Total panic grips the world as it witnesses the complete meltdown of the global financial market, caused by a brutal cyber attack of unimaginable proportions. What sounds like the plot of a novel set in a far off, dystopian future is actually what cybersecurity experts predict is in store for 2017.
“In 2017, we’re going to see it hit big sometime, somewhere. If the internet goes down, financial markets will tank,” said James Carder, CIO of LogRythm, in an interview with Business Insider.
According to Carder, 2016 had all the signs that cyber criminals were, “testing missiles by shooting them into the ocean.” In particular, he pointed to the brutal DDoS attack in October that impacted the East Coast of the United States.
“We saw the massive DDoS (distributed denial of service) attack against DynDNS just a couple of months ago. That DDoS attack took down sites like Twitter and Spotify for a few hours. We saw a similar DDoS hit Brian Krebs before the attack against Dyn. These were really just tests,” Carder said.
Tests for what? Carder believes that since cyber criminals have demonstrated they can successfully disrupt a large swath of the US internet, they will now focus on grander objectives, such as shutting down world-wide internet access for 24-hours. This would have a devastating impact on the global financial market. Could it happen? Yes. Will it happen? We’ll have to wait and see.
In addition to larger DDoS attacks, cybersecurity experts warn that 2017 will see a number of other frightening ways in which hackers will continue to evolve and exploit the lack of any true cybersecurity / IoT security solution.
“In 2017, we’re going to see it hit big sometime, somewhere. If the internet goes down, financial markets will tank.”
James Carder – CIO of LogRythm
CYBERSECURITY PREDICTIONS FOR 2017
The IoT Security Void Will be Further Exploited
The Internet of Things is experiencing rapid acceleration, connecting everything from security cameras, to cars and medical devices. According to Gartner, there will be an estimated 34 billion devices connected to the IoT by 2020.
Unfortunately, this immense industry lacks a basic IoT security solution and cybersecurity experts warn there are a host of ways in which so many poorly secured devices pose a serious risk to life and property.
Using IoT Devices to Unleash Larger DDoS Attacks
In order to launch a DDoS attack, hackers create a botnet. In the past, a botnet or large private army, would be conscripted by infecting multiple computers with malicious software. These compromised computers would then be used to bombard DNS servers (today’s modern switch board operators) with garbage data. When a DNS server becomes overwhelmed, it can’t handle the torrent of incoming connections and eventually the internet slows down or even shuts down.
With the rapid expansion of the IoT, hackers have been given much more power. No longer are they limited to infecting personal computers when amassing an army. With the insecure IoT, hackers can now infect billions of connected devices, recruiting armies of a massive scale and inflicting ever larger DDoS attacks on their victims.
Using IoT Devices to Gather Personal Data
In 2017, hackers are also expected to ramp up their exploitation of the IoT security void to steal personal data from individuals.
“IoT is the weakest link into the home, and thousands of consumers are going to find their accounts compromised and their bank accounts pilfered just because they thought it would be fun to automatically dim the lights in their bedroom,” said Phil Dunkelberger, CEO of Nok Nok Labs in an interview with Beta news.
And, it isn’t just individuals that will be confronted with this growing threat. Institutions, such as hospitals, could fall prey to the same tactics, with perhaps even more disastrous consequences. Hackers are ramping up their assault on IoT connected medical devices, such as MRI machines and dialysis pumps, creating backdoors that can be used to steal private patient data. Cyber criminals see these devices as easy targets since they are rarely protected with the same security as the computers and servers inside the hospitals.
TrapX Labs reports that the lack of cyber defenses on clinical IoT medical equipment was linked to a comeback of ancient malware such the infamous Conficker worm. The report also states that since hospitals are relying on unprotected IoT connected devices running Windows XP or unpatched versions of Windows 7 and 8 they are particularly susceptible to the revival of these worms.
“These old worms such as Conficker are being used in tandem with much more sophisticated payloads that are able to go deeper into a hospital network and target specific devices that can gain criminals easier access to patient records,” said Moshe Ben-Simon, co-founder of Trapx Labs in an interview with Threat Post.
Using IoT Devices to Cause Physical Harm
For years now, cybersecurity experts have sounded the alarm when it comes the increasing level of physical threat caused by the proliferation of unprotected IoT connected devices.
“Most of these IoT devices are connected to, or directly control, physical objects – an elevator or heating system, for example. Therefore a breach doesn’t just represent a traditional loss of data with resulting fines, but a physical attack that might involve human casualties or fatalities,” said Cesare Garlati, Chief Security Strategist for the prpl Foundation in an interview with Computer Weekly.
Derek McAuley, professor of digital economy at the University of Nottingham in the UK and director of the Horizon Research Institute, echoes those same concerns saying, “The danger to life is significant, which is why the security services at home and abroad are putting so much focus on cyber defense at the moment. As the technology is more widely deployed, cyber attacks could take out significant chunks of the economy. We used to think in terms of defending power plants, power lines and so on, but actually if hackers take control of all the smart meters within a 100-mile radius of Cambridge, for instance, it could cause as much damage as bombing a power station.”
“Most of these IoT devices are connected to, or directly control, physical objects – an elevator or heating system, for example. Therefore a breach doesn’t just represent a traditional loss of data with resulting fines, but a physical attack that might involve human casualties or fatalities.”
Cesare Garlati – Chief Security Strategist for the prpl Foundation
Cybersecurity Experts Say Ransomware Attacks Will Get Bigger
Ransomware is already a billion dollar business and, based on past success, hackers are highly motivated to invest more resources in new techniques, causing greater disruption and focusing on even larger targets like big banks and central financial institutions.
“The proliferation of ransomware families and the success attackers have had in compromising systems makes it highly likely these types of attacks will continue in 2017,” said Alexander Hanel, a security researcher at SecureWorks in an interview with Computer Weekly.
This prediction is bolstered by Kaspersky Lab’s IT Threat Evolution in Q1 2016 report, which states that ransomware attacks are increasing, with the number of victims up by 30 percent vs. the previous quarter. Additionally, Kaspersky Lab reports that security experts detected 2,900 new ransomware malware modifications between January and March of 2016, for an increase of 14 percent.
One reason for this surge is that the ransomware as a service (Raas) model is making it extremely easy for hackers to infect an organization with ransomware. The Raas model provides automatically generated executables for anyone looking to get rich by infecting others.
As far as the targets of ransomware attacks, experts believe that organizations, as opposed to individuals, have more to fear. “Compromising corporate environments through targeted attacks allows the attackers to request more money than they would receive from a typical user. That makes enterprise targets more attractive,” said Hanel.
For a final look in the crystal ball – cybersecurity experts believe that ransomware attacks could evolve from being a purely financially-driven crime into attempts to influence strategic outcomes. There is a great possibility that attacks directed toward critical infrastructure or organizations could be used to influence policy or business decisions.
“The proliferation of ransomware families and the success attackers have had in compromising systems makes it highly likely these types of attacks will continue in 2017.”
Alexander Hanel – security researcher at SecureWorks
Internal Cyber Threats Will Wreak More Havoc
Cybersecurity experts are saying “Outlook Not So Good” when it comes to insider threats, predicting that issues caused by both negligent and malicious employees will become more widespread in 2017.
In particular, experts warn that untrained staff will continue to fall victim to various social engineering schemes, phishing attacks and email spoofs, such as CEO fraud.
When it comes to phishing scams, there is a reason they won’t be disappearing anytime in the near future; they offer the potential for a sizeable payday while requiring minimal effort. Additionally, they continue to lure people in. In fact, many of the largest and most damaging attacks started with a phishing scam:
- John Podesta (Clinton’s Campaign Chair)
- Colin Powell
- Sony Pictures
- JP Morgan
In November, at the Financial Crimes and Cybersecurity Symposium held in New York, Secretary of Homeland Security Jeh Johnson stated that his department views phishing email as the greatest threat. “The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing,” he said.
Phishing emails aren’t new, cybercriminals have been relying on them to cause trouble for nearly 30 years. What is new is that hackers are increasingly using phishing emails as a vehicle to distribute ransomware, whereas in the past hackers were simply seeking credentials. In an interview with Forbes, Aaron Higbee, CTO of PhishMe, said, “more than 97 percent of phishing emails analyzed now contain ransomware.”
This prophecy of doom and gloom doesn’t have to become your organization’s reality. If you are looking to secure your company’s IoT connected devices while gaining protection against ransomware, phishing attacks and insider threats, contact us today.