With cybercriminals growing in confidence, Kaspersky Lab anticipates that the coming year will see attacks move beyond just targeting users of banking services, widely seen as the weak link in the security chain, and grow towards higher-stakes targeted cyber-attacks hitting the banks themselves.
In addition to financial cybercrime, 2015 is also likely to bring even more privacy concerns, with security worries about Apple devices, and renewed fears about connected devices, such as network printers, being used by hackers to penetrate corporate networks.
Attacks against virtual payment systems
Kaspersky Lab’s Global Research and Analysis Team expect criminals to leap at every opportunity to exploit payment systems. These fears can also be extended to the new Apple Pay, which uses NFC (Near Field Communications) to handle wireless consumer transactions. This is a ripe market for security research and we expect to the appearance of vulnerability warnings about weaknesses in Apple Pay, virtual wallets and other virtual payment systems.
“The enthusiasm over the new Apple Pay is going to drive adoption through the roof and that will inevitably attract many cybercriminals looking to reap the rewards of these transactions. Apple’s design possesses an increased focus on security (like virtualized transaction data) but we’ll be very curious to see how hackers will exploit the features of this implementation,” Alexander Gostev, Chief Security Expert at Kaspersky Lab’s Global Research and Analysis Team, said.
Attacks against cash machines (ATM) seemed to thrive this year with several public incidents and a rush by global law enforcement authorities to respond to this dilemma. As most of these systems are running Windows XP and also suffer from frail physical security, they are incredibly vulnerable by default.
“In 2015, we expect to see further evolution of these ATM attacks with the use of targeted malicious techniques to gain access to the ‘brain’ of cash machines. The next stage will see attackers compromising the networks of banks and using that level of access to manipulate ATM machines in real time,” Gostev added.
During a recent investigation, Kaspersky Lab’s experts discovered an attack in which an accountant’s computer was compromised and used to initiate a large transfer with a financial institution. It represented the emergence of a new trend – targeted attacks directly against banks. Once attackers get into a bank’s network, they siphon enough information to allow them to steal money directly from the bank in several ways:
The full text of the report is available on the Securelist website.
Kaspersky Lab’s video about what the future could be like can be found here