Skip to main content

HP’s Cyber Risk Report for 2015 is out, and here’s what you need to know

Whether it’s your credit card at Target, your laptop at the airport, or just the phone in your pocket, 2014 was a heck of a year for cybersecurity. HP has officially published its annual Cyber Risk Report, and the findings echo the concerns computer security researchers and analysts of raised all year.

In this summary of the company’s 74-page analysis covering nearly every aspect of the security landscape as it stands today, we’ll give you a detailed breakdown of what HP believes were the biggest infections of the past year, the problems you should watch out for today, and which direction threats might come from in 2015.

Strap in, people. 2015 is going to be a bumpy ride.

POS Malware

The last few years have been filled with stories of hackers swiping credit card information off individual computers using tools like key-loggers, screen-shotters and good old fashioned trojans. In 2014, though, the hacking underground figured out to tap into a much larger cache of data; retail stores. These companies may be a bit harder to attack than a home PC, but they provide a “target-rich” environment once compromised.

Target, Home Depot, and Lowe’s are just a few of the major retailers that lost millions of credit cards due to what’s been dubbed POS (point-of-sale) malware. The fresh technique exploits vulnerabilities that exist on cashier systems running software based on operating systems like Windows XP and Linux, scraping the RAM modules of the machines in order to skim the details of every card that’s swiped through the system.

target-exterior
Target

Related: 56 million credit cards lost in Home Depot hack

HP’s report drives home the severity of the situation, saying “in the Target breach, the details of over 40 million credit and debit cards and the information of 70 million customers were stolen. In the case of Home Depot, 56 million credit and debit card account details were taken. And these are only the biggest incidents.”

Many of the most successful campaigns ran for months at a time before a company’s internal IT team noticed the anomaly, and as such, the previously secure systems we trusted our financial data to have become a breeding ground for some of the most inventive malware permutations to date.

In the case of Home Depot, 56 million credit and debit card account details were taken.

The Cyber Risk Report also pointed the problem of news cycle fatigue. HP noted that the attack on Target, which came first, grabbed the lion share’s of attention, while later hacks received much less press. This could add to the risk, as customers may never know about an attack if it’s not covered in the news.

As data about these breaches become public, HP believes that retailers will begin devoting more resources to combating the problem as a whole. Whether or not this strategy will be successful over time remains to be seen. 

Mobile Threats

While mobile malware continues to be one of the most rapidly growing sections of the criminal underground’s toolbelt, the software required to fight, mitigate, and detect these infections has thankfully kept pace with their continued rise in popularity.

HP found that Android, as usual, led the pack of infected handsets by several cell phone lengths, with Apple and Windows following behind in a distant second and third place. HP surmises this drastic difference in numbers between the two top competitors breaks down to simple statistics. Android makes up about 70 percent of the total mobile marketplace while Apple, though popular, only fills around 28 percent, with Windows rounding out the last two.

The malware problem is complicated by Apple’s and Google’s disinterest in allowing programmers to gain special permissions to the root structures of the code. This means that although third-party apps are capable of detecting a malware on a phone, actually doing something about it is impossible unless the device is rooted or jailbroken.

4d0JKww
Image Credit: HP
Image Credit: HP

That said, according to HP the high detection rates could be enough to give customers the upper hand in this continuously evolving fight. The report states that “current anti-malware products for Android, although being rather rudimentary in terms of available technology and detection techniques compared to their Windows counterparts, are quite effective against known Android malware, with detection rates over 99 percent achievable by the majority of reputable vendors.”

While it’s unfortunate that making the problem known to the user is as far as these programs can go for now, HP thinks that an informed user is better than nothing.

Ransomware

Much like POS malware, “ransomware” is a term that wasn’t well known before 2014. This growing threat works by infecting a user’s computer or mobile device, and encrypting the files contained within.

Recommended Videos

After that they wake up to find their photos, documents, and data have been “locked up” behind a set of instructions stating that if they don’t pay a pre-determined fee to the hackers responsible in anywhere from 24 hours to a week, everything they hold near and dear will be deleted, never to be seen again.

Ransomware has yielded its makers a considerable amount of cash.

You may have already heard of some of the most prevalent cases including CryptoLocker, CryptoWall, and Reveton, all of which yielded their makers considerable amounts of cash from desperate people who hadn’t backed up their most important files prior to being attacked. HP says that due to their consistent profitability “ransomware threats are here to stay, and organizations must have a sound backup and restore policy in place for all business data in order to mitigate the potentially destructive effects of a successful attack.”

While the concept seems preposterous on the surface, the numbers don’t lie. HP says the conductors of these schemes have profited millions of dollars over the past year alone, and with so much money being pulled out of people’s pockets with this malicious tactic, it’s unlikely we’ll see the rate of these assaults slow down anytime soon.

Internet of Things

If there’s one area of security that HP couldn’t find a way to put a positive spin on, the Internet of Things would be it. As one of the fastest growing sectors of consumer technology over the past several years, IoT presents a whole new host of problems that current anti-virus suites aren’t prepared to deal with. 

The report from HP corroborates a story we ran just last week, which declared that while the traditional anti-virus has served a vital purpose over the past two decades, its days are numbered. As we enter 2015 and beyond, new solutions will be needed as Internet connected devices like thermostats, TVs, and fridges continue to surge in popularity.

Internet of Things
Image used with permission by copyright holder

Related: Could this box replace your anti-virus, forever? 

HP company lays out the problem in no unsure terms, saying “the endpoint wireless infrastructure [for IoT] is still in its infancy, and unfortunately a lack of collaboration in the industry during its development failed to create an open ecosystem that would accommodate heterogeneous devices and communication protocols.”

Only time will tell what this lack of coordination and system integration between the hundreds of different developers, programmers, and manufacturers might mean for the emergence of malware, though the outcome doesn’t look too promising. The last time so many different companies tried to jump into the same space without cooperating with each other on standards for security, we ended up with a million mobile phones being infected at a rate of thousands per day.

Conclusion

While much of what we gleaned from HP’s report was filled with the gloom and doom you’d expect, the company is optimistic about the chances to fight back, saying that “with increased cooperation and a thorough understanding of the imminent threats, we can continue to increase both physical and intellectual costs an attacker must spend to successfully exploit a system.”

Now more than ever before there is a range of privacy and encryption options available to the average consumer that they can use to protect themselves from the threats mentioned above. The trick is to start using that capability proactively, and learn from the mistakes of the past to create a better future for the Internet users of tomorrow.

We live in an era filled with possibilities, and if we play our cards right, maybe the the outlook for the Cyber Risk Report for 2016 will be just a little bit brighter than the year before.

Chris Stobing
Former Digital Trends Contributor
Self-proclaimed geek and nerd extraordinaire, Chris Stobing is a writer and blogger from the heart of Silicon Valley. Raised…
Looking for an OLED laptop? Get the Samsung Galaxy Book4 Ultra at $400 off
The screen of the Galaxy Book4 Ultra.

While Samsung Galaxy deals are often linked to smartphones and tablets, you can also score huge discounts on other types of devices. For example, you can currently buy the Samsung Galaxy Book4 Ultra at $400 off from Samsung itself, which brings its price down from $2,400 to $2,000. This premium laptop isn't going to stay on sale for long though, so if you're interested in this bargain, you need to push forward with your purchase as soon as you can to make sure you pocket the savings.

Why you should buy the Samsung Galaxy Book4 Ultra laptop

Read more
This iBuyPower gaming PC with 16GB of RAM is on sale for $830
The iBuyPower Element SE gaming PC on a white background.

For gaming PC deals that will give you excellent value, you should check out iBuyPower offers. Here's one from Best Buy: the iBuyPower Element SE gaming desktop at $100 off, which pulls its price down from $930 to $830. Gamers who are looking for a gaming PC for less than $1,000 won't want to miss this bargain, but you're going to have to hurry if you're interested because there's no assurance that the discount will still be online by tomorrow.

Why you should buy the iBuyPower Element SE gaming PC

Read more
The Dell XPS 13 and XPS 14 are both on sale at $300 off — hurry!
Angled front view of the Dell XPS 13 with Snapdragon X Elite processor inside.

Are you in the market for a new laptop? You simply can't go wrong with any of the Dell XPS deals that are available, and we've identified two of the best ones you can shop right now. The Dell XPS 13 9350, originally sold for $1,400, is down to $1,100 for savings of $300, while the Dell XPS 14 9440, which has a sticker price of $1,560, is on sale for $1,260, also following a $300 discount.

Following the Dell XPS reset early last year, the Dell XPS 13 and the Dell XPS 14 have further blossomed in popularity. That means you'll have to act fast if you're interested in either of these laptop deals though, as the stocks up for sale may run out at any moment.

Read more