Cyber attacks on the rise as capabilities become more sophisticated

USPA News - A series of spectacular cyber attacks over the past year is expected to continue in 2015 as cyber criminals exploit new techniques while cyber espionage capabilities become increasingly sophisticated, American security researchers warned on Tuesday, dubbing 2014 `the year of shaken trust.` Computer security company McAfee said it detected more than 307 new threats every single minute during the third quarter of this year, with mobile malware samples growing by 16 percent during the quarter, and overall malware surging by 76 percent year-on-year. The quarter was marked by threat development milestones as cyber criminals exploited long-established standards.

The researchers also identified new attempts to take advantage of Internet trust models, including secure socket layer (SSL) vulnerabilities such as Heartbleed and BERserk, and the continued abuse of digital signatures to disguise malware as legitimate code. "The year 2014 will be remembered as `the Year of Shaken Trust,`" said Vincent Weafer, Senior Vice President at McAfee Labs. "This unprecedented series of events shook industry confidence in long-standing Internet trust models, consumer confidence in organizations` abilities to protect their data, and organizations` confidence in their ability to detect and deflect targeted attacks in a timely manner." For 2015, McAfee Labs predicts that malicious parties will seek to extend their ability to avoid detection over long periods, with non-state actors increasingly adopting cyber espionage capabilities for monitoring and collecting valuable data over extended targeted attack campaigns. Efforts to identify vulnerabilities in applications and networks are expected to become increasingly intense. "Restoring trust in 2015 will require stronger industry collaboration, new standards for a new threat landscape, and new security postures that shrink time-to-detection through the superior use of threat data," Weafer said. "Ultimately, we need to get to a security model that`s built-in by design, seamlessly integrated into every device at every layer of the compute stack."