2016 saw a huge number and variety of cyberattacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials. We also saw a rising tide of data breaches, from organizations big and small, and significant losses of people’s personal information across the globe. As we have moved into 2017; SophosLabs pondered on how some of those threats might play out this year.
Commenting on security trends in 2017, Sunil Sharma, vice president of sales for Sophos India & SAARC said, “Security is now high on the radar for the security C-suites. Unfortunately, many organizations still don’t have their security basics right and remain vulnerable to cyberattacks. We can only truly become a digital India if we stay abreast of cyber threats and improve our defense mechanisms to successfully combat them.”
He also added, “Staying secure doesn’t have to be difficult. There are six key measures that organizations should put in place to help keep more complex threats at bay: a) move from layered to integrated security b) deploy next-generation endpoint protection c) prioritize risk-based security d) automate the basics e) build staff and process to deter and mitigate social attacks and f) improve defender coordination.
Sophos Labs analyses the recent attacks and their modus operandi. 12 such predictions are given below:
Destructive DDoS IOT attacks will rise– Cyber criminals will find it easy to extend their reach because there are so many IoT devices containing outdated code based on poorly-maintained operating systems and applications with well-known vulnerabilities. Expect IoT exploits, better password guessing and more compromised IoT devices being used for DDoS or perhaps to target other devices in the network.
Shift from exploitation to targeted social attacks– Cyber criminals are getting better at exploiting the ultimate vulnerability – humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves.
Financial infrastructure at greater risk of attack– The use of targeted phishing and “whaling” continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts. Experts expect attacks on critical financial infrastructure to continue in 2017.
Exploitation of the Internet’s inherently insecure infrastructure- All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky. Large-scale ISPs and enterprises can take some steps to respond, but these may well fail to prevent serious damage if individuals or states choose to exploit the Internet’s deepest security flaws.
Increased attack complexity- Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organization’s network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively. Closely managed by experts, these attacks are strategic, not tactical, and can cause far more damage.
More attacks using built-in admin languages and tools- There could be more attacks based on exploits using programming languages, penetration testing and other administrative tools that may already exist on the network, need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.
Ransomware evolves- As more users recognize the risks of ransomware attack via email, criminals are exploring other vectors. Some are experimenting with malware that reinfects later, long after a ransom is paid, and some are starting to use built-in tools and no executable malware at all to avoid detection by endpoint protection code that focuses on executable files. Ransomware authors are also starting to use techniques other than encryption. And finally, with “old” ransomware still floating around the web, users may fall victim to attacks that can’t be “cured” because payment locations no longer work.
Emergence of personal IoT attacks- Users of home IoT devices may not notice or even care if their devices are hijacked to attack someone else’s website. But once attackers “own” a device on a home network, they can compromise other devices, such as laptops containing important personal data. We expect to see more of this as well as more attacks that use cameras and microphones to spy on households. Cyber criminals always find a way to profit.
Growth of malvertising and corruption of online advertising ecosystems: Malvertising, which spreads malware through online ad networks and web pages, has been around for years. These attacks highlight larger problems throughout the advertising ecosystem, such as click fraud, which generates paying clicks that don’t correspond to real customer interest.
The downside of encryption: As encryption becomes ubiquitous, it has become much harder for security products to inspect traffic, making it easier for criminals to sneak through undetected. Unsurprisingly, cyber criminals are using encryption in creative new ways. Security products will need to tightly integrate network and client capabilities, to rapidly recognize security events after code is decrypted on the endpoint.
Rising focus on exploits against virtualized and cloud systems: Attacks against physical hardware raise the possibility of dangerous new exploits against virtualized cloud systems. Attackers might abuse the host or other guests running on a shared host, attack privilege models, and conceivably access others’ data.
Technical attacks against states and societies. Technology-based attacks have become increasingly political. Societies face growing risks from both disinformation and voting system compromise.