. Updated December 11, 2016.
Kaspersky Lab says it anticipates the continuing rise of ransomware in 2017 and other security experts agree. The year 2017 will take the cybersecurity industry into new territory after 2016's threat landscape opened doors for cyber criminals to explore a wider range of attacks and attack surfaces, says Raimund Genes, chief technology officer for Trend Micro.
Trend Micro predicts the general data protection regulation will cause extensive data management changes for companies around the world with new attack methods threatening corporations, expanding ransomware tactics, and impacting more devices, plus cyber-propaganda swaying public opinion.
"Business e-mail compromise (BEC) and business process compromise will continue to grow as a cost-effective and relatively simple form of corporate extortion. A BEC attack might yield $140,000 by luring an innocent employee to transfer money to a criminal's account.
Alternatively, hacking directly into a financial transaction system, while requiring more work, will result in far greater financial windfalls for criminals -- as much as $81 million," reveals the latest Trend Micro threat report.
Financial Attacks and Ransomware
Kaspersky Lab predicts 2017 will continue to see the commodification of financial attacks.
"The commodification of attacks along the lines of the 2016 SWIFT heists -- with specialized resources being offered for sale in underground forums or through as-a-service schemes, will continue in 2017. As payment systems become increasingly popular and common, this will be matched by a greater criminal interest next year."
As far as ransomware is concerned, Kaspersky Lab also anticipates the continuing rise of ransomware, but with the unlikely trust relationship between the victim and their attacker -- based on the assumption that payment will result in the return of data.
Internet of Things Creates More Vulnerability
Trend Micro says the Internet of things (IoT) and industrial Internet of things (IIoT) will play a larger role in targeted attacks in 2017. These attacks will capitalize upon the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as we saw with the Trojan Mirai.
"While new ransomware saw an exponential increase in 2016, that growth is no longer sustainable, so attackers will find new ways to use existing malware families. Similarly, changes in IoT open new doors to go after additional attack surfaces, and software changes push criminals toward finding different types of flaws," says Ed Cabrera, chief cybersecurity officer for Trend Micro.
Advanced Authentication Needed
According to PwC's cybersecurity and privacy report, when it comes to authentication, the next 12 months will see organizations moving beyond passwords toward advanced authentication.
Passwords are about as useful as 123456. This string of numbers is still the most commonly used password today. User disregard for strong password practices is one reason why many businesses are turning to advanced authentication technologies to add an extra layer of security and improve trust among customers and business partners. Forty-six percent of organizations that employ advanced authentication say it has made online transactions more secure, says the report.