Lancope® Reveals Cybersecurity Predictions for 2015 - Ransomware, Muleware and Extortionware Take Center Stage
-- Company to hold complimentary webinar on Wednesday, December 17 to discuss predictions
ATLANTA, Dec. 10, 2014 /PRNewswire/ -- Lancope, Inc., a leader in network visibility and security intelligence, has cast its 2015 cybersecurity predictions, foreshadowing some of the biggest threats that enterprises will face in the coming year. According to Lancope CTO, TK Keanini, ransomware, muleware and extortionware will all come to the foreground as attackers continue to expand on their objectives and innovate in order to bypass conventional security defenses. Lancope will hold a complimentary webinar on Wednesday, December 17 to discuss these and other security predictions for next year. Click here to register.
"Cybersecurity continues to be a very costly cat-and-mouse game," said Keanini. "As we improve our defenses, the attackers develop new ways to get around them and infiltrate our valuable systems and data. In order to succeed in today's security battle, defenders must be intimately familiar with the latest techniques being used by the attackers, and be very quick on their feet when it comes to employing appropriate defenses. The conventional, one-size-fits-all approach to security has officially become futile."
Keanini predicts that the following types of attacks will become bigger concerns in 2015:
- Muleware – Unlike malware, muleware solicits the participation of end users and offers them incentives to play a small role in the attack. Up until this point, cyber criminals have had to exploit and compromise users' devices to attain valuable resources. Moving forward, Keanini predicts that we will see more internal users involved in externally-launched attacks, making it easier for attackers to infiltrate the network and stay under the radar. This practice brings a new level of concern when it comes to insider threats.
- Ransomware – Ransomware such as CryptoLocker remains very profitable, and Lancope expects to see an expanded use of ransomware in the coming year. One industry at great risk here is healthcare. Three factors make it a highly attractive target for ransomware expansion: 1) the mandate to move to electronic records, 2) the sensitive nature of healthcare data, and 3) the immaturity of the information security practices that exist in the healthcare industry today.
- Extortionware – Extortionware is a spinoff of ransomware whereby unless you pay a certain amount to the attacker, your sensitive (and potentially incriminating) data will be made public for all to see. Much like spear phishing, this type of attack is more targeted than ransomware, but attackers will yield a higher take per victim, and the victims are less likely to involve law enforcement due to the sensitive nature of their data.
- Re-Authentication Exploitation – Authentication methods are getting stronger, and the adoption of two-factor authentication is growing and defeating historical brute-force password attacks. However, the bad news is that attackers are innovating and finding weaknesses in re-authentication processes where standards are not widely adopted. Various instances have proven that a very persistent and irate customer can almost always get re-authenticated without the proper credentials, and this is not good when that person is actually an attacker.
In order to combat these and other types of attacks, organizations must continue to refine their incident response processes. Security surprises in 2014 including the Heartbleed and Shellshock vulnerabilities helped to underscore the criticality of comprehensive response and business continuity plans.
"Additionally," says Keanini, "now is the time for enterprises to look into next-generation infrastructure like SDN as a new way to deal with persistent attackers. The Internet of Things and a dynamic, BYOD workforce are driving the need for a more adaptive perimeter, and I believe SDN will soon begin to play a huge role in how we design and secure our networks."
For more information on these and other 2015 security predictions, click here to register for the complimentary webinar on December 17.
About Lancope
Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today's top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope's StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope's security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit www.lancope.com.
©2014 Lancope, Inc. All rights reserved. Lancope and StealthWatch are registered trademarks of Lancope, Inc. All other trademarks are properties of their respective owners.
Share this article