When Things attack and other security predictions for 2017
The past year has been a pretty turbulent one for IT security with high profile data breaches, Apple and the FBI wrangling over encryption, persistent threats from ransomware and more.
So as industry experts begin to roll out their predictions for 2017, what can we look forward to, or what do we need to beware of, in the security field?
Stephen Cobb, senior security researcher at ESET sees increased potential for cross-pollination attacks, as ransomware will begin to seep into IoT devices, what he calls 'Ransomware of Things'. "In order to prevent RoT, a number of things need to happen in two different spheres," says Cobb. "First, the technical challenge of implementing security across numerous and ever-changing IoT platforms. Second, the challenges of preventing a thriving cybercriminal infrastructure".
Cobb also sees attackers continuing to attack critical infrastructure, looking for ways to cause damage, deny service, or hold data hostage. He also expects further attacks on the internet infrastructure itself, disrupting access to data and services.
The risk from IoT devices is also on the mind of Phil Dunkelberger, CEO of Nok Nok Labs. He predicts mass hacking of IoT devices getting worse before vendors get their act together. "IoT is the weakest link into the home, and thousands of consumers are going to find their accounts compromised and their bank accounts pilfered just because they thought it would be fun to automatically dim the lights in their bedroom".
On a positive note Dunkelberger believes the dark web will start to become a less safe place for criminals to operate as intelligent, autonomous bots begin to be used to patrol for any sign of illicit activity. Under the incoming Trump administration he also believes the NIST will push for greater cyber security, aiming for the elimination of passwords, the use of strong encryption standards for Government agencies and American businesses will become a legislative agenda item in Congress.
Panda Security believes we'll see less new malware but that attacks on companies will become more numerous and more sophisticated, seeking to exploit weaknesses to gain access to corporate data. It too sees the IoT as a weak point that will increasingly be exploited by cyber criminals.
Panda's Cybersecurity Predictions 2017 report notes, "We are living through one of the most precarious moments in international relations of the last several years -- threats of commercial warfare, espionage, tariffs with the potential to polarize the positions of the great powers. This can no doubt have huge -- and serious -- consequences in the field of cybersecurity".
Zachary Short, principal software architect at GlobalSign sees a greater role for AI and machine learning in combating threats. "Rather than being purpose built, security will become more organic and autonomous like your own immune system. Security will continually evolve in an ever-changing cyber-environment. Continual training and adaptation will allow systems to not only recognize new threats but respond to them. Anomaly detection in particular will become more pervasive and IoT ecosystems will rely on this as a line of defense for trusting data from peers".
Mandeep Khera, CMO at Arxan adds to the IoT worries. "While there is a lot of talk about IoT level attacks, 2017 will bring the seriousness of these attacks to the forefront. Not only IoT attacks will result in major financial losses, there is at least a good likelihood of loss of life or injuries when you look at Connected Cars and Connected Medical Devices resulting from cyber terrorism. While some of the leading edge vendors in these spaces are working on securing their devices and apps, a vast majority has not taken it seriously enough. And, 2017 just might catch them by surprise. Let's hope that damages will be limited to financial losses only".
Khera also believes drones will come in for attention especially as they start to be used for deliveries of goods. We can expect to see dronejacking and other attacks aimed at the technology.
Don't expect to see our old friend ransomware going away either. Israel-based security company Morphisec believes ransomware will continue to expand in amount and variety, and employ more sophisticated delivery vectors. Moreover, it could move from a strictly financially-driven crime into attempts to affect strategic outcomes. It believes we'll see ransomware attacks against critical infrastructure or enterprises being used to influence policy or business decisions.
So, plenty to think about and with some strong common themes. But if 2016 has taught us anything it's that the world of information security is always able to spring a surprise.