Watch these top 4 cybersecurity trends in 2017
By Charles CooperWhen it comes to cybersecurity, this much is guaranteed: security practitioners face a busy year. Cyberattacks set a record in 2016 and the threat environment is going to get even more dangerous in 2017. Here are four themes to watch for in 2017.
The changing face of ransomware
As more data gets stored on mobile devices than ever before, ransomware will continue to gain popularity with cybercriminals. This has been a lucrative exploit that encrypts content, making it unrecoverable unless a ransom is paid. But ransomware is also getting more sophisticated and can now target any device. At the summer DEFCON conference, for example, researchers from Pen Test Partners demonstrated how attackers can grab control of an internet-connected thermostat and lock its controls until victims accede to the ransom demand.
Another new wrinkle to watch: Cybercriminals are eschewing broad, spam-based attacks in favor of a greater number of precision spear phishing ransomware attacks. Their targets are often executives and other individuals in positions of authority who are more likely to pay to protect valuable corporate or personal information.
Open season on IoT
Billions of new Internet of Things devices are getting connected to corporate networks. But considering how many remain unsecure, greater adoption will only increase the number of hacker targets. Last October’s Dyn attack demonstrated how easy it was for cybercriminals to manipulate the IoT to wreak havoc on a wide scale. Especially troubling was the deployment of Mirai malware by hackers who used IoT devices as bots for the DDoS attacks. They also created an attack template for copycats. Cybercriminals can just as easily acquire Mirai source code and other attack tools to launch their own botnets or hook up with organized criminal groups on the internet that offer DDoS services for hire.
In addition to DDoS attacks using IoT devices, ransomware criminals are likely to try replicating their success elsewhere by launching ransomware attacks against IoT devices. The upshot: IT managers overseeing enterprise IoT deployments are going to have their hands full.
Mobile security threats everywhere
About 4% of all mobile devices are infected with malware, while about half are at high risk of exposing sensitive corporate data. Employees still disregard corporate protocol and download malware-laden mobile apps from unauthorized app stores onto devices they use to connect to corporate networks. Even when they follow recommended practices, there’s still risk; reputable stores have sometimes been fooled by rogue developers, who create malicious development environments designed to hide malware in apps that appear, at least superficially, to be safe. Bottom line: As more employees access corporate data via mobile devices, they are destined to become ever bigger targets for the bad guys in 2017.
Political hacking goes mainstream
Nation states have regularly conducted cyberespionage, but state-sponsored cyberattacks aren’t going to remain confined to industrial espionage. The Democratic National Convention hack offered a textbook example for how groups believed to be acting on behalf of state sponsors use stolen materials to propagate disinformation, sow discord or spread propaganda to further their political goals. Even those businesses that don’t get involved directly with politics need to update their threat assessments. Fact is that any organization can wind up in the cross hairs of a rival nation.
And the threats no longer only emanate from nation states. Security practitioners also need to defend against threats posed by an assortment of politically minded hacktivists who use cyberattacks to promote causes or advance an agenda.