Ranging from data breaches, personal identifiable inforation (PII) theft and alleged hacking of party officials during the US elections, 2016 saw a vast number of cyber attacks. We look back at them and see how those attacks will play out in 2017.
Personal Device Attacks
2016 saw the highest number of hijacks on home devices including personal computers, CCTVs and even baby monitors. Once an attacker owns or is in control of a home device, panic usually ensues the minds of those who have been compromised, hence the willingness of attackers to succeed using this method. We shall see what the future holds in terms of security for these household devices.
Ransomware emails have been doing the rounds for a while now, but as time goes by these pesky pests become ever more cunning, and surprisingly realistic. Even the trained eye cannot obviously spot the flaws of a fake/phishing email so what more the innocent general public who will casually click onto an email thinking it’s from their postal provider and 30 seconds later be hit with a demand from hackers to pay up thousands of dollars to get back their files. We hope in 2017 there will be measures to expose a fake email from a real email before they even reach our inboxes.
Destructive DDoS IOT attacks
Following on from personal device attacks, 2016 saw a large amount of attacks on IoT devices containing outdated code. Two reasons for outdated codes include poorly maintained operating systems and applications which contain well-known vulnerabilities These attacks are looking to rise in 2017.
More encryption = more difficult for security products to inspect traffic, making it easier for pesky attackers to seep through undetected. Cyber criminals come up with creative ways to use this to their advantage and there will be no doubt that this will carry through to 2017.
Physical hardware has been the victim of exploits which leaves cloud systems vulnerable to attacks. We have seen recent hacks to Apple’s iCloud, with several celebrities having their private photos leaked on the Internet. Attackers attack by abusing the host or guests running on a shared host, attack privilege models, and access data. We see this trend to increase in 2017.
Macro-Sized Fake/Phishing Emails
2016 saw some heavy cyber attacks on Financial infrastructure. Again, attackers tricked employees to pay fraudsters substantial amounts. Similar to fake/phishing emails, this on the hand gives them a bigger payout – which was the case back in February 2016 when fraudsters managed to get $81 Million from Bangladesh Central Bank.
More attacks using built-in admin languages and tools
We see more exploits based on PowerShell, Microsoft’s language for automating administrative tasks. As a scripting language, PowerShell evades countermeasures focused on executables. We also see more attacks using penetration testing and other administrative tools that may already exist on the network, need not be infiltrated, and may not be suspected. These powerful tools require equally strong controls.
Soft Society Attacks
Disinformation is something everyone must be weary of in this day in age. With news articles being easily accessible at the palm of our hands, it is essential the public does not believe everything they read. 2016 was certainly a time of heavy disinformation – as the media strives to get news published before anyone else, often or not, quality is compromised and the public are misled to believing something which isn’t accurate. Much worse is complete fabrication of news – we see this often in social media, a click-bait headline will draw in the click and you may be taken to a website full of ads and/or a website which automatically downloads malware onto your computer. We don’t see an end to these in the near future but there’s a good sign that Facebook have recently been taking an active role in eradicating “fake” news from their platform.
Getting into a bit more detail from the previous point, malvertising spreads malware through online ad networks and web pages. It’s been around for years but in 2016 we have seen our fair share of it. Click Fraudsters steal information from users who click on the fake adverts, especially if they are signed into social media using the same browser.
Evolution of Ransomware
Cyber criminals have been putting their heads together to invent more ways of spreading their viruses across the Internet. In 2016 we have seen an evolution in ransomware – malware which reinfects long after the ransom has been paid, malware which uses built-in tools on your device to avoid detection, malware which requires you to share the malware with friends before you can be freed, and even malware which have long been neglected by their producers and once infected users have no way of paying the ransom because payment gateways no longer work.
The thought of these hacks leaves a bitter taste for all of us. IT security is a game of cat and mouse, to ensure that your IT safety is second to none, contact us for a FREE audit of your current IT security practices and let your safety be our number one priority.