Kaspersky Lab: The confidence of digital criminals is rising more and more. Until recently, they used to attack banking service users as they considered them the weakest link in the security chain.
For 2015, however, Kaspersky Lab's experts expect high-risk, targeted digital attacks on the banks themselves. And scammers will not stop there because they are expected to "play hard" and try to develop new malicious programs with which they can get money directly from the ATMs. In addition to developments in online financial crime, 2015 is also likely to raise even more concerns about the privacy and security of Apple devices.
Concerns about connected devices and how to prevent hackers from using tools such as printers network to infiltrate corporate networks.
The company's predictions for 2015 are the first of four parts of Kaspersky Security Bulletin 2014.
What to expect for 2015
- Attacks against virtual payment systems, which could be extended to the new Apple Pay solution
- Attacks against ATM machines
- Περιστατικά με κακόβουλο λογισμικό, όπου οι τράπεζες παραβιάζονται μέσω στοχευμένων attacks
- More incidents where dangerous vulnerabilities in old source codes expose Internet infrastructure to dangerous attacks
- Blind attacks against networked printers and other interconnected devices that can help a sophisticated intruder to make continuous and lateral moves within a corporate network.
- Malicious software designed for OSX to be promoted through torrents and "pirated" software packages
- A shift where the biggest and noisiest digital threat actors are split into smaller units that will operate independently of each other. In turn, this shift will lead to a broader one base attack, with more diversified attacks coming from more sources.
Everything is at stake: a revolutionary change
During recent research, Kaspersky Lab experts discovered an attack in which an accountant's computer was violated and used to initiate a large transfer of money from a financial institution. This threat represents the emergence of a new trend: targeted attacks directly directed against banks. Once the attackers enter a bank's network, they collect enough information that will allow them to steal money directly from the bank in a number of ways:
- By remote control of cash dispensers for ATMs.
- By executing SWIFT shipments from various customer accounts
- By manipulating online banking systems to make back-to-back transfers.
ATMs are vulnerable
This year, they were ejected attacks against ATM machines with many incidents that the law enforcement authorities rushed to face in order to respond to this global crisis. Since most of these systems feature Windows XP operating and at the same time suffer from weak physical security, they are incredibly vulnerable by default. «2015, we expect a further development of ATM attacks using targeted malware techniques to gain access to the 'brain' of automatic cash machines. At the next stage, we will see attackers invading banking networks. By using this level of access, they can handle ATM machines in real time ", commented Alexander Gostev, Chief Security Expert of Kaspersky Lab's Worldwide Research and Analysis Group.
Attacks against virtual payment systems
Kaspersky Lab's Worldwide Research and Analysis Team expects criminals to take every opportunity to take advantage of payment systems. These fears can also be extended to the new Apple Pay, which uses Near Field Communications (NFC) technology to manage wireless transactions by consumers. This is a mature market for security research, and vulnerabilities are expected to appear on Apple Pay, virtual wallets, and other virtual payment systems.
“The excitement surrounding Apple Pay will lead to widespread user adoption and will inevitably attract many digital criminals who are looking for opportunities to reap the benefits of these transactions. Apple's design puts more emphasis on security (eg virtualized transaction data), but we're very curious to see how hackers will exploit this potential applications", he added Gostev.
- The full report is available at Securelist.com.
- In YouTube you can watch a Kaspersky Lab video on how it might look like the future landscape.
- For tips σχετικά με την ιδιωτικότητα σας και το πώς να προστατεύσετε τα οικονομικά σας στοιχεία όταν βρίσκεστε online, μπορείτε να επισκεφτείτε το cybersmart.kaspersky.com
