The document provides predictions for cybersecurity trends in 2015 from Lookout co-founders John Hering and Kevin Mahaffey. Some of the key predictions include: (1) privacy concerns will increase for enterprises balancing individual privacy with corporate security; (2) cybercrime will become more common and severe, targeting valuable online data; and (3) the United States will see more mobile malware attacks as criminals target lucrative American users and networks.

1. 2015 CYBERSECURITY
PREDICTIONS

2. THE YEAR 2015 IS GOING TO BE
A LANDMARK YEAR FOR MOBILE.

3. W E ’ R E G O I N G T O S E E A N I N C R E A S E I N
PRIVACY CONCERNS, MALWARE IN
THE U.S., AND iOS ATTACKS.
B U T W E ’ L L A L S O W I T N E S S
BIG CHANGES IN THE WAY THE WORLD
THINKS ABOUT SECURITY AND THE
TECHNOLOGY BEHIND THE PROTECTION
W E A L L D E P E N D U P O N A N D T R U S T.

4. LOOKOUT CO-FOUNDERS JOHN HERING
AND KEVIN MAHAFFEY PUT TOGETHER THIS
LIST OF PREDICTIONS – THE WAY WE SEE
THE MOBILE SECURITY INDUSTRY MOVING.

5. There will no longer be a
technology industry. All industries
will be technology industries.
K E V I N M A H A F F E Y

6. AS THE DIGITAL SURFACE AREA
INCREASES, SECURITY AND
PRIVACY WILL BE CRITICAL.

7. In the past, there has been a divide between
technology companies—Facebook, Google,
Yahoo, Oracle—and the rest of the economy.
!
Getting a taxi, booking a hotel, watching a
movie, listening to music, and buying a used
car are all examples where technology is
transforming industries that would not, in the
past, consider themselves to be technology
industries.
!
Existing companies will either turn
themselves into technology companies or be
disrupted by innovative competitors

8. Privacy concerns will head
J O H N H E R I N G
to the enterprise.

9. ENTERPRISES WILL BE INCREASINGLY
FACED WITH A SET OF COMPLICATED
CHALLENGES AS THEY STRIVE TO
RESPECT INDIVIDUAL PRIVACY WHILE
KEEPING CORPORATE INTERESTS
SAFE FROM ATTACKERS.

10. Regardless of who owns the device,
smartphones and tablets have become
innately personal, oftentimes housing
personal photos and banking information
alongside corporate data. That means that
most employees want some level of control
over the device.
!
Multinational corporations will have a
particularly tough time as each country in
which they operate has unique regulations
and user expectations with regard to
privacy.

11. Cybercrime will just be
called crime.
K E V I N M A H A F F E Y

12. AS MORE VALUE IN THE WORLD IS
STORED ON CONNECTED COMPUTING
DEVICES, THERE’S MORE INCENTIVE
FOR CRIMINALS TO STOP STEALING
CARS AND START STEALING DATA AND
MONEY FROM COMPUTERS.

13. In the past, crimes committed using
computers were so rare relative to
physical-world crimes that we gave them a
fancy name, “cybercrime.” Today,
prominent organizations are hacked on a
weekly basis and as a result, millions of
consumers are put at risk of identity theft
and financial fraud whether it be through
their PC or mobile device.
!
The Center for Strategic and International
Studies estimated the likely annual cost of
cybercrime and economic espionage to
the world economy at more than $400
billion. This shift to online crime is a
benefit and a curse. The curse is that
breaches can be much more severe in the
online world, but the benefit is that we
have new tools such as predictive security
to prevent crime and catch criminals that
are not practical to deploy in physical-world
crime.

14. United States will become more
of a target for mobile malware.
J O H N H E R I N G

15. THE U.S. HAS TYPICALLY REMAINED
SOMEWHAT REMOVED FROM THE
MOBILE MALWARE AND THREATS
SEEN IN OTHER PARTS OF THE WORLD.
THAT WON’T BE THE CASE FOR LONG.

16. NotCompatible, a kind of malware that turns
phones into bots, targeted between 4 and 4.5
million U.S. smartphones this year. We estimate
that U.S. phones were an attractive target
because U.S. IP addresses are like a high-profile
zip code. Having access to a range of them
would give malware operators the legitimacy
to target American entities, such as
TicketMaster for scalping tickets.
!
We also saw hundreds of thousands of Android
users in the U.S. affected by a particularly
concerning form of malware called
“ransomware” -- so named because it literally
holds its victims’ devices hostage until they pay
a ransom. Given the ransomware authors’
success in 2014, there will likely be more
versions of ransomware introduced to the U.S.
market in 2015.

17. Mainstream iOS attacks
will increase.
K E V I N M A H A F F E Y

18. NO COMPUTING DEVICE IS IMMUNE FROM
ATTACK; HOWEVER, SOME ARE LESS
FREQUENTLY TARGETED THAN OTHERS.

19. While targeted remote access trojans
(RATs) and exploits have existed on iOS
for years, now that iOS has gained
significant market share around the
world, criminals have begun targeting it
more broadly.
!
For example, the WireLurker malware
that was discovered in November
monitors any iOS device connected via
USB with an infected OS X computer and
installs downloaded third-party or
malicious applications onto the device,
regardless of whether it is jailbroken.
This makes all iOS devices vulnerable,
not just those that have been jailbroken.
!
As iOS continues to grow around the
world, particularly in emerging markets,
we’ll likely see more attackers focus their
efforts on mainstream iOS users.

20. Companies will replace reactive
security with predictive security.
K E V I N M A H A F F E Y

21. BREACHES OF HIGH-PROFILE COMPANIES
HAVE BECOME THE NORM. THE SECURITY
STATUS QUO IN MOST ENTERPRISES
CLEARLY DOES NOT WORK.

22. Anti-virus tries to identify attacks that
have been used in the past, but attackers
can slightly modify their code to get
around signatures. Behavioral
sandboxes installed on the network
perimeter try to fool attackers into
executing their payloads in a virtual
environment, but either can’t identify
sophisticated attacks or produce so
much noise that they are unusable.
!
Early-adopter security organizations
have started using large datasets and
machine intelligence to predict attacks
on their internal networks. Mobile and
cloud will start to see predictive security
get more widely adopted over the next
two years.

23. Pre-installed malware
will increase.
K E V I N M A H A F F E Y

24. AS LOW-COST ANDROID PHONES HIT
THE WORLD MARKET AT MASSIVE
SCALE, ATTACKERS WILL START
TARGETING THE SUPPLY CHAIN TO
PRE-INSTALL MALWARE ON DEVICES.

25. In the past year, Lookout identified two
families of malware pre-loaded on
phones, Deathring and Mouabad.
Because pre-loaded malware is part of
the “system” partition of a device, it is
nearly impossible for ordinary users to
remove it.
!
Such supply chain issues are particularly
concerning to businesses who may have
employees bring in their own, pre-exploited
devices onto the sensitive
corporate network.

26. Internet of Things/wearable
devices will not be a priority
for cybercriminals… yet.
J O H N H E R I N G

27. IOT AND WEARABLES ARE NOT
MAINSTREAM ENOUGH YET, AND
WON’T BE FOR ANOTHER 3-5 YEARS, TO
BE SIGNIFICANT TARGETS FOR
CYBERCRIMINALS.

28. Today, cybercriminals remain focused on
the most lucrative targets: PCs and
increasingly, mobile devices. It will take
multiple generations of wearables and
IoT devices on the market to achieve the
critical mass necessary for us to be
highly concerned.
!
That said, connected devices need to be
built with a potential threat top of mind,
particularly given the amount of sensitive
or personal information they have the
ability to store and transmit.

29. Vulnerable apps will become a
bigger problem than vulnerable
operating systems.
K E V I N M A H A F F E Y

30. AS DEVELOPERS SEEK TO
CHURN OUT APPS FASTER THAN
THEIR COMPETITORS, SECURITY
AND PRIVACY ARE OFTEN AN
AFTERTHOUGHT.

31. As of January 2014, mobile apps (not
mobile browsers) replaced desktop web
browsers as the primary way people use
the Internet. Mobile operating systems
have been getting more secure over the
past several years; however the attack
surface due to mobile apps has
increased.
!
Apps can contain vulnerabilities that put
both their data at risk as well as open a
hole for a network-based attacker to run
arbitrary code on a device. For example,
with a recent vulnerability (Android
unsafe usage of addJavascriptInterface),
Lookout measured over 90,000 apps
that were likely vulnerable. This is an
impossible patch logistics problem.
Operating system patch cycles are still a
problem, but the numbers are relatively
tractable relative to the huge numbers
of mobile apps.

32. For more mobile security information, follow