Schools, iPhones and the IoT: WatchGuard Predicts New Hunting Grounds for Hackers in 2016
December 2015 by WatchGuard Technologies
WatchGuard® Technologies revealed its full list of 10 new information security predictions for 2016. WatchGuard’s security research highlights new and emerging threat trends that include: advanced ransomware moving on to alternate platforms; an increase in targeted iOS attacks; and a new hunting ground for criminals to find data that leads to identity theft.
“The security threat landscape is constantly changing, as cyber criminals deploy old and new methods to expand their reach, exploit users, and gain access to valuable data,” said Corey Nachreiner, chief technology officer at WatchGuard. “To play better defense, we recommend following security best practices; training employees about threats and targeted social engineering techniques; and deploying the latest network security technologies so organizations identify security issues in real-time to address the majority of attacks we anticipate in 2016.”
1. Ransomware Reaches New Platforms:
Ransomware has grown up, with new strains of file encrypting malware being so good that many victims have paid ransoms. To date, ransomware primarily targets Windows. Next year we expect cyber criminals to make very effective ransomware for alternate platforms including Android mobile devices and Mac laptops.
2. Social Engineering Keeps People as Your Biggest Threat:
Recent advanced network breaches have one thing in common, they all started with spear phishing the user. Cyber criminals target specific users with customized social engineering tactics to trick trusting users into giving up their access privileges. We recommend dedicating budget each year to provide employees with security awareness training that includes the latest social engineering techniques.
3. SMB Security Breaches Go Back to Basics:
A majority of successful security attacks –especially ones against smaller targets– still rely on the basics. Despite some threat actors using sophisticated techniques, most Small to-Medium Business (SMB) security breaches will come back to basic security best practice failures. There is a silver-lining. If organizations concentrate on following basic security best practices, they will avoid a majority of the attacks in 2016.
4. Malware on iOS Will Rise:
Google’s open platform strategy has translated into more threats against Android devices than Apple’s iOS. Last year, cyber criminals infected Apple’s development platform. We believe criminals will continue to exploit this attack vector to sneak malware onto Apple’s official marketplace. Criminals will launch more targeted attacks against iOS.
5. Malvertising Increases by Leveraging Encryption:
Malvertising, a combination of the words malware and advertising, is an attack where criminals booby-trap a trusted website with a malicious code by sneaking it in through advertising. Some services and products are getting better at detecting malicious advertisements, however, the criminals are fighting back. In 2016, we expect malvertising attempts to triple, and to succeed more regularly through the use of HTTPS. If your organization does not have security controls that can monitor HTTPS, plan to update as soon as possible.
6. Automation Brings Security to the Next Level:
Today’s automated attacks constantly evade reactive defenses. Signature-based protection is no longer effective. While human analysts can identify new threats by monitoring for suspicious behaviors, cyber criminals release such a volume of new threats that humans cannot keep up. The solution? Artificial Intelligence (AI) and machine learning that can automatically recognize and help track malicious behavior. Look for defenses that are proactive, technologies like APT Blocker that automatically identify malware and threats based on behaviors and not just on static patterns.
7. Cyber Criminals Go Back to School to Get Data: Information security is all about protecting data, so the personally identifying information (PII) required to steal data that provides a full identity is valuable. The amount of data collected about children while they are students in school is staggering with their health records representing one of the richest PII datasets. This, combined with open network environments found in educational facilities, is why we expect cyber criminals to target student data systems. If you manage IT for an educational facility, we recommend hardening the database server and review the web applications that tie to student data.
8. Hijacked Firmware Attacks the Internet of Things:
When a hacker hijacks a computer, making sure malicious code stays on the device is the plan. However, hijacking the Internet of Things (IoT) is a different story. Most IoT devices don’t have local storage and have few resources, so getting code to stick involves modifying the firmware. Next year, we expect to see proof-of-concept attacks that permanently modify and hijack the firmware of IoT devices. In response, we expect to see vendors start to harden security for IoT devices by implementing secure boot mechanisms that make it more difficult for attackers to modify firmware. We recommend vendors get in front of this learning curve.
9. Wireless “Ease-of-Use” Features Expose the Next Big Wireless Flaw:
The next big wireless security vulnerability will involve “ease-of-use” features that clash with real world security. For example, the Wi-Fi Protected Setup (WPS) is one such usability feature, which exposed a weakness allowing attackers onto wireless networks. This year, vendors are adding new wireless usability features, such as Microsoft’s Wi-Fi Sense. We expect the next wireless vulnerability to involve an ease of use feature that enables users, and hackers, to easily join a wireless network.
10. Hacktivists Hijack Broadcast Media:
Unlike cyber criminals, who stay under the radar, hacktivists like to communicate big stories designed to get public attention. The whole point of “cyber” activism is to use technology to get as many people as possible to notice your message, whatever it may be. Anonymous is a great example of this with well-known videos. Next year, we predict hacktivists will do something big that broadcasts their revolution to the world live.