Here are the identity theft tactics security experts expect from hackers this year, and how they’re preparing to prevent it.
The year of 2014 seemed like the year of the enormous security breach. There was Home Depot, JP Morgan Chase, Sony, eBay — and those were just the ones you heard about. That’s one reason we proposed “data britches” for word of the year.
But dozens of smaller, though no less threatening, security breaches happen every day around the world. Intel Security recently released a report surveying 700 IT professionals at companies in Asia, North America, and South America to assess what kind of threats organizations are experiencing and how to combat them.
They found that, on average, organizations conducted 78 “security investigations” last year, which occur if a PC becomes infected with adware, spyware, or viruses. (That’s one and a half per week.) Of those, 28 percent were due to “targeted attacks” on the company. Intel says these are the more dangerous ones, because they are a result of premeditated hacking rather than malware infections that cast a wide net and succeed randomly. Security experts listed the top reasons that targeted attacks are having an easier time infiltrating organizations:
- 38 percent said it was the lack of user knowledge about cybersecurity risks, including clicking on unknown links and opening emails from unknown sources;
- 32 percent said it was because malware has become increasingly difficult to detect;
- 30 percent said it was because increased use of social media like Facebook, Twitter, and LinkedIn by employees provided more of an opportunity for “malware distribution channels;”
- 29 percent said that sophisticated social engineering by cybercriminals fool users into thinking that certain sites are trustworthy.
Hiding in plain “site”
As Intel found in its study, the reason hacking poses such a big risk is because it tends to take place when the right people aren’t paying attention.
That’s backed up by Dell’s annual Threat Report, which looked at emerging cybersecurity threats not just in the workplace, but also among industries like banking, and, especially, retail.
“When interacting with customers outside North America, the general perception is that U.S. companies seem to be willing to accept lower levels of security to provide convenience for their customers,” writes Swarup Selvaraman, a member of the Dell Threat Research Team. The team gathered information from over 200 countries, and listed their top observations of how cybersecurity threats are being administered:
- A surge in point-of-sale malware
- A dramatic increase in encrypted traffic
- Growing attacks on SCADA systems.
What’s all this mean, and how can we learn from it?
What 2015 can learn from 2014
Basically, these are the attacks you hear about in the retail industry (Target is probably the best example) where a hacker infects a checkout system with malware. Short for “malicious software,” malware is all the bad stuff you don’t want on a POS system, like viruses, worms, trojan horses, and spyware. When a store like Target is infected, it means anyone who swipes a credit card there is at risk for identity theft.
In 2014: There was a 300 percent increase in POS malware countermeasures deployed by Dell.
In 2015: Dell predicts there will be even more. POS malware is becoming increasingly more frequent, and “new trends like memory scraping and use of encryption to avoid firewalls are on the rise,” said Patrick Sweeney, the executive director of Dell Security.
Hopefully you know that if you shop online or fill out a job application, you need to make sure you’re on a secure site. That means the URL begins with https://, which means the site encrypts, or protects, the information being shared.
In 2014: Sites such as Google, Facebook and Twitter began adopting this SSL/TLS encryption once users complained about the lack of privacy and security. Volume of HTTPS web connections grew 109 percent during 2014.
In 2015: Dell predicts that more hackers will exploit HTTPS as a means to hide malicious code, which would go undetected by traditional firewalls.
“Just as encryption can protect sensitive financial or personal information on the web, it unfortunately can also be used by hackers to protect malware,” said Sweeney.
“Supervisory control and data acquisition” systems are huge centralized systems that gather and analyze real-time data. They work by constantly monitoring a system for problems, then sending back analysis of the problem in a logical fashion. For example, a SCADA system for a gas or oil pipeline would monitor the pipeline for leaks, and alert the “home station” if a leak occurs. SCADA systems are used in almost every industry, from telecommunications to water treatment plants.
In 2014: SCADA attacks doubled compared to the previous year. The majority of the attacks took place in Finland, the United Kingdom, and the United States; Dell speculates that it’s because SCADA systems are more common in these countries and are more likely to be connected to the Internet.
In 2015: More SCADA attacks, and Dell says many go unreported, since companies don’t have to report breaches that don’t involve personal or payment information.
“This lack of information sharing combined with an aging industrial machinery infrastructure presents huge security challenges that will to continue to grow in the coming months and years,” Sweeney said.