According to IBM research team, cyber attackers are using sophisticated approaches for online attacks including DDoS and the use of malware. They steal valuable and sensitive information and use it as identity theft to financial account details. Since 2013, there has been a rise of 25 percent in leaked records, reaching a lurch one billion. Most of these records were stolen from USA.
A number of high-profile attacks have been found to take place over the year. JPMorgan, Sony and several companies have been the victim of cyber attacks and consequently sensitive data of customer and employee records, email and communications was leaked.
The trend of digital attacks has increased over the past years and is improbably to setback.
The company mentioned in its quarterly report, published on Monday, that the use of “designer vulns” is also increasing. These designer vulnerabilities are taking tips from branded exploit kits including Sweet Orange and Blackhole, and are now being identified in memorable ways — such as Heartbleed, Shellshock and FREAK.
Three distinctive themes have been discovered by IBM research team which infuence on the security landscape over 2014. The distributing of private content, such as uploading personal or explicit photos on cloud services was not managed with care which resulted in data theft due to weak passwords and slack policies on brute-force authentication.
The critical vulnerabilities in the foundations of operating systems, open-source libraries and content management software have also been disclosed, which has resulted in the exploitation of websites. Lenovo’s Superfish debacle is the most recent case concerning this trend. The Chinese PC maker bundled Superfish uses advertisement support software on products shipped between September 2014 and February 2015 and the software was able to obstruct SSL and TLS website connections then use a third-party library to modify the Windows networking stack and install a new root Certificate Authority (CA), leaving the door open for exploit.
According to the security team, there is a lack of fundamental security knowledge and care which allows for violation of data privacy. End-user password use, failure to change default passwords and poor verification processes also contribute to weak security.