Skip to main content
  1. Home
  2. Computing
  3. Features

HP’s Cyber Risk Report for 2015 is out, and here’s what you need to know

By
Image used with permission by copyright holder

Whether it’s your credit card at Target, your laptop at the airport, or just the phone in your pocket, 2014 was a heck of a year for cybersecurity. HP has officially published its annual Cyber Risk Report, and the findings echo the concerns computer security researchers and analysts of raised all year.

In this summary of the company’s 74-page analysis covering nearly every aspect of the security landscape as it stands today, we’ll give you a detailed breakdown of what HP believes were the biggest infections of the past year, the problems you should watch out for today, and which direction threats might come from in 2015.

Strap in, people. 2015 is going to be a bumpy ride.

POS Malware

The last few years have been filled with stories of hackers swiping credit card information off individual computers using tools like key-loggers, screen-shotters and good old fashioned trojans. In 2014, though, the hacking underground figured out to tap into a much larger cache of data; retail stores. These companies may be a bit harder to attack than a home PC, but they provide a “target-rich” environment once compromised.

Target, Home Depot, and Lowe’s are just a few of the major retailers that lost millions of credit cards due to what’s been dubbed POS (point-of-sale) malware. The fresh technique exploits vulnerabilities that exist on cashier systems running software based on operating systems like Windows XP and Linux, scraping the RAM modules of the machines in order to skim the details of every card that’s swiped through the system.

target-exterior
Target

Related: 56 million credit cards lost in Home Depot hack

HP’s report drives home the severity of the situation, saying “in the Target breach, the details of over 40 million credit and debit cards and the information of 70 million customers were stolen. In the case of Home Depot, 56 million credit and debit card account details were taken. And these are only the biggest incidents.”

Many of the most successful campaigns ran for months at a time before a company’s internal IT team noticed the anomaly, and as such, the previously secure systems we trusted our financial data to have become a breeding ground for some of the most inventive malware permutations to date.

In the case of Home Depot, 56 million credit and debit card account details were taken.

The Cyber Risk Report also pointed the problem of news cycle fatigue. HP noted that the attack on Target, which came first, grabbed the lion share’s of attention, while later hacks received much less press. This could add to the risk, as customers may never know about an attack if it’s not covered in the news.

As data about these breaches become public, HP believes that retailers will begin devoting more resources to combating the problem as a whole. Whether or not this strategy will be successful over time remains to be seen. 

Mobile Threats

While mobile malware continues to be one of the most rapidly growing sections of the criminal underground’s toolbelt, the software required to fight, mitigate, and detect these infections has thankfully kept pace with their continued rise in popularity.

HP found that Android, as usual, led the pack of infected handsets by several cell phone lengths, with Apple and Windows following behind in a distant second and third place. HP surmises this drastic difference in numbers between the two top competitors breaks down to simple statistics. Android makes up about 70 percent of the total mobile marketplace while Apple, though popular, only fills around 28 percent, with Windows rounding out the last two.

The malware problem is complicated by Apple’s and Google’s disinterest in allowing programmers to gain special permissions to the root structures of the code. This means that although third-party apps are capable of detecting a malware on a phone, actually doing something about it is impossible unless the device is rooted or jailbroken.

4d0JKww
Image Credit: HP
Image Credit: HP

That said, according to HP the high detection rates could be enough to give customers the upper hand in this continuously evolving fight. The report states that “current anti-malware products for Android, although being rather rudimentary in terms of available technology and detection techniques compared to their Windows counterparts, are quite effective against known Android malware, with detection rates over 99 percent achievable by the majority of reputable vendors.”

While it’s unfortunate that making the problem known to the user is as far as these programs can go for now, HP thinks that an informed user is better than nothing.

Ransomware

Much like POS malware, “ransomware” is a term that wasn’t well known before 2014. This growing threat works by infecting a user’s computer or mobile device, and encrypting the files contained within.

Recommended Videos

After that they wake up to find their photos, documents, and data have been “locked up” behind a set of instructions stating that if they don’t pay a pre-determined fee to the hackers responsible in anywhere from 24 hours to a week, everything they hold near and dear will be deleted, never to be seen again.

Ransomware has yielded its makers a considerable amount of cash.

You may have already heard of some of the most prevalent cases including CryptoLocker, CryptoWall, and Reveton, all of which yielded their makers considerable amounts of cash from desperate people who hadn’t backed up their most important files prior to being attacked. HP says that due to their consistent profitability “ransomware threats are here to stay, and organizations must have a sound backup and restore policy in place for all business data in order to mitigate the potentially destructive effects of a successful attack.”

While the concept seems preposterous on the surface, the numbers don’t lie. HP says the conductors of these schemes have profited millions of dollars over the past year alone, and with so much money being pulled out of people’s pockets with this malicious tactic, it’s unlikely we’ll see the rate of these assaults slow down anytime soon.

Internet of Things

If there’s one area of security that HP couldn’t find a way to put a positive spin on, the Internet of Things would be it. As one of the fastest growing sectors of consumer technology over the past several years, IoT presents a whole new host of problems that current anti-virus suites aren’t prepared to deal with. 

The report from HP corroborates a story we ran just last week, which declared that while the traditional anti-virus has served a vital purpose over the past two decades, its days are numbered. As we enter 2015 and beyond, new solutions will be needed as Internet connected devices like thermostats, TVs, and fridges continue to surge in popularity.

Internet of Things
Image used with permission by copyright holder

Related: Could this box replace your anti-virus, forever? 

HP company lays out the problem in no unsure terms, saying “the endpoint wireless infrastructure [for IoT] is still in its infancy, and unfortunately a lack of collaboration in the industry during its development failed to create an open ecosystem that would accommodate heterogeneous devices and communication protocols.”

Only time will tell what this lack of coordination and system integration between the hundreds of different developers, programmers, and manufacturers might mean for the emergence of malware, though the outcome doesn’t look too promising. The last time so many different companies tried to jump into the same space without cooperating with each other on standards for security, we ended up with a million mobile phones being infected at a rate of thousands per day.

Conclusion

While much of what we gleaned from HP’s report was filled with the gloom and doom you’d expect, the company is optimistic about the chances to fight back, saying that “with increased cooperation and a thorough understanding of the imminent threats, we can continue to increase both physical and intellectual costs an attacker must spend to successfully exploit a system.”

Now more than ever before there is a range of privacy and encryption options available to the average consumer that they can use to protect themselves from the threats mentioned above. The trick is to start using that capability proactively, and learn from the mistakes of the past to create a better future for the Internet users of tomorrow.

Related

We live in an era filled with possibilities, and if we play our cards right, maybe the the outlook for the Cyber Risk Report for 2016 will be just a little bit brighter than the year before.

Editors' Recommendations

Topics
Chris Stobing
Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
These are the 10 best gaming monitors of 2024
The back of the Alienware 32 QD-OLED.

There are a ton of options if you are on the hunt for one of the best gaming monitors, but for us, Alienware's 34 QD-OLED still takes the cake in 2024. It's not the display for everyone, though, and after reviewing dozens of the top gaming monitors, we've settled on a list of displays that offer great gaming performance for any budget or purpose.

We're focused specifically on gaming monitors here, which come with higher refresh rates and adaptive sync features like G-Sync and FreeSync. If you're looking for an all-around display, make sure to browse our list of the best monitors.

Read more
If you use a VPN, don’t skip this important Windows 11 update
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

It's not you; Windows is causing the issues this time. If the VPN on your Windows 11 or Windows 10 computer is having a hard time connecting, it is likely because of Microsoft's April security updates for Windows 11 (KB5036893 for) and Windows 10 (KB5036892), which have been reported to be the cause of the problems.

But there's good news. According to Microsoft, a patch is now available to fix the VPN problems users are experiencing.

Read more
This Lenovo 2-in-1 laptop is discounted from $970 to $640
The Lenovo IdeaPad Flex 5 against a white backdrop.

If you can’t decide between a laptop or a tablet, Lenovo has the laptop deals for you, with a huge discount on the Lenovo IdeaPad Flex 5 2-in-1 laptop. Ordinarily priced at $970, it’s down to $640 at Lenovo, so you’re saving $330. Lenovo's estimated value prices can be a little optimistic, but this is a good value regardless. Whatever the discount, we do know that $640 for this laptop is pretty sweet. Here’s what you need to know about it before you buy.

Why you should buy the Lenovo IdeaPad Flex 5
Lenovo makes some of the best 2-in-1 laptops knowing how to get the most from the concept. This particular model has an AMD Ryzen 7 7730U processor paired up with 16GB of memory and 1TB of SSD storage so it’s pretty capable of handling a lot of your working needs.

Read more