(1 votes, average: 5.00 out of 5)
As the internet continues to evolve, so too does cybercrime. It’s an unfortunate reality that we’re all forced to live with. We exist in an age where the worldwide web has given us access to vast amounts of information while also putting tasks like shopping, banking and paying bills conveniently at our fingertips.
But for as much as the internet has made our lives easier, it’s also given criminals new attack vectors. In 2017, you no longer even need to leave your house to rob someone—or commit an act of war.
As more and more systems become automated, as more networks come online – as we depend on technology to a greater extent every single day – we become more and more vulnerable to cyber-attacks.
So with that sad detail in mind, here are our predictions for the top 10 cyber security threats we will face in 2017:
As part of a continuing trend, expect to see a greater number of attacks on cloud-based management platforms, workloads and enterprise SaaS applications. This, in turn, will cause the majority of companies and organizations to have to reassess their security budgets and redistribute a greater portion of it to cloud-based security, which could weaken the level of security on traditional servers and desktops.
Already in 2016, major breaches at Yahoo and Twitter should have jarred a great number of people into a greater awareness about their password hygiene. These breaches will continue in 2017. At the core of the issue is people’s tendency to re-use the same password across multiple accounts. This needs to be addressed, as one compromise – if it contains a password – could potentially endanger multiple other accounts as well. Always use varied passwords, and when possible make use of two-factor authentication or other recognition technologies.
Ransomware is just one part of a larger threat: digital extortion. But to date, it is the most effective weapon in the digital extortion tool box. The ability to take over a system and effectively hold it hostage until a set of demands, typically financial, have been met is highly alluring to cybercriminals and its use will likely grow substantially in 2017. Even with certain strains, such as the CrySiS Ransomware strain having been defeated in 2016, others are already actively taking its place.
Every year more and more automobile manufactures advertise the new-fangled digital systems that have been added to their cars and trucks. From drive computers to advanced features like console-based entertainment centers, more and more systems are being brought online in automobiles every year. And while this is exciting, it also creates a brand new attack vector. Consider for a second just how terrifying it would be were any of your car’s online systems to come under attack while you’re in transit on a highway—or anywhere really. This is something the automobile manufacturers will need to address quickly.
This point piggy-backs on our previous one, the IoT or Internet of Things refers to the litany of devices that have come online in recent years. Everything from your dishwasher to your coffeemaker are online now—your refrigerator probably has a Twitter account at this point. Again, with all of these devices coming online – and perhaps more importantly, networking with other devices online – it creates a new attack surface that is extremely vulnerable. Until IoT manufacturers identify authentication risks and establish identity assurance requirements, the threat will ensue.
If you’ve been to a Starbucks lately, you know how many people are paying for things on their phones these days. It seems like everyone – from coffee shops to technology titans like Apple and Google to financial institutions – are designing NFC (Near Field Communication) and RFID (Radio Frequency Identification) mobile payment platforms these days. As you can imagine, this is an exciting new target for cybercriminals, who are already actively looking for a way to breach these systems and gain access to money and valuable financial details.
With companies and organizations across the world spending more and more time on their digital security strategies, cybercriminals have been forced to become increasingly creative in their attacks. We are now entering an era where Social Engineering Attacks are reaching the level of an art form. Social Engineering is a tactic where cybercriminals attempt to create a believable cover from which to breach a network or to take advantage of a known vulnerability. In this context, it’s usually an email-based phishing attack which impersonates an employee’s coworker or superior in a believable-enough way to get them to click a link or open an attachment—though it can take other forms as well. It’s absolutely crucial that all companies and organizations spend time and resources training all their employees on threat detection and how to handle anything suspicious that gets sent their way.
One of the biggest misnomers when it comes to cybercrime is that the biggest companies are the most likely targets. Not true. According to Symantec, 74% of small and medium-sized businesses have been targeted in the last 12 months. In 2017, that number is going to sky-rocket? Why? It has to do with the fact that the browser community is going to start mandating encryption. This means every website will need to have at least a Domain Validated SSL Certificate. The problem lies in the fact that many small and medium-sized businesses currently encrypt their websites using DV SSL, which before SSL was required was sufficient, but won’t be afterwards. Why won’t it be sufficient? DV SSL offers no authentication beyond who owns the domain. This means that the legitimate website of an SMB (with a DV SSL Certificate installed) and a spoofed version of that same website made by a cybercriminal will be identical to the average internet user. They will both have a DV SSL Certificate on them. They will both have identical security indicators. They both look exactly the same. Phishing attacks are about to sky-rocket. The only solution is Business Authentication.
The last two threats are larger-scale threats, with the potential to affect entire countries—not just companies and industries. Recently, we’ve begun seeing DDoS (Distributed Denial of Service) attacks in excess of 500 GB. Without getting too granular, this is a staggering level of power on the part of the attacker. These attacks can take entire servers down at will, for as long as they continue to be executed, and put companies and organizations at the mercy of their attackers. It’s only a matter of time before a startup that can directly attack or patch botnet systems is formed in a largely unregulated country (likely the Middle East, Asia or Eastern Europe). This will mark a new chapter in the history of cyber warfare as it will give lesser developed countries access to a powerful weapon while forcing entire nations to reckon with the threat.
International incidents involving acts of cyber warfare have already been occurring—and with increasing regularity. China, which has a highly-regulated internet, once essentially weaponized its entire internet user-base in order to launch a massive DDoS attack at GitHub. Russia hacked the US Democratic National Committee’s servers and leaked thousands of stolen emails to WikiLeaks during the US elections. The US is rumored to have once partnered with Israel to create a computer virus that was then used to attack the Iranian nuclear program. These things are happening on a daily basis. The only thing that’s prevented escalation so far has been secrecy and level of deniability – no matter how strained – on the part of the transgressors. But it’s only a matter of time before some nation state catches another one red-handed and acknowledges the cyber-attack as an act of war. At that point, watch out. We will all be in uncharted territory.