Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
© 2014 IBM Corporation
IBM Security
1© 2014 IBM Corporation
2015 Cybercrime Trends:
Things are Going to Get Interesting
© 2014 IBM Corporation
IBM Security
2
Agenda
 Review of 2014 predictions
 Review of 2014 threats
 2015 Cybercrime predi...
© 2014 IBM Corporation
IBM Security
3
I Will Try to:
 Avoid generic predictions such as:
– “This year we will see more da...
4 © 2014 IBM Corporation
2014 Was… Interesting
© 2014 IBM Corporation
IBM Security
5
Our 2014 Predictions:
 Source code leaks will accelerate malware release cycles
 S...
© 2014 IBM Corporation
IBM Security
6
GameOver Zeus – Alive, Dead & Resurrected
 Cutwail spam botnet distribution (Blackh...
© 2014 IBM Corporation
IBM Security
7
The Growth in Device Takeover
 From simple RATs to advance malware – device takeove...
© 2014 IBM Corporation
IBM Security
8
Major Breaches
 There were so many… Does anyone even remember
P.F.Chang and Evernot...
© 2014 IBM Corporation
IBM Security
9
Underground Services
9
User Name + Password
OTP SMS
Credentials
OTP SMS
TOR C&C
10 © 2014 IBM Corporation
2015 Cybercrime
© 2014 IBM Corporation
IBM Security
11
More of 2014…
 If it ain’t broke don’t fix it!
 Malware is constantly adapting to...
© 2014 IBM Corporation
IBM Security
12
Mobile Threats – New Vectors
 We have seen classic threats migrate to mobile:
– Ph...
© 2014 IBM Corporation
IBM Security
13
Biometrics for Authentication
 Criminals will target biometrics
– How accurate is ...
© 2014 IBM Corporation
IBM Security
14
Cybercriminals Will Rely on Anonymity Networks
 Accessing TOR and other networks i...
© 2014 IBM Corporation
IBM Security
15
EMV for POS and ATM Means CNP Fraud
 Chip and PIN cards will be introduced in the ...
© 2014 IBM Corporation
IBM Security
16
It’s Not Just About Bank Accounts and Card Data
Cybercriminals are always looking ...
© 2014 IBM Corporation
IBM Security
17
Summary…but…
 Cybercriminals will break borders (technology and geography)
 Mobil...
18 © 2014 IBM Corporation
Things to Watch for
© 2014 IBM Corporation
IBM Security
19
Technology Ripples
 Traditional “tactical view” is not enough
 Different changes ...
© 2014 IBM Corporation
IBM Security
20
Geopolitical & Economical Changes
 Changes may affect:
– Targets
– Methodology
– T...
© 2014 IBM Corporation
IBM Security
21
Sony – A Dangerous Precedent
 Is your organization ready for such threats?
– The t...
© 2014 IBM Corporation
IBM Security
22
New Tech – New Challenges
 New technology challenges:
– Wearable tech
– IoT (Inter...
© 2014 IBM Corporation
IBM Security
23
Remember – Security is in YOUR Hands
© 2014 IBM Corporation
IBM Security
24
 Discover the latest IBM solutions and hear real-life experiences from IBM clients...
© 2014 IBM Corporation
IBM Security
25
www.ibm.com/security
© Copyright IBM Corporation 2014. All rights reserved. The inf...
Upcoming SlideShare
Loading in …5
×

2015 Cybercrime Trends – Things are Going to Get Interesting

7,160 views

Published on

What a year 2014 has been for cybercriminals! It’s time to take a look back at 2014 and learn what’s in store for 2015. How much further will cybercriminals go? What new techniques will we see? What are the main threats we should be wary of in 2015?

From new malware families to PC grade mobile malware, from persistent PC Trojans to cloud based criminal services –cybercriminals have been keeping busy with new and advanced techniques.

In this session, IBM Security’s Senior Fraud Prevention Strategist, Etay Maor, will take you through the top stories that made waves in in 2014’s cybercrime threat environment and review at the upcoming cybercrime trends for 2015.

We will look some of the biggest (and baddest) in cybercrime innovation, showcasing specific attacks that highlight the ingenuity observed in 2014 and discuss what we can expect in terms of PC and mobile fraud in 2015.

In this presentation, you will learn about:

– Latest malware attacks and evasion techniques
– How organizations failed to prevent attacks in 2014
– Forecast of how recent attacks will affect attacks in 2015

View the full on-demand webcast: https://attendee.gotowebinar.com/recording/4171628843485100290

Published in: Software
  • Dating for everyone is here: ❶❶❶ http://bit.ly/2F4cEJi ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Follow the link, new dating source: ♥♥♥ http://bit.ly/2F4cEJi ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

2015 Cybercrime Trends – Things are Going to Get Interesting

  1. 1. © 2014 IBM Corporation IBM Security 1© 2014 IBM Corporation 2015 Cybercrime Trends: Things are Going to Get Interesting
  2. 2. © 2014 IBM Corporation IBM Security 2 Agenda  Review of 2014 predictions  Review of 2014 threats  2015 Cybercrime predictions  Things to watch for!
  3. 3. © 2014 IBM Corporation IBM Security 3 I Will Try to:  Avoid generic predictions such as: – “This year we will see more data breaches” – “Malware numbers will rise”  Provide other vectors to watch for – Ripple effects – Strategic Vs Tactic
  4. 4. 4 © 2014 IBM Corporation 2014 Was… Interesting
  5. 5. © 2014 IBM Corporation IBM Security 5 Our 2014 Predictions:  Source code leaks will accelerate malware release cycles  SMS-forwarding malware will be widely used  Old school malware techniques will make a comeback  Account takeover will move to the victim’s device  Malware research evasion will become more popular  Hey – www.securityintelligence.com has some great webinars and blogs to demonstrate all of this!
  6. 6. © 2014 IBM Corporation IBM Security 6 GameOver Zeus – Alive, Dead & Resurrected  Cutwail spam botnet distribution (Blackhole, Pony) – Ransomware – DDoS  P2P infrastructure  This became a HUGE BOTNET  Operation Tovar  And…
  7. 7. © 2014 IBM Corporation IBM Security 7 The Growth in Device Takeover  From simple RATs to advance malware – device takeover was everywhere  PoS attacks targeted built in remote session solutions  Citadel’s persistent RDP and new targets
  8. 8. © 2014 IBM Corporation IBM Security 8 Major Breaches  There were so many… Does anyone even remember P.F.Chang and Evernote by now?  If you want the red pill go to http://hackmageddon.com/  Several (not very surprising) reoccurring themes: – Zero day exploits in common software – 3rd party hack – Use of RATs Source: hackmageddon.com
  9. 9. © 2014 IBM Corporation IBM Security 9 Underground Services 9 User Name + Password OTP SMS Credentials OTP SMS TOR C&C
  10. 10. 10 © 2014 IBM Corporation 2015 Cybercrime
  11. 11. © 2014 IBM Corporation IBM Security 11 More of 2014…  If it ain’t broke don’t fix it!  Malware is constantly adapting to the security market  Cybercriminals are finding new ways to corporate and overcome cultural differences Breakdown of boarders – geography and technology
  12. 12. © 2014 IBM Corporation IBM Security 12 Mobile Threats – New Vectors  We have seen classic threats migrate to mobile: – Phishing – Ransomware – Overlay We are bound to see mobile specific exploit kits Bundling frameworks and services (perhaps automated) Device takeover malware for mobile NFC, ApplePay – new targets Mobile malware will target more than SMS
  13. 13. © 2014 IBM Corporation IBM Security 13 Biometrics for Authentication  Criminals will target biometrics – How accurate is your biometric? – Biometrics database security – The user...
  14. 14. © 2014 IBM Corporation IBM Security 14 Cybercriminals Will Rely on Anonymity Networks  Accessing TOR and other networks is becoming easier  Safer cybercrime eCommerce platform  Safer for malware infrastructure (i2Ninja, Chewbacca…)  Also presents challenges Broader adaptation of anonymity networks and encryption
  15. 15. © 2014 IBM Corporation IBM Security 15 EMV for POS and ATM Means CNP Fraud  Chip and PIN cards will be introduced in the US Push for more Card Not Present fraud Look for bad implementation of EMV (EMV replay attacks?)
  16. 16. © 2014 IBM Corporation IBM Security 16 It’s Not Just About Bank Accounts and Card Data Cybercriminals are always looking for other ways to monetize  Example - Healthcare: – Seller: • Easier to steal • More profitable than a credit card – Buyer: • Harder to detect • Many opportunities
  17. 17. © 2014 IBM Corporation IBM Security 17 Summary…but…  Cybercriminals will break borders (technology and geography)  Mobile exploit packs, device takeover, payment targeting and more  Biometrics as a target  The use of anonymity networks and encryption  CNP fraud and attacks on EMV  New monetizing ventures such as healthcare  BUT… There are a couple of other things to watch for!
  18. 18. 18 © 2014 IBM Corporation Things to Watch for
  19. 19. © 2014 IBM Corporation IBM Security 19 Technology Ripples  Traditional “tactical view” is not enough  Different changes in multiple fields effect cyber security  Close ripples: – Attacks against other vectors – New precedents – New technologies  Distant ripples: – Geopolitical – The squeeze effect
  20. 20. © 2014 IBM Corporation IBM Security 20 Geopolitical & Economical Changes  Changes may affect: – Targets – Methodology – Threat actors  Consider: – The situation in Russia – The Snowden leaks
  21. 21. © 2014 IBM Corporation IBM Security 21 Sony – A Dangerous Precedent  Is your organization ready for such threats? – The threat may move out of the cyber world  What are your organization’s crown jewels?
  22. 22. © 2014 IBM Corporation IBM Security 22 New Tech – New Challenges  New technology challenges: – Wearable tech – IoT (Internet of Things)  Will ransomware be applied to IoT? – A car lockdown? – A house blackout? – A pacemaker threat?
  23. 23. © 2014 IBM Corporation IBM Security 23 Remember – Security is in YOUR Hands
  24. 24. © 2014 IBM Corporation IBM Security 24  Discover the latest IBM solutions and hear real-life experiences from IBM clients who are working with us to drive advanced security controls into their organizations IBM Security @ Interconnect delivers:  Three Days of keynotes and general sessions featuring industry thought leaders  100+ Security Sessions including hands-on labs and certification testing  Solution Expo featuring demonstrations of the latest products and services from IBM Security and IBM partners  More Networking Events than ever to expand and strengthen your sphere of influence Register at ibm.com/interconnect today!
  25. 25. © 2014 IBM Corporation IBM Security 25 www.ibm.com/security © Copyright IBM Corporation 2014. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, these materials. Nothing contained in these materials is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in these materials to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in these materials may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed or misappropriated or can result in damage to or misuse of your systems, including to attack others. No IT system or product should be considered completely secure and no single product or security measure can be completely effective in preventing improper access. IBM systems and products are designed to be part of a comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM DOES NOT WARRANT THAT SYSTEMS AND PRODUCTS ARE IMMUNE FROM THE MALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

×