Sophos has released its global cybersecurity predictions for 2016 , which discusses the nature of evolving threats vis-à-vis rising complexity in securing the cyber space. These predictions indicate that as advanced attacks get more coordinated than ever before, security solutions also need to function in a coordinated way.
The trends highlighted in the report says 2016 will see an increase in the number of Android exploits becoming weaponized as opposed to bugs like Stagefright which was heavily reported earlier in 2015 but was never fully exploited. There are significant vulnerabilities in the Android platform which may take months to patch. SophosLabs has already seen samples that go to extreme lengths to avoid App Store detection and filtering – giving malicious Apps a better chance of surviving on App stores. iOS is also likely to get into the line of fire as already seen the Apple App Store get hit a few times this year.
Advent of IoT (Internet of Things) has already produced scary stories on webcams, baby monitors, children’s toys and even cars being easy targets for hackers. However, there won’t be widespread IoT exploits anytime soon.What will be seen is more research and Proof of Concepts demonstrating that non-vendor code can be installed on these devices because of insufficient validations, lack of code-signing, susceptibility to Man in the Middle-class exploitations by the IoT vendors.
An increase in data-harvesting/leakage attacks against IoT devices to eventually attain information like video/audio feeds, stored files, credential information for logging into cloud services, etc. are expected. Notably,security concerns on IoT will move beyond industrial control systems (e.g. SCADA) and threats may target other connected / IoT devices.A recent PwC report revealed that 74% of Small and Medium Businesses (SMBs) experienced a security issue in the last 12 months, and this number will only increase due to SMBs being perceived as easy targets.
In 2016, the pressure on business to secure customers’ data will increase as the EU data protection legislation looms closer. Fear of facing penalties is likely to have far reaching impact on how businesses deal with security. Two major changes will be the EU General Data Protection Regulation (GDPR), and the Investigatory Powers Bill in the UK. The EU Data Protection regulation will come fully into force across Europe by the end of 2017, so companies need to start preparing in 2016.
A growth in the use of VIP spoof wire transfers as we move into 2016 is expected be seen. Hackers are becoming increasingly talented at infiltrating business networks to gain visibility of personnel and their responsibilities, and then using this information to trick staff for financial gain.
Ransomware will continue to dominate in 2016. Attackers will increasingly threaten to go public with data, rather than just taking it hostage and we have already seen websites being held ransom to DDoS. Many Ransomware families are using Darknets for either command or control or for receiving payments, as seen the likes of CryptoWall, TorrentLocker, TeslaCrypt, Chimera, and many more in 2015.
As always, Social Engineering attacks will continue to remain a major concern for security practitioners, as attackers continue to utilize same old practices for weaving their attacks. This again emphasizes the need for effective training and awareness programs to counter such attacks.
The bad guys will continue to use coordinated attacks but the cyber security industry will make significant strides forward with information sharing.
Commercial malware authors will continue to reinvest at ever greater rates, bringing them towards the ‘spending power’ of nation-state activity. This includes purchasing zero days. These bad guys have lots of cash and they are spending it wisely.
Exploit kits, like Angler by far the most prevalent today and Nuclear,are arguably the biggest problem that is there on the web today as far as malware goes and this looks set to continue thanks to the thousands and thousands of poorly secured websites out there on the internet. Cyber criminals will exploit where they can most easily make money and therefore exploit kits have simply become stock tools of the trade, used by criminals to attempt to infect users with their chosen malware.