Trend Micros security report
Trend Micros has released its third quarter security report, writing, "We're at a point where threats from the IT world are having a direct impact on almost every aspect of daily life."
Whether it's blackmail using stolen confidential data or exploiting security vulnerabilities in networked devices, these are all possible threats, according to the Safety Report from Trend Micros the harbingers of what will happen in 2016:
Data from hacking attacks as a basis for blackmail
The successful attacks against the "Hacking Team" and the U.S. dating portal "Ashley Madison" had a major impact on the entire security and computer industry. On the one hand, these triggered a whole series of further attacks, and on the other, it is to be expected that future attacks will follow a similar pattern. The publication of the stolen confidential information on the Internet caused much greater damage than the disruption of operations and damaged the reputation of those affected much more severely - the cybercriminals who used the compromised information to blackmail customers of "Ashley Madison" thus hit both the operator of the website, "Avid Life Media," and many of its more than 30 million customers.
Trend Micro security expert Udo Schneider explains: "The evolution of data breaches has a direct impact on real life, on companies as well as on people. The security breaches and data breaches disclosed in the past quarter are just the beginning, with more confidential and even destructive information certain to be released into the public domain, potentially to be sold on the 'Deep Web' to the highest bidder."
Attacks on healthcare industry on the rise
It's an unhealthy trend: healthcare and personal data were the second most stolen data types in the past quarter. Among the healthcare incidents that came to light was the attack on "UCLA Health System," in which personal records of some 4.5 million patients were compromised. Such attacks highlight why the healthcare industry will remain a desirable target for cybercriminals.
New security vulnerabilities in mobile platforms
Mobile devices are unalterably in focus. In response to the discovery of several Android security vulnerabilities, which demonstrated the need for an integrated approach with multiple security strategies, Google - after a long period of hesitation - announced regular security updates for the platform.
Meanwhile, modified versions of the app creation tools have debunked the fallacy that the walled-garden approach in the iOS operating system can keep the platform entirely free from attacks.
More and more attacks on PoS systems of SMEs
An increasing number of SMEs were affected by attacks on PoS systems in the past quarter. One of the reasons for this could be the fact that these companies usually use extensive customer databases, but without having adequate security. PoS malware was used in the observed attacks, spread for example by "old" techniques such as spam, but also by tools such as macro malware, exploit kits, and botnets.
Politicians as targets of ongoing espionage campaigns
An analysis of recent data has shown that "Operation Pawn Storm" has expanded its targets and does not appear to be limited to foreign espionage: If the cyber espionage campaign was previously known for attacking NATO member countries, such as Germany, or defense facilities in the United States, this picture must be corrected: Rather, its dubious activities are also directed inward, against politicians, artists, journalists and developers of encryption software in Russia.
"Angler exploit kit" continues with high prevalence
The criminals behind the "Angler exploit kit" not only continued to update their arsenal last quarter, allowing them to spread new malware, but also did so in a big way: it continues to be the most active exploit kit, showing growth rates of 34% since the second quarter.
Internet of things
The dangers posed by security vulnerabilities in Internet-connected devices have implications not only for people's privacy, but also for their physical integrity. Various research findings, especially those from different fields, raise questions about the security of Internet-connected devices: Hacking cars, for example - a far-fetched notion years ago - is just becoming a reality. Manufacturers of such devices therefore need to work with security experts if they want to ensure the integrity of their customers.