In the world of cybersecurity, 2015 was a doozy. Ransomware took off running across multiple platforms, the Ashley Madison hack left a trail of bruised hearts, and even wifi-enabled Barbie dolls were hacked to gain access to credential passwords and other confidential information.
But what are we likely to see next year? According to Intel’s McAfee security team, things are going to get interesting.
A selection of 2016 threats to cybersecurity are below:
McAfee noted the emergence of hardware-based cyberattacks over the course of this year. In recent years, a greater percentage of hardware is ordered directly from component and contract manufacturers located in the Far East—frequently within countries that have perpetrated the greatest percentage of cyber attacks on the US. Security analysts have discovered a number of “backdoor” exploits—usually spyware—embedded in the components themselves. McAfee says cyberattackers are likely to continue exploring how hardware can be infiltrated, and more ongoing attacks of this nature will be uncovered as we “peel back layers of current threats.”
Ransomware is turning out to be one of the most virulent and long-lasting exploits yet uncovered. If you are unfortunate enough to accidentally download this type of malicious code, the malware locks your screen, encrypts your files, and attempts to extort a fee before giving you the cryptographic key required to retrieve your information.
There are many strains of ransomware—most notably CryptoWall, CryptoLocker, CoinVault, and Bitcryptor. This malware is nasty enough already, but McAfee predicts that new families will increase in sophistication — including stealth tactics, the silent encryption of data — on both systems and backups.
Software vulnerabilities are commonplace on any threat prediction list. As any user can attest, Adobe Flash and Java dominate the lists of fixes issued via security patches and updates. For what it’s worth, McAfee believes new mitigation features for Flash will help quell vulnerability discoveries in 2016, but the ongoing transition away from Flash will continue.
In addition, Microsoft’s new Windows 10 browser , Edge, could potentially replace Internet Explorer as the attack vector of choice for hackers. Its very newness likely provides users a time window as attackers “catch up.” And Microsoft claims it will be more difficult to exploit thanks to new mitigation methods and features.
Cloud technology has given businesses the chance to cut costs, improve efficiency and make better use of data, but this doesn’t necessarily mean improved security. If a security breach occurs within a cloud host environment, cybercriminals may well find themselves able to exploit multiple tenant organizations.
The report shows that in 2016 we are likely to see an uptake in cloud service providers as a target for cybercrimes.
WAREHOUSES OF STOLEN DATA
We’ve seen Sony, Ashley Madison, and Anthem hacked and their customer details stolen in recent times…and these are only a few of the largest victims. There is always high demand for information which can lead to profit or entry into corporate networks as a “legitimate” user.
A comprehensive grab of Personally Identifiable Information (PII) (for example, a stolen health record) can be worth any where from hundreds of dollars or even $1,000 each on the black market depending on the source and the amount of information obtained.
According to McAfee, we will unfortunately see a “robust” dark market for stolen data and credentials next year, with specialized marketplaces developing, based on industry and sector.
What do you think we’re likely to see next year?