Recently Shane the Gamer (StG) was invited by Symantec New Zealand to a presentation which outlined the biggest areas of cyber threats now and in to 2017.
StG, being an online medium exclusively is always concerned about cyber threats and as a every day user of the internet and internet connected devices you should be too. Luckily for us the experts at Symantec have done the hard yards already and looked in to the areas where we need to focus our privacy and our digital security.
Given the consistently changing security landscape, it’s important to take a moment and determine where the security industry needs to focus its attention as we move into the next year.
Firstly we are facing a whole new era of Cyber Crime and as each new year rolls around, new threats come with it. For example rogue nation states will finance themselves by stealing money online. There is a dangerous possibility that rogue nation states could align with organised crime for their personal gain, such as we saw in the SWIFT (Banking software) attacks. This could result in down time for countries’ political, military or financial systems.
Most of yourselves wouldn’t have heard of Fileless Malware (we hadn’t either!). Fileless malware will increase. Fileless infections – those written directly onto a computer’s RAM without using files of any kind – are difficult to detect and often elude intrusion prevention and antivirus programs. This type of attack increased throughout 2016 and will continue to gain prominence in 2017, most likely through PowerShell attacks.
It is also believed that Secure Sockets Layer (SSL) abuse will lead to increased phishing sites using HTTPS. The rise in popularity of free SSL certifications paired with Google’s recent initiative to label HTTP-only sites as unsafe will weaken security standards, driving potential spear-phishing or malware programs due to malicious search engine optimisation practices.
Also WAN connected it is perceived that Drones will be used for espionage and explosive attacks. This could be seen in 2017, but is more likely to occur further down the road. By 2025, we can expect to see “dronejacking,” which will intercept drone signals and redirect drones for the attacker’s benefit. Given this possibility, we can also expect to see anti-drone hacking technology being developed to control these devices’ GPS and other important systems.
IoT (Internet of Things) devices offer new revenue streams for cybercriminals. Connected cars will be taken for ransom. As cars start to have connected capabilities, it is only a matter of time until we see an automobile hack on a large scale. This could include cars being held for ransom, self-driving cars being hacked to obtain their location for hijacking, unauthorised surveillance and intelligence gathering, or other automobile-focused threats. This will also lead to a question of liability between the software vendor and automobile manufacturer, which will have long-term implications on the future of connected cars. IoT devices in the enterprise (business / commercial) will increase points of exposure. Beyond looking simply at computers and mobile devices for vulnerabilities, incident response teams will need to consider thermostats and other connected devices as jumping points into the network. Similar to how printer servers were used for attacks several years ago, nearly everything in an enterprise is now connected to the internet and will need to be protected.
Further to that statement we can potentially expect to see and increased load of IoT DDoS attacks. The Dyn attack in October 2016 demonstrated the vast number of IoT devices that don’t have security on them and are tremendously vulnerable to attacks. As more IoT devices are installed in the mass market, the risk of security breach will increase. Once insecure devices are in the market, it becomes almost impossible to fix the issue without recalling them or issuing security updates. Given that this lack of security will continue for the foreseeable future, the number of IoT attacks will only increase as well.
So if you are like most digitally connected folk and have your files saved in the cloud (Google Drive, Drop Box, Microsoft One Drive etc), we assume that we are safe. Potentially not as much as we expect… Symantec predict hacks in the cloud. Given the significant shift towards cloud-based storage and services, the cloud is becoming a very lucrative target for attacks. The cloud is not always automatically protected by firewalls or more traditional security measures, so there will be a shift in where enterprises need to defend their data. Cloud attacks could result in multi-million dollar damages and loss of critical data, so the need to defend it will become even more crucial.
So, what is there for the future? In 2017, machine learning and AI will only continue to grow – Forrester predicts investment in Artificial Intelligence will grow 300 percent next year alone. With this growth comes new, powerful insights for businesses to tap, and an increased collaboration between humans and machines. From a security standpoint, this expansion will impact organisations in more ways than one – including endpoints and mechanisms in the cloud. As new forms of machine learning and AI continue to enter the market, enterprises will need to invest in solutions that have the capabilities to collect and analyse data from the countless endpoints and attack sensors across different organisations, industries and geographies. These solutions will prove to be instrumental in teaching machines how to operate on the front lines of a global battle that changes every day, minute by minute.
It might sound all very doom and gloom, but there are steps that you can take to keep your digital life safe. Ultimately, know your network, your smart device, even your prized gaming RIG. Ensure that you are secured to keep on gaming, learning, working and entertained. From PC’s to Android, Smart TV’s to your Gaming Consoles. Anything that is connected to your Home WiFi or Mobile Data is waving out to the world and is a potential beacon to a cyber criminal if not locked down.
Keep StG Independent and (mostly) Advertising Free with a Donation