Cybersecurity predictions for 2017
Stolen documents were used in an attempt to influence the US presidential election, writes Derek Manky, Global Security Strategist at Fortinet.
Ransomware began to reach epidemic proportions, including high value targeted ransom cases. These and similar attacks have had sweeping impacts beyond their victims, Manky said.
Watching cyber threats evolve over the past year, a few trends have become apparent. Using these trends as a guideline, here are Manky's six predictions about the evolution of the cyberthreat landscape for 2017 and their possible impact on the digital economy.
1. From smart to smarter: automated and human-like attacks will demand more intelligence defense
Most malware is programmed with a specific objective or set of objectives. This is about to change.Threats are getting smarter and are increasingly able to operate autonomously. This new generation of malware will be situation-aware, understanding the environment it is in to make calculated decisions about what to do next. In many ways, it will begin to behave like a human attacker. The longer a threat can persist inside a host, the better it will be able to blend into its environment, select tools based on the platform it is targeting, and take countermeasures based on security tools in place.
We will also see the growth of cross-platform autonomous malware designed to operate on and between a variety of mobile devices. These “transformers” are being used to target cross-platform applications with the goal of infecting and spreading across multiple platforms, thereby making detection and resolution more difficult.
2. IoT manufacturers will be held accountable for security breaches
Most IoT devices are designed to provide customized experiences for their owners and collect marketing information for their manufacturers. Macroeconomics dictates that multiple vendors will buy IoT components from a single OEM vendor and simply plug them into whatever device they are selling. This means that a single compromise can be multiplied across dozens or even hundreds of different devices distributed by different manufacturers under multiple brand names and labels.
If IoT manufacturers fail to better secure their devices, the impact on the digital economy could be devastating should consumers begin to hesitate to buy them out of cybersecurity fears. We will see an increase in the call to action from consumers, vendors and other interest groups for the creation and enforcement of security standards so that device manufacturers are held accountable for their device’s behaviors out in the wild.
We predict the growth of massive Shadownets, a term we use to describe IoT botnets that can’t be seen or measured using conventional tools. Concurrent with the growth of Shadownets will be the development of an IoTDeepwebto surreptitiously store, manage, and access data across millions of devices. The Deepweb is traditionally that part of the Internet that is not indexed by search engines.
3. 20 billion IoT and endpoint devices are the weakest link for attacking the cloud
The move to cloud-based computing, storage, processing, and even infrastructure is accelerating. Naturally, this expands the potential attack surface. Most cloud providers have responded by designing their networks with Layer 2 and 3 security technologies to segment the cloud between tenants, control access, and protect the cloud providers’ internal network from their public offering.
The weakest link in cloud security lies in the millions of remote devices accessing cloud resources. Cloud security depends on controlling who is let into the network and how much they are trusted. In this next year, we expect to see attacks designed to compromise this trust model by exploiting endpoint devices, resulting in client side attacks that can effectively targetand breach cloud providers. We also expect to see the injection of malware into cloud-based offerings by compromised endpoint clients, a process known as cloud poisoning.
4. Attackers will begin to turn up the heat in smart cities
Essential components of a smart city include such things as intelligent traffic control, on-demand streetlights, and interconnected building automation. Building Automation Systems (BAS) provide centralized control of a building's heating, ventilation,and air conditioning (HVAC) system, lighting, alarms, elevators, and other systems.
The potential attack surface in such an environment is massive. The potential for massive civil disruption should the integrated systems be compromised is high, and are likely to be a high-value target for cybercriminals, cybervandals and politically motivated hacktivists.
We predict that as building automation and building management systems continue to grow over the next year that they will be targeted by hackers. These exploits will likely be blunt instrument attacks at first, such as simply shutting down a building’s systems. But the potential for holding a building for ransom by locking the doors, shutting off elevators, rerouting traffic, or simply turning on the alarm system is significant.
5. Ransomware was just the gateway malware
The growth of ransomware-as-a-service (RaaS) in 2016 - where potential criminals with virtually no training or skills can simply download tools and point them at a victim, in exchange for sharing a percentage of the profits with the developers – means this high-value attack method is going to increase dramatically.
We expect to see much focused attacks against high-profile targets, such as celebrities, political figures, and large organizations. These attacks are likely to include the collection of sensitive or personal data, which can then be used for extortion or blackmail, and ransom cost for these attacks will get much higher.
We predict that the cost threshold for targeting average citizens will be overcome in 2017 as automated attacks introduce an economy of scale to ransomware that will allow hackers to cost-effectively extort small amounts of money from large numbers of victims, especially by targeting online IoT devices.
We predict an increase in the number of healthcare organizations that will be targeted for ransom-based attacks. We should also see an increase in the targeting of other businesses that collect and manage human data, such as law firms. Patient records and other human data are difficult if not impossible to replace. These records also have higher value because they can be used to establish fraud.
6. Technology will have to close the gap on the critical cyber skills shortage
The current shortage of skilled cybersecurity professionals means that many organizations or countries looking to participate in the digital economy globally will do so at great risk. They simply do not have the experience or training necessary to develop a security policy, protect critical assets that now move freely between network environments, or identify and respond to today’s more sophisticated attacks.
We predict that savvy organizations will instead turn to security consulting services that can guide them through the labyrinth of security, or to managed security services providers, who can provide a turnkey security solution, or they will simply move the bulk of their infrastructure to the cloud where they can simply add security services with a few clicks of a mouse.
Security vendors will need to respond to these changes by building open security solutions designed to correlate and synchronize intelligence across devices, enabling more strategic approaches to security beyond point solutions, and adapting other innovative strategies and tools.