The year 2016 saw a huge number and variety of cyber attacks, ranging from a high-profile DDoS using hijacked Internet-facing security cameras to the alleged hacking of party officials during the US election. The year also saw a rising tide of data breaches, from organizations big and small, and significant losses of people’s personal information.
With the year almost over, Joergen Jakobsen, regional vice president for Asia-Pacific and Japan at Sophos, looks into his crystal ball to predict the top cyber security trends for 2017:
Destructive DDoS IOT attacks will rise. In 2016, Mirai showed the massive destructive potential of DDoS attacks as a result of insecure consumer IoT (Internet of Things) devices.
Shift from exploitation to targeted social attacks. Cybercriminals are getting better at exploiting the ultimate vulnerability – humans. Ever more sophisticated and convincing targeted attacks seek to coax users into compromising themselves.
Financial infrastructure at greater risk of attack. The use of targeted phishing and “whaling” continues to grow. These attacks use detailed information about company executives to trick employees into paying fraudsters or compromising accounts.
Exploitation of the Internet’s inherently insecure infrastructure. All Internet users rely on ancient foundational protocols, and their ubiquity makes them nearly impossible to revamp or replace. These archaic protocols that have long been the backbone of the Internet and business networks are sometimes surprisingly flaky.
Increased attack complexity. Attacks increasingly bring together multiple technical and social elements, and reflect careful, lengthy probing of the victim organization’s network. Attackers compromise multiple servers and workstations long before they start to steal data or act aggressively.
More attacks using built-in admin languages and tools. Jakobsen sees more exploits based on PowerShell, Microsoft’s language for automating administrative tasks. As a scripting language, PowerShell evades countermeasures focused on executables.