Cyber Threats Expected To Worsen in 2017: Trend Micro Report
By Jef Cozza / CIO Today. Updated December 13, 2016.
While 2016 has been a difficult year for network security, 2017 promises to be a lot worse. That's the prediction from cybersecurity firm Trend Micro, which said the coming year will include an increased breadth and depth of cyberattacks, with malicious threat actors differentiating their tactics to capitalize on the changing technology landscape.
“Next year will take the cybersecurity industry into new territory after 2016’s threat landscape opened doors for cybercriminals to explore a wider range of attacks and attack surfaces,” said Raimund Genes, chief technology officer for Trend Micro, in a statement. “We foresee the General Data Protection Regulation (GDPR) causing extensive data management changes for companies around the world, new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.”
New Fronts in Cyber Warfare
Not that 2016 has exactly been uneventful. This year there were a number of high profile attacks against enterprises and government agencies, not the least of which was Russia’s hack and leaking of the private emails of Democratic presidential candidate Hillary Clinton. The attack -- the first time the U.S. has experienced an effort to influence the results of its electoral process through strictly technological means -- represented the opening of a broad new front in the world of cyber warfare.
The number and variety of devices being targeted also increased significantly this year, with technologies such as the Internet of Things (IoT) creating entirely new classes of items that are being connected to the network for the first time. Everything from key pieces of national infrastructure to automobiles were discovered to be vulnerable to attacks.
Next year there will be more of the same, particularly with regard to ransomware attacks and extortion attempts against enterprise targets, according to Trend Micro. The firm said attacks on business emails and business processes will continue to grow because they are cost-effective and relatively simple forms of corporate extortion.
An attack on a company's business email might yield as much as $140,000 by luring an innocent employee to transfer money to a criminal’s account. Alternatively, hacking directly into a financial transaction system, while requiring more work, will result in far greater financial windfalls for cybercriminals -- as much as $81 million, according to Trend Micro.
An Evolving Threat Landscape
“We continue to see cybercriminals evolving to the changing technology landscape,” said Ed Cabrera, chief cybersecurity officer at Trend Micro. “While new ransomware saw an exponential increase in 2016, that growth is no longer sustainable, so attackers will find new ways to use existing malware families. Similarly, changes in IoT open new doors to go after additional attack surfaces, and software changes push criminals toward finding different types of flaws.”
The company said that the number of new ransomware families will plateau next year, growing only 25 percent. On the other hand, ransomware will likely branch out into IoT devices and non-desktop computing terminals, like point-of-sales systems or ATMs.
New vulnerabilities against targets like Apple and Adobe are also expected to increase, as will new targeted attack methods designed to focus on evading modern detection techniques.