Malware and attack techniques undergo evolutionary changes, some driven by technology-push, others by demand-pull. The Citadel Trojan has branched from its roots in bank fraud attacks into theft of master passwords protecting password managers. ROVNIX is now being distributed by macro downloader (as is DRIDEX).
Attackers are looking for privileged access to networks more than they're attempting to install traditional malware, and CyberArk sees privilege abuse as a cross-industry trend in cyber attacks. The bottom seems to be falling out of the black market for paycard data and account credentials — supply has quickly outstripped demand — and Trend Micro thinks criminals are beginning to shift their attention to other targets, many of them in the Internet-of-things.
The NotCompatible Android Trojan gets "stealthier and more resilient," strengthening a two-year-old botnet (and in botnet terms that's venerable) threatening corporate networks.
This week's emergency Windows patch closes vulnerabilities being actively exploited in the wild. Google upgrades Android Lollipop against ASLR bypass. Drupal patches a denial-of-service vulnerability.
Trend season is upon us. Among those discerned are hardy evergreens "people aren't learning from security fails" and "expect data breaches during the holidays." Congressional deferral of US surveillance reform and the introduction or repurposing of privacy tools stoke the "encrypt-everything" and "watch-your-privacy" trends. Security professionals are sanguine about 2015 — CISO leadership and bigger budgets make them snort — but the medical sector is warned it's in hackers' crosshairs.
NATO and banking cyber exercises are expected to improve defensive readiness. UK police predict a cyber jihad against Western banks.