It’s the time of year when experts look ahead to the following year and try to help CISOs with a little insight. Well, predictions are risky, especially when it comes to cyber security and Intel’s McAfee Labs is willing to roll the dice with its 2017 threat predictions report.
First the good news: With any luck, the threat of ransomware will start to decline seven months from now. Why? Because its growing impact “will force the security industry to take decisive actions. We predict that initiatives like the No More Ransom! collaboration (a site with a collection of decryption tools), the development and release of antiransomware technologies, and continued law enforcement actions will reduce the volume and effectiveness of ransomware attacks by the end of 2017.”
Still, McAfee researchers warn that criminals will look at using ransomware to hold industrial Internet of Things devices and networks — in factories, utilities and hospitals — for ransom.
–Thanks to a number of U.S. initiatives, including legislation legalizing the sharing of U.S. government threat information with the private sector there and the creation of the Information Sharing and Analysis Organization, 2017 will be the year in which threat intelligence sharing “makes its most significant strides,” says the report — at least in the U.S.
The bad news: Well, it’s security so there’s lots of it:
–The Internet of Things will continue to be leveraged for a range of attacks. The rush to bring consumer IoT products to market is so fast and furious that home IoT device makers code will continue to thrown together code with minimal testing, relying on after-release patches to correct bugs. Criminals will take advantage by releasing to unsuspecting manufacturers malicious code hiding in widely used HTML, network or camera libraries or directly embedded in devices.
The report doesn’t say so explicitly, but this suggests distributed denial of service (DDoS) attacks will only be enhanced.
McAfee does predict that because one cloud can contain many tenants there will be increased incentive by attackers to mount denial-of-service attacks against cloud service providers.
–“Passwords, and the people who create and use them, will remain the biggest weakness throughout most technologies for the foreseeable future,” says the report — and cloud authentication is no different and represents a much bigger payoff for thieves. Attackers, some of them very patient and sophisticated, will mine social networks, previously stolen passwords, and other personally identifiable info to steal credentials, especially focusing on cloud administration credentials. “Expect an increase in targeted credential theft and brute-force attacks against administrator accounts, and pay close attention to administrator account activity.”
–Mobile ransomware will continue to grow but the focus of mobile malware authors will change. Because mobile devices are usually backed up to the cloud, the success of direct ransom payments to unlock devices is often limited. Because of that, McAfee predicts mobile malware authors will combine mobile device locks with other forms of attack such as credential theft. For example, researchers have seem this year how malware families such as Android/Svpeng, identified by the security industry as mobile ransomware, are now mutating to target banking credentials, looking to steal money from victims’ accounts. “We believe in 2017 banking Trojans will reappear and they will come from ransomware authors. This malware will combine mobile device locks and other ransomware features with traditional man-in-the-middle attacks to steal primary and secondary authentication factors, allowing attackers to access banks accounts and credit cards.”
–Advanced adversaries such as nation-state attackers will continue to look for vulnerabilities in hardware and firmware that they can exploit. These groups have the ability to exploit systems whose firmware is based on legacy BIOS or (U)EFI as well as firmware on other types of devices such as solid-state drives, network cards, and Wi-Fi device.
Some of these advanced exploits will likely appear in common malware attacks. In 2017, we will see malware using bootkit components that attack UEFI-based operating system boot loaders or even install firmware rootkit components; firmware attacks that compromise virtualization-based trusted execution environments such as VBS in Windows 10; and ransomware infecting early stages of operating system boots, including boot loaders and firmware.
–Machine learning is spreading to an increasing number of enterprise applications. Criminals are adopting it, too, McAfee suspects, as they research and select targets for business executive scams. Maybe, report authors speculate, someone will offer a “Target Acquisition as a Service” built on machine learning algorithms. At the very least machine learning tools will help increase social engineering attacks.
–Prepared to protect the perimeter? Well, that better include the roof. “Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home, business, or critical infrastructure facility and attempt to hack into the local wireless network,” says the report.