Security Predictions for 2015

2014 has been a very interesting year with some really big data breaches on companies like Sony, eBay, Dominos and widespread software vulnerabilities like Shellshock and Heartbleed. The number of security breaches continue to rise and with the introduction of wearables and rise in the use of smartphones, we are literally carrying all our information with us, which increases the attack surface even further. Hence, we decided to compile a list of security predictions for 2015.

Attacks on legacy softwares

In 2014, we had two major vulnerabilities with the names of Heartbleed and Shellshock, one of which targeted a weakness in the OpenSSL cryptographic library and the other one in the Unix Bash shell. These are softwares we have been dependent on since a long time and any vulnerability in these softwares could potential have a very huge target base. Attackers have already recognized this fact and we can expect more of such vulnerabilities discovered in the coming year.

Internet of things (iOT) & embedded devices

In the coming year, we are going to see an increase in the adoption of gadgents, home appliances that connect to the internet. However, in additon to the convenience it offers us, it also increases the attack surface for the hacker. This year, there have been a number of attacks demonstrated in conferences worldwide showing attacks on these embedded devices. Also, some of these devices might not even support software upgrade, which makes it even more vulnerable. These devices could be potentially used to install trojans on the network, install malware and ransomware, deliver unwanted ads etc. Security of Internet of things is worth keeping a close eye on for 2015.

Increase in logical flaws

These days, you won’t usually find a XSS or a CSRF vulnerability on a popular website. Attackers have hence started shifted to exploiting logical vulnerabilites within popular websites. These attacks don’t target a specific documented vulnerability but instead find an issue with the logic of the code and use it to conduct an attack. For e.g, Yasser ali demonstrated how he was able to hijack a paypal account with just a single click. So we can surely expect an increase in the rise of logical flaws in 2015.

Big Data breaches on organizations

There have been a number of major data breaches in 2014 and we expect the number to rise in 2015. In most of the cases, the attack surface have been the employers working at the company who were targeted through phishing attacks or social engineering attacks. Hence, even further attacks on the users are expected resulting to some major data breaches.

Attacks on Cloud Storage Providers

Want to learn more?? The InfoSec Institute CISSP Training course trains and prepares you to pass the premier security certification, the CISSP. Professionals that hold the CISSP have demonstrated that they have deep knowledge of all 10 Common Body of Knowledge Domains, and have the necessary skills to provide leadership in the creation and operational duties of enterprise wide information security programs.

InfoSec Institute’s proprietary CISSP certification courseware materials are always up to date and synchronized with the latest ISC2 exam objectives. Our industry leading course curriculum combined with our award-winning CISSP training provided by expert instructors delivers the platform you need in order to pass the CISSP exam with flying colors. You will leave the InfoSec Institute CISSP Boot Camp with the knowledge and domain expertise to successfully pass the CISSP exam the first time you take it. Some benefits of the CISSP Boot Camp are:

  • Dual Certification – CISSP and ISSEP/ISSMP/ISSAP
  • We have cultivated a strong reputation for getting at the secrets of the CISSP certification exam
  • Our materials are always updated with the latest information on the exam objectives: This is NOT a Common Body of Knowledge review-it is intense, successful preparation for CISSP certification.
  • We focus on preparing you for the CISSP certification exam through drill sessions, review of the entire Common Body of Knowledge, and practical question and answer scenarios, all following a high-energy seminar approach.

This is a repeat from the 2014 security predictions. But we have been storing information on cloud service like never before. Be it iCloud, dropbox, google drive etc. We all use these services. Attacks on such a service will compromise millions of account . Hence, it won’t be surprising if we see increased attacks on cloud storage providers in the coming year.

<!–
ADINJ DEBUG
Ad Injection in-content injections complete!
No top ad defined in any of the ad code boxes
No bottom ad defined in any of the ad code boxes
Content length=497 (words) Raw character length=3407 Paragraph count=11
Top ad paragraph: -1
Bottom ad paragraph: -1
1st Injected random ads range starts at: 10, and ends at: 11
2nd Injected random ads range starts at: 10, and ends at: 11
potential_random_ad_paragraphs:2
Only 1 random ad because post length
Source: SCOOP.IT