As we greet another new year, we must remain vigilant in our fight against hackers and cyber criminals. Today’s sophisticated threats can have devastating effects on businesses, and they are only getting worse. In this post, I have outlined three cyber security trends that we foresee becoming major news in 2017. I would love to hear your thoughts on them.
Internet of Thing (IoT) Breaches
I suspect we will see a huge increase in breaches involving insecure IoT devices like security cameras, network printers, climate control devices, etc. In 2016, a hacker discovered vulnerabilities in a specific type of IoT camera that allowed him to simultaneously send millions of HTTP requests to the web site of security expert Brian Krebs. This DDoS attack was fairly innocuous, but think about the wider implications: what is stopping a clever hacker from infiltrating an IoT camera within a corporate network, and then making a lateral move to the company’s database? This is very similar to what happened in the 2013 Target breach, when a cyber criminal hacked the system responsible for monitoring the company’s air conditioning, and then moved from there to the customer database.
New Hacking Target: Internet Browsers
Let’s face it: the Internet browser is essentially an operating system today. Whether you’re using Windows, Mac OS or Linux, you probably spend most of your time in the browser – writing on Google Docs, chatting on Google Hangouts, checking your webmail and more. In 2017, we will see hackers targeting this frighteningly large attack surface. And once they find vulnerabilities in Chrome, Firefox or another browser, they’ll have access to everybody who uses that browser.
I believe that ransomware will merge with information-stealing malware in 2017. Although ransomware enables hackers to make money rapidly, it is basically ineffective in cases where the potential victim has backup files. However, if the ransomware is able to steal the information before encrypting the device, backup files are no help because the hacker can threaten to leak all of the victim’s private data. Imagine a hacker using malware to exfiltrate hospital patient information before encrypting it; the results could be catastrophic.
I also think we will start seeing hackers attack corporate networks with ransomware. Currently, this is rare, because information-stealing malware is so much more effective. However, as SMBs increasingly move their files to the cloud with no backups or recovery plan, ransomware that specifically targets their databases could cause significant downtime and have a tremendous impact on cloud providers and cloud infrastructures.
Happy New Year!