The 2016 top cyber security trends are most likely to spill into next year, vendors say. Distributed denial-of-service (DDOS) attacks, ransomware and misdirection are the biggest techniques cyber criminals will use in 2017.
ITWeb interviewed several IT security vendors to gauge if the 2017 cyber security space will be any different from what we have witnessed this year.
The vendors were in unison that the 2016 top trends were most likely to spill into next year. However, the vendors say the defenders will not be left helpless as cyber threats continue to escalate.
In 2017, Kaspersky Lab expects to see the appearance of memory-resident malware that has no interest in surviving beyond the first reboot that will wipe the infection from the machine memory. Such malware, intended for general reconnaissance and the collection of credentials, is likely to be deployed in highly sensitive environments by stealthy attackers keen to avoid arousing suspicion or discovery.
As cyber attacks come to play a greater role in international relations, Kaspersky Lab says attribution will become a central issue in determining a political course of action -- such as retaliation.
It notes the pursuit of attribution could result in the risk of more criminals dumping infrastructure or proprietary tools on the open market, or opting for open source and commercial malware, not to mention the widespread use of misdirection, generally known as false flags, to muddy the waters of attribution.
In 2016, the world started to take seriously the dumping of hacked information for aggressive purposes, the security vendor notes.
Expect an increase in the incidence of DDOS attacks, anonymous transactions, ransomware and malware, says Fortinet's Paul Williams.
Such attacks are likely to increase in 2017, and there is a risk that attackers will try to exploit people's willingness to accept such data as fact by manipulating or selectively disclosing information, the vendor says.
Kaspersky Lab also anticipates the continuing rise of ransomware, but with the unlikely trust relationship between the victim and their attacker -- based on the assumption that payment will result in the return of data - damaged as a lesser grade of criminal decides to enter the space. This could be the turning point in people being prepared to pay up, it points out.
Cost of Attacks
Paul Williams, Fortinet's country manager for SADC, says: "We can expect to see an increase in the incidence of DDOS attacks and with that, anonymous transactions, ransomware and malware.
He points out local companies are increasingly coming under these types of attacks, with ransomware demands ranging from $5 000 to $50 000. "While many simply write off the affected hardware or reformat it, these targeted ransomware attacks are a growing problem and the cost of these attacks, along with targeted blackmail attacks, will grow.
"We are seeing strong local uptake of our botnet and sandboxing solutions to deal with these growing threats, and internationally, companies are taking the increased risk seriously. We can also expect to see an increase in cyber-based corporate espionage and cyber warfare in future," Williams says.
He adds attackers appear to be becoming more methodical as well as more persistent and aggressive. They are profiling victims and their environments, carrying out pre-testing ahead of attacks, and even using artificial intelligence server environments to determine the best mode of attack, he explains.
Fortinet has found threats are increasingly able to operate autonomously. "In the coming year, we expect to see malware designed with adaptive, success-based learning, as well as cross-platform autonomous malware, or ‘transformers', designed to operate on and between a variety of devices.
"We are also seeing more attacks and breaches of Internet of things (IOT) devices, which may indicate attackers are testing the potential to use a broad range of connected devices for full-blown attacks."
There is a strong overlap with some of the predictions for 2016 and 2017, says Check Point's Doros Hadjizenonos.
Fortinet also predicts the growth of massive Shadownets -- IOT botnets that can't be seen or measured using conventional tools. Swarms of compromised devices will likely be used for targeted DDOS attacks combined with demands for ransom, says Williams.
Doros Hadjizenonos, country manager at Check Point Software Technologies SA, says there is definitely a strong similarity and he has seen an overlap with some of the predictions for 2016 and 2017.
For example, he notes, mobile security, sophisticated and custom-designed malware, and attacks on critical infrastructure continue to be areas of great concern within the security market.
He is of the view that as attacks on mobile devices continue to grow, he expects to see enterprise breaches that originate on mobile devices becoming a more significant corporate security concern.
The recent discovery of not one, but three zero-day vulnerabilities in Apple's iOS following an attempted attack on a human rights activist's phone highlights how rapidly the mobile surveillance and cyber crime industry is expanding -- and the need for organizations to deploy protections on their mobile estates against malware, interception of communications and other vulnerabilities, says Hadjizenonos.
To avoid getting caught out, Hadjizenonos urges organizations to ensure every endpoint is protected with multiple layers of protection. These include an advanced threat prevention solution; up-to-date anti-virus software; and threat prevention Web extension to provide protection from malicious Web sites and downloaded content, as well as social engineering attacks.
"Organizations must also make sure their operating systems, browsers and main plugins are continuously updated, and they should continuously educate employees about best practices when it comes to cyber security, as well as the organization's security policies," Hadjizenonos says.
For Williams, staying ahead of the risks is a never-ending challenge. "All organizations need to take a careful look at their current environments to ensure every component is secure and updated.
"Enterprise networks need to be foolproof on every level, including endpoints and WiFi, and the security appliances must be capable of coping with the increased network throughputs now coming in to enterprises."