Full Report
As regular readers will know, every year we publish our predictions on cybercrime attacks for the year ahead. Well, our South American research team has spent the last few weeks putting together our predictions for 2015.
Analysis Summary
# Industry News: ESET Research Predictions for 2015 Cybercrime Trends
## Summary
ESET South American research team has released its key predictions for cybercrime trends in 2015, emphasizing the continued rise of highly specialized Targeted Attacks (APTs), increased focus on digital payment systems and cryptocurrencies, and the emergence of the Internet of Things (IoT) as a future attack surface. These predictions, based on data from 2014, highlight shifts from broad attacks to highly focused, persistent threats.
## Key Details
- Date: December 18, 2014 (Summary publication)
- Companies Involved: ESET Research (ESET LATAM Research Team)
- Category: Threat Landscape Prediction/Market Analysis
## The Story
ESET's annual cybercrime prognosis for 2015 highlights several critical areas of concern for the coming year. The most significant trend identified is the escalating prevalence of Targeted Attacks, or APTs, quantified by the jump from 3 identified attacks in 2010 to 53 known attacks in 2014. These attacks are characterized by selected targets, stealth, and duration, often leveraging social engineering or 0-day exploits. Furthermore, cybercriminals are heavily focusing on payment systems—both traditional Point of Sale (PoS) infrastructure (citing major breaches like Target and Home Depot) and emerging digital currencies like Bitcoin and Dogecoin via malware pushing crypto-mining. Finally, while not expected to be massive in 2015, the Internet of Things (IoT)—including connected cars, smart TVs, and home devices—is flagged as a unique and innovative area for future cybercrime given the influx of new, vulnerable connected devices. Mobile attacks are also predicted to continue their upward trajectory.
## Business Impact
### For the Companies Involved
- **ESET:** Reinforces ESET’s position as a thought leader in threat intelligence, driving demand for their advanced security products focused on detection and response to sophisticated threats like APTs.
### For Competitors
- Competitors will be pressured to demonstrate comparable or superior intelligence gathering and analysis concerning APTs and expanding attack surfaces like IoT, validating the focus areas ESET has outlined.
### For Customers
- **Enterprises:** Must prioritize threat hunting capabilities to counter silent, long-running APTs and adopt robust security for PoS environments and payment gateways.
- **Consumers:** Face growing risks associated with mobile devices and the early stages of IoT vulnerabilities.
### For the Market
- The predictions confirm a market transition where generic antivirus solutions are insufficient; the market demand will skew toward next-generation security focused on behavioral analysis, tailored threat detection, and endpoint detection and response (EDR).
## Technical Implications
The emphasis on APTs suggests continuing innovation in malware evasion techniques, demanding advanced persistence monitoring and granular visibility into network traffic. The focus on payment systems implies the maturity of malware families like BlackPOS variants and an increased need for securing RDP access to PoS terminals. The inclusion of IoT points toward the exploitation of embedded systems, resource-constrained devices, and novel attack vectors targeting electronics control units (ECUs) and consumer gadgets.
## Strategic Analysis
- Market Positioning: ESET is strategically positioning itself at the forefront of enterprise threats by focusing heavily on high-value, low-volume attacks (APTs) rather than just volumetric consumer threats.
- Competitive Advantage: By correctly identifying the shift toward targeted attacks and emerging vectors like IoT, ESET gains a signaling advantage, aligning its product roadmap with predicted high-end threats.
- Challenges: The primary challenge is the speed of attacker innovation. While ESET predicts trends, the efficacy of their solutions depends on rapidly developing defenses against unknown 0-day exploits used in these targeted campaigns.
## Industry Reactions
- **Analyst Opinions:** Analysts likely view this report as confirming the hardening cybersecurity landscape, validating increased security spending toward proactive threat hunting rather than merely reactive signature-based defense.
- **Expert Commentary:** Experts would likely stress the importance of the data breach statistics (especially the heavy impact on healthcare) to justify increased regulatory scrutiny and mandatory breach disclosure.
- **Market Response:** Investors and security buyers would be expected to show increased interest in vendors specializing in threat intelligence feeds, advanced malware analysis, and enterprise protection platforms.
## Future Outlook
- **Predictions and Expectations:** Expect 2015 to see higher-profile breaches attributed to APT groups, further consolidation of cryptocurrency theft as a profitable niche, and vendor announcements specifically addressing "IoT security."
- **What to watch for:** The evolution of ransomware outside of traditional desktop environments and whether the predicted IoT attacks move from proof-of-concept to large-scale monetization.
## For Security Professionals
Security teams must shift focus toward threat hunting, dedicating resources to detect stealthy, long-lived malware campaigns. Patch management and securing legacy PoS systems remain critical. Furthermore, IT asset discovery processes must be expanded to catalog any newly connected IoT devices entering the corporate or enterprise environment.