Symantecs Online Security

Predictions for 2015 and Beyond

Asia Pacific and Japan
 Security analysts called 2013 the year of the mega breach, and severe
vulnerabilities such as Heartbleed and Shellshock in 2014 showed that
the security community can never rest on its laurels

All indications are that 2015 will bring more of the same, with the struggle between those wishing to create new threats
and exploit vulnerabilities and those looking to protect against them likely to intensify. Advancements in the Internet of
Things also means consumers will have increased connectivity across their devices, gadgets and machines and with this
connectivity comes the potential for a whole new range of security risks.

Will the Internet of Things usher in a new wave of security attacks?

As countries move towards their smart nation master plans, what role will Big Data play?
Whats next in the mobile security space?

Symantecs APJ security predictions for 2015 takes a look at issues that will affect individual
consumers, businesses and governments in the region:

Attacks on the Internet of Things (IoT) will focus on smart home

automation: With smart home automation gaining popularity amongst
consumers across Asia Pacific and Japan, Symantec anticipates that
commoditized plug and play consumer devices such as CCTV cameras
and remote access controls for alarms, lighting andclimate control will
be exploited by cybercriminals.

While the embedded and small devices continue to become more prevalent, unfortunately not many of these devices are
deployed with internet security in mind. These devices tend to have limited memory and system resources and do not have
the computing power of a typical desktop.

Obviously there is a search engine that allows people to do an online search for Internet-enabled devices, ranging from
security cameras, to cars, home heating systems and more. Although the search engine does not reveal vulnerabilities,
it makes it easier for IoT devices to be found, which cybercriminals can then target and exploit. For instance, the recent
news about Insecam.com, a website believed to be from Russia, is broadcasting feeds from or IP cameras all over the world.

That said, we wont see any large-scale attacks leveraging IoT, but instead one-off attacks against connected devices such
as home routers, Smart TVs and connected car apps, for example, for sensitive and private information.

2 I Symantec Corporation Symantecs Online Security Predictions for 2015 and Beyond Asia Pacific and Japan
 2

Mobile devices will become even more attractive targets: Mobile devices
will continue to become a target for cyber attackers especially when mobile
devices store up a trove of personal and confidential information and are
left switched on all the time, making them the perfect targets for attackers.

Mobile devices will become even more valuable as mobile carriers and retail stores transition to mobile payments.
For example, Apple Pay certainly addresses some of the weaknesses that have facilitated recent attacks on Point-of-Sale
(PoS) systems. However, this should not be cause for complacency, since attackers will usually look for other weaknesses
once an avenue of attack has been closed off. Should Apple Pay take off as a payment method, attackers are likely to
rigorously test the security in place around near-field communication (NFC) payments.

Machine learning will be a game changer in the fight against

cybercrime: A new generation of business platforms is emerging
from the convergence of machine learning and big data and it will
be a game changer in cybersecurity.

Machine learning is a form of deep learning that may be considered as the first step in artificial intelligence. There is a
critical need to stay proactive against threats, instead of reacting to them and machine learning will help security
vendors stay one step ahead of cybercriminals. The ability for machine learning to predict cyberattacks will improve
detection rates and may just be the key that reverses the trend on cybercrime.

3 I Symantec Corporation Symantecs Online Security Predictions for 2015 and Beyond Asia Pacific and Japan
 4

Privacy will continue to be sacrificed for mobile apps:

We believe that some mobile users will continue to trade their
privacy in exchange for mobile apps.

While many Internet users are reluctant to share banking and personal identifiable information online, others are willing
to share information about their location, and mobile device battery life as well as allow access to photos, contact lists and
fitness information, all in exchange for mobile apps.

In addition, many consumers really dont know what they are agreeing to when downloading apps. For example, Norton
Research has shown that while Millennials may think they know what they are allowing access to, the reality is they have
very little idea of what they are agreeing to when it comes to trading information for apps.

Scammers will continue to run profitable ransomware scams:

According to Symantecs Internet Security Threat Report, ransomware
attacks grew by 500 percent and turned vicious in the latter part of 2013.

This growth was largely due to the success of Ransomcrypt, commonly known as Cryptolocker. This particularly aggressive
form of ransomware made up 55 percent of all ransomware in the month of October alone. This threat is designed to
encrypt a users files and request a ransom for the files to be unencrypted. Ransomware causes even more damage to
businesses where not only the victims files are encrypted but also files on shared or attached network drives. Holding
encrypted files for ransom is not entirely new, but getting the ransom paid has previously proven problematic for the
crooks. However recently ransomware makers have started leveraging online and electronic payment systems such as
Bitcoins, Webmoney, Ukash, greendot (MoneyPak) to get around this challenge. Crooks like the relative anonymity and
convenience of electronic payments and these are already readily available, putting businesses and consumers at greater
risk from losing data, files or memories.

4 I Symantec Corporation Symantecs Online Security Predictions for 2015 and Beyond Asia Pacific and Japan
 6

The prominent data leaks of 2014 will keep cybersecurity in the

spotlight in 2015: With the interconnected nature of a global internet
010101001 and cloud infrastructures, cross-border flow of data is unavoidable and
100101001
needs to be appropriately addressed.

2015 will see the evolution of the Personal Data Protection Act, especially in the Asia Pacific region as it makes a real
impact in peoples lives, towards ensuring that individuals and organisations have the right mindset with regards to
online security and cybercrime prevention.

Distributed denial-of-service (DDoS) will continue to rise as a threat:

Yet another trend seen in 2014 is the increase in Unix servers being
compromised and their high bandwidth being used in DDoS attacks.

The motivation of the attacker can vary widely, with hacktivism, profit, and disputes being the main reasons. Considering
the ease of conducting large DDoS attacks, Symantec expects that the DDoS growth trend will continue in the future. The
likelihood of being targeted by short but intensive DDoS attacks is rising.

User behaviour will take centre stage as security moves beyond

passwords: With the password system constantly under attack by
***- cybercriminals, security vendors and providers are facing increasing
challenges on ways to balance the need for convenience against complexity
while providing users with the seamless experience that they demand.

Adopting multi-factor authentication techniques such as one-time passwords or iris and fingerprint scanning may provide
alternate safeguard methods, but at times they may not be the safest options. The true solution to protecting valuable
information lies in users behaviour, which is ultimately how we can prevent our personal online assets and identities from
being compromised.

5 I Symantec Corporation Symantecs Online Security Predictions for 2015 and Beyond Asia Pacific and Japan
 9

The Cloud will take us to Infinity and Beyond: In 2015, we

expect to see more and more data hosted in the cloud but as this move
occurs, businesses will need to take a closer look at data governance
and ensuring their data is cleaned before it is hosted in the cloud.

Legacy data left unmanaged will continue to accumulate and present a persistent challenge for businesses. For consum-
ers, the cloud in 2015 represents an infinite amount of personal information being hosted remotely and debate around the
right to access, control, and protect private data in the cloud will continue to escalate.

10

The front lines of cybersecurity will be strengthened by closer industry

partnerships and collaborations: The fight against cybercrime cannot
be won alone and the security industry together with telecommunication
providers and governments from around the world are joining forces to
beat the war on cybercrime. The security industry is one of few in the
world that has a nemesis industry constantly working against it to
bring it down. Thats why beating the war on cybercrime requires a
different approach.

For example, while in 2015, attackers will continue to look for new vulnerabilities so that they can hack the planet, open
source platforms will continue to address these vulnerabilities through greater industry coordination, collaboration and
response. We see this as a positive sign and Symantec believes that open source platforms can only get better in the future.

6 I Symantec Corporation Symantecs Online Security Predictions for 2015 and Beyond Asia Pacific and Japan
 Symantecs Online Security
Predictions for 2015 and Beyond
Asia Pacific and Japan
For specific country offices and contact
numbers, please visit our website. For product
information in the AsiaPacific region, call:

Australia: +61 3 9674 5500

New Zealand: +64 9 9127 201
Singapore: +65 6622 1638
Hong Kong: +852 30 114 683
Taiwan: +886 2 2162 1992
Or email: ssl_sales_au@symantec.com
ssl_sales_asia@symantec.com

Symantec
Symantec Website Security Solutions Pty Ltd
3/437 St Kilda Road, Melbourne,
3004, ABN: 88 088 021 603
www.symantec.com/en/aa/ssl-certificates

No part of the contents of this white paper may be

reproduced or transmitted in any form or by any means
without the written permission of the publisher.

Copyright 2014 Symantec Corporation. All rights

reserved. Symantec, the Symantec Logo, the Checkmark
Circle Logo and the Norton Secured Logo are trademarks
or registered trademarks of Symantec Corporation or its
affiliates in the U.S. and other countries. Other names
may be trademarks of their respective owners.

The Threat Landscape in 2014 and Beyond