Trend Micro CEO Eva Chen

IT security pros be warned – cybercriminals of every ilk are planning to exploit new technologies and previously unknown, ‘Heartbleed-like’ vulnerabilities to launch targeted attacks on business systems in the coming months.

At least that’s the dire forecast from security consultancy Trend Micro Inc., which has just published its latest annual report into such things, called Security Predictions for 2015 and Beyond: The Invisible Becomes Visible.

According to Trend Micro, the recent discoveries of vulnerabilities like Heartbleed and Shellshock (or Bash) illustrate the dangers of open-source software, and have motivated hackers to look for similar flaws.

“Vulnerabilities in open source protocols like Heartbleed and command processors like Shellshock that remained undetected for years were heavily exploited this year, leading to serious repercussions,” said Trend Micro. “Just hours after the initial discovery of Shellshock, we saw several malware payloads in the wild. Attackers will continue their search for seemingly dormant vulnerabilities like Heartbleed and Shellshock in the coming years.

Heartbleed was the critical flaw found in the OpenSSL security protocol used by around a third of all web servers in the world. Following its discovery last April, hundreds of technology providers from Apple Inc. to the Bitcoin Foundation were forced to issue patches to their software.

Later in the year, news of a second major flaw in Unix and Unix-like systems, called Shellshock, was discovered, causing a second wave of panic and patches to be rolled out.

Trend Micro says the worry is hackers are now looking for, and may even have already found, similar flaws in open-source software.

“They will keep tabs on oft-forgotten platforms, protocols and software and rely on irresponsible coding practices to get to their targets,” noted Trend Micro.

Besides bugs and flaws and vulnerabilities, Trend Micro says the Internet of Things is another major area of concern. Hackers are likely to begin targeting newly connected IoT devices, such as Smart Cars, within the next year. It warns criminals will use tricks like ransomware to ‘lock’ people’s cars and try to extort cash from them.

“They can, for instance, hold smart car drivers hostage until they pay up when the vehicles officially hit the road in 2015,” the report states.

The so-called ‘Dark Web’ is likely to become increasingly popular among cybercriminals, due in part to the takedown of large botnets like GameOver and Zeus, says the report. This is a problem because it will become much more costly to take down cybercriminals.

“As the bad guys move deeper into [the dark web], security firms and law enforcers need to extend their reach to cover the deep web and dark net services. This will require greater effort and investment,” read the report.

photo credit: Florian F. (Flowtography) via photopin cc