Cyber security in the new year — better, worse or about the same?
To find out, Intel Security assembled 31 of its top thought leaders. Their predictions have just been published in the McAfee Labs 2017 Threat Predictions Report.
Here’s your solution provider’s update:
Top Predictions for 2017
McAfee’s team of experts made a long list of predictions for next year. These are their top 10:
1) Ransomware will continue to worsen in the first half of 2017, but then subside in both volume and effectiveness by year’s end, thanks to increasingly effective technology and continued law enforcement.
2) Windows vulnerability exploits will decline as the operating system gets more difficult to hack. But exploits targeting infrastructure software and virtualization software will increase.
3) Hardware and firmware will both be increasingly targeted by sophisticated attackers.
4) Drones will be attacked and taken over by bad guys. Hackers can use laptop software to attempt “dronejackings” for a variety of criminal or hacktivist purposes.
5) Mobile malware attacks will continue, combining mobile-device locks with credential theft, allowing cyberthieves to access bank accounts and credit cards.
6) Internet of Things (IoT) malware will open back doors into connected homes, and successful intrusions could remain undetected for years.
7) Machine learning will accelerate the proliferation of and increase the sophistication of social engineering attacks. In the cyber arms race, this could give the bad guys a big advantage.
8) Fake ads and purchased “likes” will continue to proliferate. As they do, these fake forms of feedback will also erode consumer trust (see an example below, courtesy of Intel Security).
9) Ad wars will escalate. As more users employ ad blockers, advertisers will try new techniques to deliver their ads. Unfortunately, these same techniques can be copied by hackers and attackers to boost the delivery capabilities of malware.
10) Hacktivists will play an important role in exposing privacy issues. They’ll attempt to educate consumers, generate outrage and force action until privacy laws and corporate policies change.
Call it an unintended consequence, but the Intel Security experts believe that as more people learn to trust the cloud, more hackers will be interested in attacking it. The cloud has gotten more secure, meaning organizations are likely to use the cloud for increasingly valuable data and processing. The bad guys will notice. “Attacks will adapt, new threats will emerge, and breaches will happen,” the McAfee report predicts.
Antiquated authentication schemes — passwords, mainly — and their control systems will continue to be the weakest technology links in cloud protection. For this reason, many attacks will focus first on credential theft, the Intel Security experts predict.
What to do? “Unfortunately,” the authors write, “there is no simple way to prevent cloud resources from being used by attackers.” But that’s not to say all hope is lost. Security vendors are responding with powerful approaches that include biometrics, multilevel authentication, behavioral analytics, security automation and increased network visibility.
The Internet of Things is a great source of business innovation, but it’s also a hotbed of security risks. Cybercrooks like IoT devices because they’re great sources for data and metadata, and because they can be used as attack vectors, the McAfee report explains.
Ransomware will be the primary threat, the Intel Security experts predict. “Disrupting one or more IoT devices, their control plane, or their cloud aggregation point, and holding them hostage is an easier and faster way to make money than compromising a large number of devices quietly to siphon data,” the report says.
To protect IoT devices and networks, vendors are responding with several approaches. These include new and improved encryption options, hardware-based security and privacy, industry standards, control systems and behavioral monitoring. Fingers crossed, at least some of them will work.