Cyber Security Threats -2017

Several leading magazines have surveyed a number of the leading Cyber Security companies on their threat predictions for 2017.  Here is a sample:

Adwars Escalation

  • The ad wars are heating up between users (and their ad blockers) versus advertisers who are trying to deliver ads and gather telemetry on user behavior. Advertisers have new methods to bypass ad blockers, but those will be followed by updated ad-blocking software that blocks them again. Many ad blockers work by analyzing cross-site scripting and other components of web pages to selectively block content because few browsers actually offer the option (to developers) to fully disable the ability to execute active content. You can see where this will lead: With enough obfuscation, bad actors will be able to avoid protective add-ons. Advertisers who put making money ahead of security implications are doing the malware distributors work for them. In 2017, advertisers techniques for bypassing active content blockers will be used by malware distributors to enable drive-by downloads of malware.  McAfee

Ransomware

  • Ransomware shows no signs of abating and will continue to be a major vehicle for cybercriminals to monetize their activities. National Cyber Security Alliance 
  • Just as data was used in an attempt to influence the 2016 US election, ransomware attacks against critical infrastructure or enterprises could be used to influence policy or business decisions. 2016 saw several hospitals attacked – resulting in appointments being cancelled, surgeries postponed and patient information stolen. Morphisec
  • What  if the crooks also download a copy of your valuable files (private emails, photos, instant messaging history, company contracts and paychecks, etc.) then threaten to publish and expose these files online if you do not pay? This technique is called doxing; it has been used in hacking attacks where systems have been penetrated. While to date, only proof-of-concept inclusions of doxing capabilities have been seen in ransomware, we predict to see more and more of this type of extortion in the wild in 2017.  Avast

Internet of Things

  • We’re headed for an IoT botnet fallout. The impressment of Internet-connected devices into botnets amplifies two problems: the inability of consumers to add security that their devices should have had to begin with, and the externality of risk – neither manufacturer nor consumer are currently penalized except in the collective sense (when infrastructure is taken down for many parties). We’ll see more pressure to identify and recruit centralized Internet controls to deal with the IoT botnet fallout, such as ISPs filtering traffic, and only then, when their devices stop working, will consumers put enough pressure on manufacturers. Duo Security
  • Internet of Things (IoT) security – which clearly became an undeniable problem with Distributed Denial of Service (DDoS) attacks this past year – will continue to be a big issue; with so many people buying cheap, insecure devices, there will ultimately be a price to pay. SecureMySocial

Drone Hijacking

  • Once a package delivery drone is overhead, the drone could be sent to the ground, allowing the criminal to steal the package. McAfee

Shortage in Cybersecurity Workforce:

  • The severe cybersecurity workforce shortage — which has one million job openings now — will escalate in 2017, and add another 100,000 and 200,000 job openings by year end.  Cybersecurity Ventures.

Email Attacks

  • We will see an increase in business email compromise attacks, aka “spearphishing” of companies by masquerading as senior executives. The nature of social media and other reconnaissance has brought a rise in sophistication of bogus emails luring companies to wire money at the direction of (bogus) requests from senior company officials. Email credential theft will continue to be in the spotlight. Tripwire

Targets

  • Adobe and Apple will outpace Microsoft in terms of platform vulnerability discoveries. Trend Micro

Shortage in Cybersecurity Workforce:

  • The severe cybersecurity workforce shortage — which has one million job openings now — will escalate in 2017, and add another 100,000 and 200,000 job openings by year end.  Cybersecurity Ventures.

 

 

 

 

 

 

 

 

 

 

 

Fallout

  • In the past, in the aftermath of major data breaches, organizations looked to manage bad press. Crisis management in 2017 will include a reckoning with the law. Some state officials have already made inroads to enact cyber regulations – in New York for example – looking to hold senior management and board of directors accountable Fasoo.