year has been significant for cyber security, according to Bitdefender, the internet security software provider. In 2014, security threats involved high-level security breaches, large-scale vulnerabilities and privacy debates.

Attacks against infrastructures have become increasingly sophisticated, says Bitdefender. Companies have become the focus of targeted attacks by hackers who want to take advantage of the wide surface area to launch ever-growing cybercrime campaigns and extract valuable data. Financial data is among the most valuable and targeted information.

Ransomware also continues to evolve, moving to new platforms and OS systems, despite the fact that the June takedown of the Zeus botnet temporarily stopped the spread of Cryptolocker.

BlackPOS, Koler and CryptoLocker were three of the most significance malware threats of 2014.

Targeting customers of major banks, BlackPOS takes credit and debit card data from point-of-sale (POS) systems running Microsoft Windows systems.

It was created by a hacker known as ‘Antikiller’ and is disguised as a recognisable AV vendor software. It uses RAM scraping to grab card data from the memory of the POS device, withdrawing it to a compromised server, and uploading it to a FTP.

Bitdefender recommends enterprises and large organisations to implement a multi-layered security solution to ensure networks are protected against vulnerabilities in systems and applications.

First reported in May 2015 Koler, Android Trojan malware, poses as a valid video player offering premium access to pornography, and downloads automatically during a browsing session.

When the Trojan infects a machine, it prevents the user from accessing mobile home screens. A message from ‘the national police service’ says the user has been monitored accessing child abuse websites and demands payment to prevent prosecution.

For this type of malware, Bitdefender says users should install a mobile security solution.

CryptoLocker is a prolific ransomware trojan that uses encryption to lock computer files and demands a random to decrypt the files.

It was first noticed in September 2013 and comes as a malicious attachment with spam. Should a user open the attachment, the malicious .exe files are downloaded and executed. Once CryptoLocker has access to a computer, it connects to randomly generated domains to download a 2048-bit RSA public key used to encrypt computer files.

Decryption is almost impossible with the RSA public key as it requires the hidden corresponding private key.

Over 500,000 users have fallen victim to this malware. In order to prevent a safety breach, Bitdefender says users should ensure their operating system and security software are regularly updated.

Looking to 2015, Bitdefender predicts five key trends. It says mobile payment technologies will bring new security challenges, Botnet anonymisation will further help cybercriminals to make huge profits, and open source software vulnerabilities and intentional backdoors will be exploited.

Furthermore, in 2015 the use of personal smart devices connected to enterprise networks will be exploited to access enterprise systems, and cybercrime will profit from selling crimeware kits on specialised forums and black markets.

How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Human value must be put back in marketing - report
“Digital is now so widely adopted that its novelty has worn off. In their attempt to declutter, people are being more selective about which products and services they incorporate into their daily lives."
Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."