HP’s Cyber Risk Report for 2015 is out, and here’s what you need to know

best websites for finding out if youve been hacked online data security

Whether it’s your credit card at Target, your laptop at the airport, or just the phone in your pocket, 2014 was a heck of a year for cybersecurity. HP has officially published its annual Cyber Risk Report, and the findings echo the concerns computer security researchers and analysts of raised all year.

In this summary of the company’s 74-page analysis covering nearly every aspect of the security landscape as it stands today, we’ll give you a detailed breakdown of what HP believes were the biggest infections of the past year, the problems you should watch out for today, and which direction threats might come from in 2015.

Strap in, people. 2015 is going to be a bumpy ride.

POS Malware

The last few years have been filled with stories of hackers swiping credit card information off individual computers using tools like key-loggers, screen-shotters and good old fashioned trojans. In 2014, though, the hacking underground figured out to tap into a much larger cache of data; retail stores. These companies may be a bit harder to attack than a home PC, but they provide a “target-rich” environment once compromised.

Target, Home Depot, and Lowe’s are just a few of the major retailers that lost millions of credit cards due to what’s been dubbed POS (point-of-sale) malware. The fresh technique exploits vulnerabilities that exist on cashier systems running software based on operating systems like Windows XP and Linux, scraping the RAM modules of the machines in order to skim the details of every card that’s swiped through the system.

target-exterior

Target

Related: 56 million credit cards lost in Home Depot hack

HP’s report drives home the severity of the situation, saying “in the Target breach, the details of over 40 million credit and debit cards and the information of 70 million customers were stolen. In the case of Home Depot, 56 million credit and debit card account details were taken. And these are only the biggest incidents.”

Many of the most successful campaigns ran for months at a time before a company’s internal IT team noticed the anomaly, and as such, the previously secure systems we trusted our financial data to have become a breeding ground for some of the most inventive malware permutations to date.

In the case of Home Depot, 56 million credit and debit card account details were taken.

The Cyber Risk Report also pointed the problem of news cycle fatigue. HP noted that the attack on Target, which came first, grabbed the lion share’s of attention, while later hacks received much less press. This could add to the risk, as customers may never know about an attack if it’s not covered in the news.

As data about these breaches become public, HP believes that retailers will begin devoting more resources to combating the problem as a whole. Whether or not this strategy will be successful over time remains to be seen. 

Mobile Threats

While mobile malware continues to be one of the most rapidly growing sections of the criminal underground’s toolbelt, the software required to fight, mitigate, and detect these infections has thankfully kept pace with their continued rise in popularity.

HP found that Android, as usual, led the pack of infected handsets by several cell phone lengths, with Apple and Windows following behind in a distant second and third place. HP surmises this drastic difference in numbers between the two top competitors breaks down to simple statistics. Android makes up about 70 percent of the total mobile marketplace while Apple, though popular, only fills around 28 percent, with Windows rounding out the last two.

The malware problem is complicated by Apple’s and Google’s disinterest in allowing programmers to gain special permissions to the root structures of the code. This means that although third-party apps are capable of detecting a malware on a phone, actually doing something about it is impossible unless the device is rooted or jailbroken.

4d0JKww
Image Credit: HP
Image Credit: HP

That said, according to HP the high detection rates could be enough to give customers the upper hand in this continuously evolving fight. The report states that “current anti-malware products for Android, although being rather rudimentary in terms of available technology and detection techniques compared to their Windows counterparts, are quite effective against known Android malware, with detection rates over 99 percent achievable by the majority of reputable vendors.”

While it’s unfortunate that making the problem known to the user is as far as these programs can go for now, HP thinks that an informed user is better than nothing.

Ransomware

Much like POS malware, “ransomware” is a term that wasn’t well known before 2014. This growing threat works by infecting a user’s computer or mobile device, and encrypting the files contained within.

After that they wake up to find their photos, documents, and data have been “locked up” behind a set of instructions stating that if they don’t pay a pre-determined fee to the hackers responsible in anywhere from 24 hours to a week, everything they hold near and dear will be deleted, never to be seen again.

Ransomware has yielded its makers a considerable amount of cash.

You may have already heard of some of the most prevalent cases including CryptoLocker, CryptoWall, and Reveton, all of which yielded their makers considerable amounts of cash from desperate people who hadn’t backed up their most important files prior to being attacked. HP says that due to their consistent profitability “ransomware threats are here to stay, and organizations must have a sound backup and restore policy in place for all business data in order to mitigate the potentially destructive effects of a successful attack.”

While the concept seems preposterous on the surface, the numbers don’t lie. HP says the conductors of these schemes have profited millions of dollars over the past year alone, and with so much money being pulled out of people’s pockets with this malicious tactic, it’s unlikely we’ll see the rate of these assaults slow down anytime soon.

Internet of Things

If there’s one area of security that HP couldn’t find a way to put a positive spin on, the Internet of Things would be it. As one of the fastest growing sectors of consumer technology over the past several years, IoT presents a whole new host of problems that current anti-virus suites aren’t prepared to deal with. 

The report from HP corroborates a story we ran just last week, which declared that while the traditional anti-virus has served a vital purpose over the past two decades, its days are numbered. As we enter 2015 and beyond, new solutions will be needed as Internet connected devices like thermostats, TVs, and fridges continue to surge in popularity.

Internet of Things

Related: Could this box replace your anti-virus, forever? 

HP company lays out the problem in no unsure terms, saying “the endpoint wireless infrastructure [for IoT] is still in its infancy, and unfortunately a lack of collaboration in the industry during its development failed to create an open ecosystem that would accommodate heterogeneous devices and communication protocols.”

Only time will tell what this lack of coordination and system integration between the hundreds of different developers, programmers, and manufacturers might mean for the emergence of malware, though the outcome doesn’t look too promising. The last time so many different companies tried to jump into the same space without cooperating with each other on standards for security, we ended up with a million mobile phones being infected at a rate of thousands per day.

Conclusion

While much of what we gleaned from HP’s report was filled with the gloom and doom you’d expect, the company is optimistic about the chances to fight back, saying that “with increased cooperation and a thorough understanding of the imminent threats, we can continue to increase both physical and intellectual costs an attacker must spend to successfully exploit a system.”

Now more than ever before there is a range of privacy and encryption options available to the average consumer that they can use to protect themselves from the threats mentioned above. The trick is to start using that capability proactively, and learn from the mistakes of the past to create a better future for the Internet users of tomorrow.

We live in an era filled with possibilities, and if we play our cards right, maybe the the outlook for the Cyber Risk Report for 2016 will be just a little bit brighter than the year before.

Emerging Tech

Google’s radar-sensing tech could make any object smart

Computer scientists have shown how Google’s Soli sensor can be used to make dumb objects smart. Here's why radar-powered computing could finally make the dream of smart homes a reality.
Movies & TV

From premiere date to footage: Here's all we have on 'Game of Thrones' season 8

With the eighth and final season looming, Game of Thrones fever has officially become a pandemic. Our list of all the relevant news and rumors will help make the wait more bearable, if you don't mind spoilers.
Computing

Hackers are scoring with ransomware that attacks its previous victims

Computer viruses are always evolving. In a new one, dubbed "Ryuk," hackers are targeting PCs with ransomware that scours an infected network in order to pinpoint and attack and enterprises with big money.
Mobile

Rekindled yet again, Nokia’s next-gen phones offer more than just nostalgia

HMD Global, a startup that designs and builds Nokia Android smartphones, wants to put the Nokia brand name back “where it belongs.” It helps that it’s made up of ex-Nokia employees. We go behind the scenes to see how HMD formed.
Computing

Want a Dell laptop with an RTX 2060? Cross the new XPS 15 off your list

The next iteration of Dell's XPS 15 laptop won't come with an option for an RTX 2060, according to Alienware's Frank Azor. You could always opt for a new Alienware m15 or m17 instead.
Computing

Always have way too many tabs open? Google Chrome might finally help

Google is one step closer to bringing tab groups to its Chrome browser. The feature is now available in Google's Chrome Canady build with an early implementation that can be enabled through its flag system.
Product Review

Controversy has dogged the MacBook Pro lately. Is it still a good purchase?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?
Mobile

Here's how to convert a Kindle book to PDF using your desktop or the web

Amazon's Kindle is one of the best ebook readers on the market, but it doesn't make viewing proprietary files on other platforms any easier. Here's how to convert a Kindle book to PDF using either desktop or web-based applications.
Computing

Worried about your online privacy? We tested the best VPN services

Browsing the web can be less secure than most users would hope. If that concerns you, a virtual private network — aka a VPN — is a decent solution. Check out a few of the best VPN services on the market.
Product Review

Origin's Chronos PC is no looker, but it plays games with eye-popping detail

The Chronos is Origin’s smallest PC, but while it occupies less space than most A/V receivers, it delivers the power of a much larger desktop. Its dull exterior design does the system a disservice. Once you turn it on, you won’t be…
Gaming

Can't stand keyboard gaming on PC? Here's how to use a PS3 controller instead

Properly connecting a PlayStation 3 Controller to a PC is no easy task, especially when you opt for third-party peripherals. Thankfully, our guide will help you through the process.
Computing

Zipping files on a Chromebook? Follow these four easy steps

Chromebooks support file compression, though they work a little differently than on Windows or Mac. Here's the step-by-step process to zipping files on a Chromebook, and then unzipping them again for extraction.
Computing

How good are you at spotting phishing scams? Take this quiz to find out

Are you able to discern between a legitimate email and one that's a scam designed to phish for your personal information? Google created an online quiz with tips to help you better understand phishing so you don't become a victim.
Computing

Yes, you can use Android apps on your Chromebook. Here's how

You can now get Android apps on your Chromebook! Google has enabled the Google Play Store app support on its Chrome OS and Chromebook hardware, so to get you started, here's our guide on how to get Android apps on a Chromebook.