January 12, 2015 By Fran Howarth 3 min read

Top 2014 trends in security focused primarily on what is still the greatest threat to organizations — malware — and attackers’ efforts to stay one step ahead of even the most advanced prevention and detection techniques. Another increasingly common theme this year was defense evasion.

Attackers are increasingly able to quickly develop new malware variants to defeat existing countermeasures by cashing in on source code leaks that can make it far easier to exploit vulnerabilities in affected applications. This had already been seen, with the source code breach at Adobe Systems touted as the worst such heist in history.

Top 2014 Trends

Other malware trends for 2014 included an increased use of old-school techniques that require attackers to develop more manual and time-consuming approaches as they attempt to bypass advanced detection and mitigation solutions.

Staying on the malware theme, another one of the top 2014 trends was malware researcher evasion, with attackers using a range of techniques to avoid detection by malware researchers. This way, the researchers cannot develop countermeasures for new vulnerabilities being exploited.

Other predictions for 2014 included the growing importance of the mobile channel for attackers. While one-time passwords delivered over SMS are increasingly being used as an authentication method for mobile users, SMS-forwarding malware is now being widely used, as well, making such an authentication method all but useless. Attackers were also looking to take over victims’ devices using remote access technologies in order to bypass security controls such as device fingerprinting. This makes subsequent transactions appear legitimate.

What’s in Store for 2015?

According to Etay Maor, a senior fraud prevention strategist at IBM Trusteer, while most of the predictions made for 2014 were nearly spot-on, they were not exactly daring.

On Jan. 14, Maor will present IBM’s vision for 2015 trends in a webinar titled “2015 Cybercrime Trends — Things Are Going to Get Interesting.” First, he will look at the major security stories from 2014, how they are in line with IBM’s predictions and how they demonstrate attackers’ increasing ingenuity. He will then take a look at what the events seen in 2014 portend and what will likely be seen in 2015.

According to Maor, given today’s complex and sophisticated threat landscape — with multiple external forces affecting crime and fraud — security teams and chief information security officers can no longer limit themselves to looking only at what is happening within their own backyards. While new, specific attack methods, techniques and protocols will be used against PC and mobile platforms, security practitioners need to open up and think more strategically. They shouldn’t just limit themselves to focusing on how specific tools such as firewalls and intrusion prevention systems are tuned to filter threats.

Rather, security teams need to better understand threats by taking into account the context of attacks and how new technology developments will affect security. Among the predictions he will make is how geopolitical forces will play an increasingly important role in attackers’ motivations and force security practitioners to think much more strategically about how attacks are perpetrated. Newer technology delivery mechanisms, including mobile platforms, the Internet of Things and mobile payment mechanisms, will continue to rise in importance throughout 2015 as well. They will require organizations to ensure their security controls reach out to the extended enterprise. Endpoints are the new perimeter, and efforts must be focused here.

Finally, Maor will discuss how criminals are increasingly operating behind a veil of anonymity. Recent revelations regarding the extent of government surveillance of electronic communications and law enforcement crawling anonymous networks will cause criminals to look for more ways to be covert. This is an extension of the 2014 trends pointing toward the use of more advanced techniques to evade detection.

Last year saw some major security breaches that drove home just how damaging security incidents can be. In 2015, there will not only be more online fraud and malware, but it will be more complex, more sophisticated and ever stealthier. Organizations need to think more strategically about their security defenses.

More from Intelligence & Analytics

What makes a trailblazer? Inspired by John Mulaney’s Dreamforce roast

4 min read - When you bring a comedian to offer a keynote address, you need to expect the unexpected.But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.Maybe it was meant as nothing more than a punch line, but Mulaney’s…

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today