Top 2014 trends in security focused primarily on what is still the greatest threat to organizations — malware — and attackers’ efforts to stay one step ahead of even the most advanced prevention and detection techniques. Another increasingly common theme this year was defense evasion.

Attackers are increasingly able to quickly develop new malware variants to defeat existing countermeasures by cashing in on source code leaks that can make it far easier to exploit vulnerabilities in affected applications. This had already been seen, with the source code breach at Adobe Systems touted as the worst such heist in history.

Top 2014 Trends

Other malware trends for 2014 included an increased use of old-school techniques that require attackers to develop more manual and time-consuming approaches as they attempt to bypass advanced detection and mitigation solutions.

Staying on the malware theme, another one of the top 2014 trends was malware researcher evasion, with attackers using a range of techniques to avoid detection by malware researchers. This way, the researchers cannot develop countermeasures for new vulnerabilities being exploited.

Other predictions for 2014 included the growing importance of the mobile channel for attackers. While one-time passwords delivered over SMS are increasingly being used as an authentication method for mobile users, SMS-forwarding malware is now being widely used, as well, making such an authentication method all but useless. Attackers were also looking to take over victims’ devices using remote access technologies in order to bypass security controls such as device fingerprinting. This makes subsequent transactions appear legitimate.

What’s in Store for 2015?

According to Etay Maor, a senior fraud prevention strategist at IBM Trusteer, while most of the predictions made for 2014 were nearly spot-on, they were not exactly daring.

On Jan. 14, Maor will present IBM’s vision for 2015 trends in a webinar titled “2015 Cybercrime Trends — Things Are Going to Get Interesting.” First, he will look at the major security stories from 2014, how they are in line with IBM’s predictions and how they demonstrate attackers’ increasing ingenuity. He will then take a look at what the events seen in 2014 portend and what will likely be seen in 2015.

According to Maor, given today’s complex and sophisticated threat landscape — with multiple external forces affecting crime and fraud — security teams and chief information security officers can no longer limit themselves to looking only at what is happening within their own backyards. While new, specific attack methods, techniques and protocols will be used against PC and mobile platforms, security practitioners need to open up and think more strategically. They shouldn’t just limit themselves to focusing on how specific tools such as firewalls and intrusion prevention systems are tuned to filter threats.

Rather, security teams need to better understand threats by taking into account the context of attacks and how new technology developments will affect security. Among the predictions he will make is how geopolitical forces will play an increasingly important role in attackers’ motivations and force security practitioners to think much more strategically about how attacks are perpetrated. Newer technology delivery mechanisms, including mobile platforms, the Internet of Things and mobile payment mechanisms, will continue to rise in importance throughout 2015 as well. They will require organizations to ensure their security controls reach out to the extended enterprise. Endpoints are the new perimeter, and efforts must be focused here.

Finally, Maor will discuss how criminals are increasingly operating behind a veil of anonymity. Recent revelations regarding the extent of government surveillance of electronic communications and law enforcement crawling anonymous networks will cause criminals to look for more ways to be covert. This is an extension of the 2014 trends pointing toward the use of more advanced techniques to evade detection.

Last year saw some major security breaches that drove home just how damaging security incidents can be. In 2015, there will not only be more online fraud and malware, but it will be more complex, more sophisticated and ever stealthier. Organizations need to think more strategically about their security defenses.

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…