executive summary
Dynamic changes in technology opening new ways of doing business. Increase use of Smart Mobile devices, Social Media and Cloud platform offers attractive opportunities. However at the same time, they also pose a plethora of information security risk. We have to find new ways to tackle this new age sophisticated cyber-crimes. Our dependency on technology is increasing and so the new breed of tech savvy fraudsters is coming out with new and innovative ways of carrying out Cyber Attacks. CCFIS is a research organization with a mission to secure the Nation’s IT infrastructure through our extensive and continuous Research. Our research reveals many key emerging trends in Cyber-Crime for year-2015.
In this digital world where everything is connected to itself and to our self, we at CCFIS question that how secure this connection is? In 2015, with enhancement of technology there will be increase in cyber threats. At CCFIS labs we conduct extensive continuous research and that has made us capable of predicting upcoming cyber threats and hacker’s psychology. Through this bulletin we are predicting some common threats that may raise in year 2015.
surveillance data privacy
Our banks, travel agencies, Adhar Card, PAN Cards, Email Hosting, Hospitals etc. stores very critical data about us. These data contains sensitive information like profile, financial information, email records, phone call details, pictures, travel & location information and almost everything one need to know about anyone. These data helps LEAs in investigating crime and allows intelligence agencies to predict and mitigate threats to nation and its citizens.
Unfortunately exactly the same information is required by any hacker to defame anyone or to perform any targeted attack. These critical data are stored in state of art data centers. These data are like golden pot for any hacker. Hackers and state sponsored hacktivist groups are targeting these data of other nations.
In 2015, attacks will be more to compromise the data center rather than targeting users individually. No matter how much secure one data center is, there isn’t any solution to targeted attacks, especially when the attack is zero day.
We have two recommendations to minimize these attacks -
· One is by creating a complete local network of sensitive data and keep it accessibility limited only to close group & LEAs. Data center should be hosted in a network and all users requesting some data should be in local network only and should not be connected to internet anyhow.
· Implementation of device authentication by access control lists will be addition layer of security. Another solution to minimize these attacks should be by installing honeypots. As when attackers will try to compromise the network, they will see two options, one will be original network and another will be fake network. The fake network will be easier to compromise and will have fake data to lure and confuse hackers.
internet of things
When we talk about Internet of Things, every time we hear about most famous word ‘Connected’. But the question raises, how secure this connection is? These connected devices control our home, offices, electrical appliance and what not. Most of these devices are guarding our homes. These devices are mostly based on ARM technology with boards like Arduino, Raspberry Pi, Intel Galileo, CubieTruck and custom based low powered devices. These devices aren’t that much powerful to be configured securely. Most of these boards are open source and their firmware are available over internet for anyone to download and tinker with.
Hacker will be interested in Internet of Things and Connected devices, following are some of the threats that we can predict for 2015 –
· Most of the IoT devices uses open source boards and their firmware can be reverse engineered to find vulnerabilities and various devices can be exploited.
· ‘Connected’ means these devices will be connected to internet or your mobile device or to any central server to process requests. But the connection between these devices can be vulnerable.
· The way you can access your home’s electrical appliances via internet, hackers can also access these devices via internet and exploit.
· Central servers that acts control and command server can also be a major target from hackers. As once they have compromise this server, they can control all the devices connected to this server. For example if a company A has manufactured a home security system, this home security system is installed in 1000s of houses and is connected to central server of company A via internet. Users login to web portal of company A to access their devices using their credentials. Now instead of attacking and compromising every device, hackers can target the central server of Company A through which they can control all the home security systems that company has manufactured.
We recommend manufacturers and makers to go for custom boards rather than using open source boards if they are going for commercialization and mass production of their appliance. Manufacturers need to perform proper and timely VAPT of customer appliances and their internal server to stay a step ahead from hackers. Also the connection between appliance to server and server to user should must be encrypted. For users we recommend to buy appliances in which there are options to define access control, so that they can define that will access the appliances. These are some of the best practices that can reduce threat but cannot mitigate it completely.
biometric data from social media & internet
As per BBC News, hackers have found way to clone fingerprints just picture taken from any standard camera. Hackers also claimed that they have cloned thumbprint of German Politician and also they cloned finger print of defense minister Ursua von der Leyen.
This time hackers did it with some commercial image processing software and it’s just a matter of time that someone will develop an open-source tool for the same and will be shipped bundled with Kali-Linux. However the technique hasn’t been made available to public yet.
Most critical assets and systems of any countries are secured using biometric technologies, generally with fingerprint or retina scans of our leaders. Photographs, videos, fan pages of our leaders are available online and that too in high definition. If a hacker needs to break into any system which is controlled by country’s leader then instead of exploiting that system, he will download some photograph of leader and can find his fingerprints to bypass security. The eyeball in pictures of these leaders can be used to create duplicate eyeballs using 3D printer which is available in less than 100$.
The threat is not only limited to our national security but we as common men are also vulnerable to these. Most of laptops are equipped with biometric sensors (especially corporate laptops) and we all have our social media account in which we have posted some photos that reveal palm and hence fingerprint. Hackers can take advantage of this and can enter our personal or business laptops.
There isn’t any counter measures to these types of attacks as the attack prototype hasn’t been released yet by hackers. But we recommend our leaders to use gloves while attending public or press conferences. We as common men should take sufficient care to hide our palm as much as possible (especially fingerprints) to avoid such attacks. Banks in 2015 are about to install fingerprint authentication in their ATMs.
hacking airlines
Flight controller software that is used to control each and every action of flight runs on an operating system and most of the time its Linux. After missing of Malaysian MH370, many researcher claimed that it’s a result of cyberattack.The flight controller software of MH300 was compromised and then its direction and coordinates were changed. But sending malicious codes to flight controller can only be done through base station and hence there must be someone insider involved in this attack. 
In 2015, we predict that hackers will find out ways to compromise these flight controller software remotely without even help of any insider, and this will become scenario extremely worse as the result may cause loss in human life. In 2015, hackers will also try to find out technique to compromise flight controller software of fight airplane by hacking the systems of base stations which are connected to internet and are easier targets as they run on operating systems like Windows and Linux which are publically available and if not properly configured or updated then are vulnerable to cyber threats.
Researchers and airport authorities’ needs to work very cohesively and try to find out possible loopholes in airplanes and any system directly or indirectly connected to these airplanes. Even airport authorities should plan for international conference and invite researchers across the globe to understand and mitigate their findings.
printer & camera as bitcoin miner
We have already seen in 2015 that how hackers compromise user systems via pirated games, applications to perform Bitcoin mining. In 2015, hackers will be interested in making more and more money though any device connected to internet.
Now a days we have cloud printers, IP cameras and many other devices. We can control any of these devices from anywhere across the globe using internet. This enhancement in technology has made our life and business easy but have also enabled many threats. Using search engines likes Shodan HQ, hackers can search and find any online devices ranging from printer or IP cameras or anything.
In 2015, we predict that hackers will try to compromise these online devices for bitcoin mining. Obviously the mining speed will be very slow and it will be a very complex process to compromise these devices but once the exploit will be developed, thousands or millions of online devices will be at threat and will be used for Bitcoin mining. Even hackers can target the manufacturing plans of these appliances and embed the Bitcoin miner in the firmware itself by compromising the internal systems. If a hacker can generate 0.05 BTC from one device in one complete month and if he compromise 1,000 such devices then he can generate around 50 BTC and hence making an amount of Rs. 10,00,000 per month.
The Bitcoin mining is completely untraceable when it comes to mining from printers or IP cameras as there isn’t any task manager to monitor running processes or any antiviruses to safeguard these devices.
Manufactures needs to make their firmware more secure and stop distributing the firmware to anyone on the name of offline update. Manufacturers should not only focus on functionality and features of these devices but should must focus on security of these devices.
