IoT devices and non-desktop computing terminals will be under attack in 2017; predicts Trend Micro

Trend Micro Incorporated, a leading name in cyber security solutions, released its annual security predictions report, “The Next Tier – 8 Security Predictions for 2017.” The number of new ransomware families is predicted to plateau, only growing 25%, but will branch out into IoT devices and non-desktop computing terminals, like PoS systems or ATMs. Vendors will not secure IoT and IIoT devices in time to prevent denial of service and other attacks. The upcoming year will include an increased breadth and depth of attacks, with malicious threat actors differentiating their tactics to capitalize on the changing technology landscape.

“Next year will take the cyber security industry into new territory after 2016’s threat landscape opened doors for cyber criminals to explore a wider range of attacks and attack surfaces,” said Raimund Genes, Chief Technology Officer for Trend Micro. “We foresee the General Data Protection Regulation (GDPR) causing extensive data management changes for companies around the world, new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.”

In 2016, there was a large increase in Apple vulnerabilities, with 50 disclosed, along with 135 Adobe bugs and 76 affecting Microsoft. This apparent shift in exploits against vulnerable software will continue in 2017 as Microsoft’s mitigations continue to improve and Apple is seen as a more prominent operating system.

The Internet of Things (IoT) and Industrial Internet of Things (IIoT) will play a larger role in targeted attacks in 2017. These attacks will capitalize upon the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as we saw with Mirai. The increasing use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organizations.

Business Email Compromise (BEC) and Business Process Compromise (BPC) will continue to grow as a cost-effective and relatively simple form of corporate extortion. A BEC attack might yield $140,000 by luring an innocent employee to transfer money to a criminal’s account. Alternatively, hacking directly into a financial transaction system, while requiring more work, will result in far greater financial windfalls for criminals – as much as $81mn.

“We continue to see cyber criminals evolving to the changing technology landscape,” said Ed Cabrera, Chief Cyber Security Officer for Trend Micro. “While new ransomware saw an exponential increase in 2016, that growth is no longer sustainable, so attackers will find new ways to use existing malware families. Similarly, changes in IoT open new doors to go after additional attack surfaces, and software changes push criminals toward finding different types of flaws.”