Connect with us

Technology

Schools, iPhones and the IoT: WatchGuard Predicts New Hunting Grounds for Hackers in 2016

Published

on

Seattle — WatchGuard® Technologies, a leader in multi-function firewalls, today revealed its full list of 10 new information security predictions for 2016. WatchGuard’s security research highlights new and emerging threat trends that include: advanced ransomware moving on to alternate platforms; an increase in targeted iOS attacks; and a new hunting ground for criminals to find data that leads to identity theft.

“The security threat landscape is constantly changing, as cyber criminals deploy old and new methods to expand their reach, exploit users, and gain access to valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard. “To play better defence, we recommend following security best practices; training employees about threats and targeted social engineering techniques; and deploying the latest network security technologies so organisations identify security issues in real-time to address the majority of attacks we anticipate in 2016.”

1. Ransomware Reaches New Platforms

Ransomware has grown up, with new strains of file encrypting malware being so good that many victims have paid ransoms. To date, ransomware primarily targets Windows. Next year we expect cyber criminals to make very effective ransomware for alternate platforms including Android mobile devices and Mac laptops.

2. Social Engineering Keeps People as Your Biggest Threat

Recent advanced network breaches have one thing in common, they all started with spear phishing the user. Cyber criminals target specific users with customised social engineering tactics to trick trusting users into giving up their access privileges. We recommend dedicating budget each year to provide employees with security awareness training that includes the latest social engineering techniques.

3. SMB Security Breaches Go Back to Basics

A majority of successful security attacks –especially ones against smaller targets– still rely on the basics. Despite some threat actors using sophisticated techniques, most Small to-Medium Business (SMB) security breaches will come back to basic security best practice failures. There is a silver-lining. If organisations concentrate on following basic security best practices, they will avoid a majority of the attacks in 2016.

4. Malware on iOS Will Rise

Google’s open platform strategy has translated into more threats against Android devices than Apple’s iOS. Last year, cyber criminals infected Apple’s development platform. We believe criminals will continue to exploit this attack vector to sneak malware onto Apple’s official marketplace. Criminals will launch more targeted attacks against iOS.

5. Malvertising Increases by Leveraging Encryption

Malvertising, a combination of the words malware and advertising, is an attack where criminals booby-trap a trusted website with a malicious code by sneaking it in through advertising. Some services and products are getting better at detecting malicious advertisements, however, the criminals are fighting back. In 2016, we expect malvertising attempts to triple, and to succeed more regularly through the use of HTTPS. If your organisation does not have security controls that can monitor HTTPS, plan to update as soon as possible.

6. Automation Brings Security to the Next Level

Today’s automated attacks constantly evade reactive defences. Signature-based protection is no longer effective. While human analysts can identify new threats by monitoring for suspicious behaviors, cyber criminals release such a volume of new threats that humans cannot keep up. The solution? Artificial Intelligence (AI) and machine learning that can automatically recognise and help track malicious behavior. Look for defences that are proactive, technologies like APT Blocker that automatically identify malware and threats based on behaviours and not just on static patterns.

7. Cyber Criminals Go Back to School to Get Data

Information security is all about protecting data, so the personally identifying information (PII) required to steal data that provides a full identity is valuable. The amount of data collected about children while they are students in school is staggering with their health records representing one of the richest PII datasets. This, combined with open network environments found in educational facilities, is why we expect cyber criminals to target student data systems. If you manage IT for an educational facility, we recommend hardening the database server and review the web applications that tie to student data.

8. Hijacked Firmware Attacks the Internet of Things

When a hacker hijacks a computer, making sure malicious code stays on the device is the plan. However, hijacking the Internet of Things (IoT) is a different story. Most IoT devices don’t have local storage and have few resources, so getting code to stick involves modifying the firmware. Next year, we expect to see proof-of-concept attacks that permanently modify and hijack the firmware of IoT devices. In response, we expect to see vendors start to harden security for IoT devices by implementing secure boot mechanisms that make it more difficult for attackers to modify firmware. We recommend vendors get in front of this learning curve.

9. Wireless “Ease-of-Use” Features Expose the Next Big Wireless Flaw

The next big wireless security vulnerability will involve “ease-of-use” features that clash with real world security. For example, the Wi-Fi Protected Setup (WPS) is one such usability feature, which exposed a weakness allowing attackers onto wireless networks. This year, vendors are adding new wireless usability features, such as Microsoft’s Wi-Fi Sense. We expect the next wireless vulnerability to involve an ease of use feature that enables users, and hackers, to easily join a wireless network.

10. Hacktivists Hijack Broadcast Media

Unlike cyber criminals, who stay under the radar, hacktivists like to communicate big stories designed to get public attention. The whole point of “cyber” activism is to use technology to get as many people as possible to notice your message, whatever it may be. Anonymous is a great example of this with well-known videos. Next year, we predict hacktivists will do something big that broadcasts their revolution to the world live.

Relevant Resources: 2016 Security Prediction Downloads from WatchGuard

2016 Security Predictions Interactive Microsite
2016 Security Predictions Full Length Video
2016 Security Predictions Infographic
2016 Security Predictions Detailed eBook
WatchGuard Security Center Blog

Continue Reading
Advertisement
Comments

Subscribe

Advertisement

Facebook

Advertisement

Ads Blocker Image Powered by Code Help Pro

It looks like you are using an adblocker

Please consider allowing ads on our site. We rely on these ads to help us grow and continue sharing our content.

OK
Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock