Top 10 CyberSecurity Predictions for 2017
What Security Threats To Expect in 2017?
Cybersecurity is becoming more important with each passing day as the Internet of Things (IoT) landscape takes shape and more cyberattacks are reported. Norton put out a list of what it thinks will occur in regards to cybersecurity in 2017, which will be considered below.
1. Data Breaches Are Happening In Nearly Every Industry
Happening virtually every month, if not every week, a new data breach occurred. High-tech companies such as Google, Dropbox, LinkedIn, and Yahoo were affected in 2016, compromising 1 million Google accounts, 117 million LinkedIn user credentials, 68 million Dropbox credentials, and 1.5 billion Yahoo users. However, retail companies have been finding malware on their Point of Sale (POS) terminals, leading to the compromise of many consumers’ credit cards and PIN codes. Even the White House was breached with spyware/malware.
2. The First Major IoT Attack Will Occur
In 2016, the first cyberattack involving IoT devices, specifically DVRs and Webcams, occurred. This cyberattack was known as the Mirai Botnet, a Distributed Denial of Service (DdoS) attack where massive amounts of traffic were sent to various websites, bringing them down simultaneously. This occurred first in the United States, then in Germany. IoT devices, like computers, mobile devices and wireless routers, have default usernames and passwords- thus, they were also affected by this malware. Being that IoT devices are only growing in popularity, it’s likely that a malware program specifically targeting IoT devices is in the works.
3. Apple Is More Vulnerable Than Originally Thought
It was originally thought that Apple’s iOS mobile system was much more secure than Google’s Android mobile system, making it almost impervious to any attack targeting Android. However, 2016 revealed that Apple’s iOS also has hidden dangers that can compromise iOS users, including dangers that affect Android and Windows mobile users. Cybercriminals were able to get fake shopping apps into Apple’s App Store just before the holiday season by uploading clean apps originally so Apple would approve them, then updating the apps with malware afterwards. Many iOS users were affected before Apple took them down.
Apple’s MacOS also came under a ransomware attack in 2016, as did Apple’s AirPort Routers. All of these attacks on Apple’s devices are likely only the beginning, as cybercriminals know that Apple products are actually vulnerable and many Apple users still think their operating system is invulnerable to malware and viruses.
4. Android Still As Vulnerable As Ever
While Apple was shown to be more vulnerable than in the past, Android is still just as vulnerable as before, with no slowdown in attacks on Android users. There were plenty of bad apps in the Google Play Store, along with botnets and mobile ransomware affecting Android mobile device users. Clickjacking (malicious links under legitimate content) and malvertising (malicious advertising) will likely be on the rise after being used effectively to successfully infect many Android devices in 2016.
5. Software Vulnerabilities Are Helping Malware Become More Prevalent
Many major software programs continue to show vulnerabilities that cybercriminals are taking advantage of to install malware on unsuspecting users’ systems and mobile systems. There were six major vulnerabilities in 2016, including one involving Adobe that required a patch to fix 25 flaws in its software. Software companies, including Apple, are having to release patch updates a few times a month or even weekly to combat the growing malware attacks. Expect this trend to continue, especially with IoT devices becoming more prevalent in homes and businesses.
6. Ransomware Is Becoming a More Common Attack
Ransomware first came on the scene in 2013, but the frequency of these attacks is growing. Worse, in 2016, new forms of ransomware came to light, including the Jigsaw ransomware. Like most ransomware, it will encrypt a user’s files and demand a ransom, but the new feature is that it will only delete a set number of files after 24 hours, then a higher number after 48 hours, then a higher number after 72 hours, until the ransom is paid. If the Jigsaw ransomware is tampered with in an attempt to remove it, as many as 1,000 files are instantly deleted as a form of punishment for tampering with it. This type of attack is growing in popularity on all platforms: Windows, Macs, Android, iOS.
7. Malvertising and Drive-By-Download Attacks is on the Rise
Drive-by-downloads involve a user visiting an infected Web page, which leads to the download of an exploit kit. The exploit kit will look for a vulnerability in the user’s browser software and place malware into that security hole, making the user vulnerable to attack. Of the many websites using this attack in 2016, 75% were located in the U.S.
Malvertising, as mentioned, is malicious advertising that uses legitimate online advertising networks to spread malware. It is often used to spread crypto-ransomware, a type of malware that will lock up a computer and all its files, forcing the user to pay a ransom within a specific time period or risk losing every file on the computer. These attacks were reported on more and more in 2016 and show no signs of slowing down or stopping in 2017.
8. Man in the Middle (MitM) Attacks Grow Because of More Public Wi-Fi Networks
Thanks to the proliferation of weakly-secured public Wi-Fi networks, many cybercriminals will use special code to look for weaknesses in these networks, then insert themselves through the vulnerability and between the users’ computers/mobile devices and the sites they visit to capture data transmitted between the two endpoints. With more places offering public Wi-Fi, these attacks are likely to continue growing in number in 2017.
9. Social Media and Fake News Lead to More Victims
Thanks to the proliferation of social media and the enticement of news stories, scammers will get social media users to click on a sensational news story (that’s often false) in order to be able to access the user’s system and install malware on it. Oftentimes, the scammer will display a link to the user, then notifies the user that a plugin needs to be downloaded in order to view the video of the news story. The user is then compromised with malware that can steal his/her identity, financial assets, and more. The popularity of social media and fake news in 2017 will likely lead to more of these attacks.
10. Tax Documents Will Continue to Be a Prime Target for Cybercriminals
More news reports of tax fraud occurring happened in 2016. With the growing popularity in e-filing and using tax filing software such as TurboTax, cybercriminals will continue to target access to tax documents via phishing emails that mimic the Internal Revenue Service (IRS) and services such as TurboTax to give up key information that will allow cybercriminals to request tax refunds in the consumer’s name and to steal his/her identity to gain access to his/her financial assets. For tips on how to stay "tax safe," read our blog post Stay Safe This Tax Season – Cybersecurity Tips.
Norton suggests that these ten cybersecurity predictions will occur in 2017, especially with the continued proliferation of mobile devices, IoT devices, and almost universal Internet access. Being on the lookout for malware and phishing emails, as well as keeping one’s security software programs/apps up-to-date, is key to not becoming a victim to these 2017 cybersecurity predictions.