New challenges will arise in 2017. Ransomware will branch out into different variants and become harder to prevent as well planned attackers become smarter. Non-desktop devices such as mobile devices and iwatches will become a larger focus for hackers. Adobe, Apple & Business Email softwares have all been looked at as possible targets for attacks in the next year. Here are a few of our predictions for 2017:
Ransomware growth will slow, but but the methods and targets will diversify. Ransomware has proven to be a cash cow for cybercriminals because of their many unpredictable delivery methods and unbreakable encryptions. Although 2016 saw a tipping point for ransomware, new targets and new variants will push cybercriminals to diversify and work harder to steal business data. While there is nothing that can protect potential targets from ransomware attacks 100% of the time, it is best to block the threat at its source, via Web or email gateway solutions.
Passwords & credentials get a major reboot. Many businesses have learned the hard way that it’s no longer acceptable to have simple, common or outdated passwords. In 2017, better password management services will gain traction as businesses understand how vulnerable they are.
We predict that cybercriminals will use Mirai-like malware in DDoS attacks. Webcams that people didn’t think twice about securing became the stronghold for the Mirai DDoS (Distributed Denial of Service) attacks that took down major websites in 2016. Unfortunately, we also predict that vendors will not react in time to prevent these attacks from happening in 2017.
Hackers will target the credentials of privileged users like IT professionals, CEOs and vendors. While organizations have applied security to applications and data that are most critical to their business, these preventative measures simply aren't enough anymore. In 2017, savvy organizations will finally get serious about protecting not just systems, but privileged users by identifying them, monitoring their access and closing off access to what they don't need. This is never a problem for cat-man-du or our staff.
Business Email Compromise becomes a simple and very attractive mode of attack. BEC is about hacking an email account or tricking an employee to transfer funds over to a cybercriminal’s account. There is nothing special about the attack, except perhaps the research required to gain insights into the best way to create a believable email. BEC is especially hard to detect because these emails do not contain malicious payloads or binaries, but enterprises should be able to block these threats at the source using Web and email gateway solutions.
We predict that more software flaws will be discovered in Adobe & Apple products. Microsoft had many vulnerabilities revealed in 2016, but that number will be surpassed by Adobe & Apple in 2017 disclosed through the Zero-Day Initiative (ZDI). These vulnerabilities will allow hackers to create more exploit kits, which is a template for certain ransomware that allows cybercriminals to create their own brand of ransomware. Vulnerability shielding is the only way to proactively and reliably protect against these vulnerabilities when using popular software by Adobe & Apple.
These 2017 predictions challenge endpoint security, a security approach combining proven threat-detection techniques for known and unknown threats with advanced protection techniques such as application control, exploit prevention and behavioral analysis, sandbox detection, and high-fidelity machine learning. Training employees & hiring a reliable Business Technology team such as our own can contribute to the security culture needed to fortify a business’ defenses for 2017 and beyond.