In 2015, the Internet of Things (IoT) is likely to become the 'Internet of Threats'. That's a prediction made by network security solutions provider Fortinet in its recent security threat prediction report.
This year, Fortinet said in its media statement that it saw an interesting shift of attacks - namely Heartbleed and Shellshock - focused on server side vulnerability and exploitation.
"Looking ahead, we fully expect this trend to continue in an alarming way as black hat hackers pry open the Internet of Things," it added. "Hackers will continue to follow the path of least resistance as more and more devices are connected to the network."
Vulnerabilities that Black Hat hackers will look to exploit will include consumer home automation and security systems, as well as webcams. On the enterprise side, network attached storage and routers will continue to be targets, as will critical infrastructure such as Human Machine Interfaces (HMI) and supply chain systems, which will create significant problems with third-party components and patch management.
Other key security predictions for 2015 include:
- Blastware to destroy systems, erase data and cover hacker tracks
This destructive new trend of malware, following Scareware and Ransomware, could lead to the ability for hackers to infiltrate systems, gather data and then wipe out the information on systems and hard drives to cover tracks and thwart forensics.
Fortinet predicts that advanced persistent threat (APT) developers will build in sophisticated self-destruct mechanisms in seek and destroy fashion that could hamper law enforcement and forensics efforts as these resources increase to fight cyber crime. Hackers may also seek to use these tactics for ransom, such as destroying data if ransom is not paid within a certain timeframe.
- Hackers look to evade law enforcement and frame the innocent
As cyber crime increases, law enforcement practices to catch and penalise perpetrators increase with it. Thus, hackers must be more careful and calculated to evade arrest.
In 2015, advanced evasion techniques will evolve in order for attackers to cover their tracks. To date, evasion has been currently focused on counter antivirus and intrusion prevention or antibotnet. Fortinet predicts this will evolve with a focus on Sandbox evasion.
In addition, similar to counter intelligence, it is possible that attackers will frame the innocent by throwing more red herrings into their attacks to thwart investigators and intentionally planting evidence that point to an unassociated attacker.
- Denial of revenue as data breaches continue and expansion
2014 is becoming known as the "year of the data breach," with significant thefts from stores like Target, Michaels, P.F. Changs and Home Depot. Fortinet's threat research division, FortiGuard, predicts this trend will continue in 2015 as hackers become more sophisticated and find new loopholes for infiltrating retail and financial systems.
Sign up for Computerworld eNewsletters.