In 2015, more cyber criminals will turn to darknets and exclusive-access forums to share and sell crime ware; increased cyber activity will translate to better, bigger and more successful hacking tools and attempts; and exploit kits will target Android as mobile vulnerabilities play a bigger role in device infection. This is all according to Trend Micro, a global developer of cyber security solutions.

Trend Micro’s predictions about Internet security are all part of our second annual Technology Predictions series in which industry experts share their predictions with us about the hot tech trends that they think will take center stage in 2015. We’ll be sharing all of their predictions with you over the next several days. Read on for more predictions from Trend Micro (which were originally posted on Trend Micro’s blog here). Edited and reprinted below with permission.

.

.

2014 brought with it many significant additions to the technology landscape. These put new capabilities into the hands of users and companies that allowed them to do things that they would not have thought possible before.

However, these same changes also aid threat actors: threats can now come from unexpected vectors and augment the existing capabilities that attackers already possess. What are the key developments that will shape the threat landscape of tomorrow and how do we foresee its evolution? These are the eight trends that Trend Micro thinks will shape 2015:

Prediction No. 1: More cyber criminals will turn to darknets and exclusive-access forums to share and sell crime ware

We’ve seen cyber criminals leveraging Deep Web and other darknet services as well as untraceable peer-to-peer networks [e.g., Tor, Invisible Internet Project (I2P) and Freenet] for selling and exchanging tools and services. Takedowns and collaborative efforts between researchers and law enforcement agencies have disrupted cyber crime gangs, giving them more reasons to go further underground. Security firms, together with law enforcement agencies, need to extend their reach by providing threat intelligence and having one definition of cyber crime to help law enforcement (regardless of jurisdictions) to catch cyber criminals and attackers.

.

Prediction No. 2: Increased cyber activity will translate to better, bigger and more successful hacking tools and attempts

Cyber criminals will go after bigger targets rather than home users as this can generate more profits for them. We will see more data breach incidents with banks, financial institutions and customer data holders as they remain attractive targets. As such, organizations and individuals need to assume compromises will happen. Enterprises need to constantly monitor their network for any threats while individual users must always change their passwords to prevent data theft.

.

Prediction No. 3: Exploit kits will target Android, as mobile vulnerabilities play a bigger role in device infection

Aside from the growth of Android threats, we will see more vulnerabilities found in mobile devices, apps and platforms in the coming year. Cyber criminals will target data stored in these mobile devices. In addition, attackers may employ tools similar to Blackhole Exploit Kit (BHEK), leveraging Android OS fragmentation. Traditional threats such as ransomware will plague the mobile landscape as well.

.

Prediction No. 4: Targeted attacks will become as prevalent as cybercrime

The success of high-profile targeted attack campaigns has highlighted the fact that cyber attacks are a useful means of gathering intelligence. With this, we will see targeted attacks from other countries—and not just countries that are commonly said to be the source of these attacks. We will observe more diversity in terms of targets and attack origins as more threat actors with differing agendas are seen. Although the motivations of threat actors may vary, they will continue to steal information such as top-secret government data, financial information, intellectual property, industry blueprints, among others. Social media will become a new entry point for targeted attacks.

.

Prediction No. 5: New mobile payment methods will introduce new threats

The introduction of Apple Pay with the iPhone 6 and 6 Plus may kick start the adoption of mobile payment systems by many consumers. Apple Pay is not alone in the market–other payment systems have or will be introduced by other companies and trade associations. Not all of these payment systems have been thoroughly tested to withstand real-world threats. Because of this, we may see attacks targeting mobile commerce in 2015.

.

Prediction No. 6: We will see more attempts to exploit vulnerabilities in open-source apps

In 2014, we saw several vulnerabilities in open-source projects such as Shellshock and Heartbleed. These vulnerabilities were undetected for years and were only brought to light recently. Due to the massive impact of these vulnerabilities, cyber criminals and attackers may decide to investigate the existing code to see if other dormant vulnerabilities are present. They will also set their eyes on other, lesser known platforms, protocols and software. Furthermore, they will look for vulnerabilities found in open-source platforms and apps (for example, in Open SSL v3) as well as OS kernels.

.

Prediction No. 7: Technological diversity will save IoE/IoT devices from mass attacks but the same won’t be true for the data they process

A wide variety of devices will make up the Internet of Everything (IoE)/Internet of Things (IoT). From fitness devices to smart home appliances, the “smartification” of everything will continue apace. This variety will also provide this field some measure of safety as no single attack will cover all of these devices. However, the data gathered by these devices may well be at risk if companies providing various IoE services are breached.

.

Prediction No. 8: More severe online banking and other financially motivated threats will surface

Weak security practices such as not using two-factor authentication and chip-and-pin technology continue to persist in the banking sector. These practices will cause financially motivated threats to grow in scale throughout the coming year.

Apart from credentials, cyber criminals will steal user identities. Mobile device users will also be affected by these threats as cyber criminals will launch mobile phishing attacks and will use fake apps and domain name system (DNS) changers. We will see stealthier mobile threats that use packers similar to computer software.

.

2015 Technology Predictions graphic courtesy of SiliconANGLE