2017 infosecurity predictions

  With cyber attacks ranging from Yahoo! to the Democratic National Committee and the rise of ransomware to the Shadow Brokers, 2016 was an exciting year for the cyber security community, according to RiskIQ.

However, we expect 2017 to provide a very different digital threat landscape than years past. With shifting trends such as the internet of things (IoT), new business and operational models, and organisations using digital channels more than ever before, threat actors are bound to wield brand new threat vectors during the upcoming year. As a security professional, here are some of the trends you need to watch out for.

2017 #Infosec Predictions List
1. Phishing will conquer new territory
Our stats show it, and so does everyone else’s: as zero-days and trivial host exploits get harder to pull off, threat actors are reverting to forms of attack that are unsophisticated and primitive—but have proven to be highly effective. That's why phishing is rising in popularity and traditional email and web phishing, spear phishing, and whaling (Business Email Compromise or BEC) all usually share many of the same simple root causes: domain infringement and content, branding, and keyword impersonation.
Phishers are also starting to conquer new ground. We are now seeing a hard pivot by phishers into leveraging social media, and in 2017, this trend will grow exponentially—especially with social networks adding online marketplaces (Facebook) and payment gateways. At RiskIQ, we've been seeing threat actors leverage fake mobile apps for quite some time, but in 2015, we saw a rise in phishers moving to social media in the U.S., primarily targeting banks and major brands with a significant social media sentiment following. And, in early 2016, we detected some of the first phishing attacks via social media targeting in other countries, such as Japan.
2. IoT will increase as a new attack vector—but not how you think
People have sounded the IoT alarm for years now, but threat actors have only exploited IoT in DDoS attacks, like the one we saw targeting Dyn late in 2016. This attack crippled internet traffic across over half the continental U.S. and many other parts of the world. Many will predict that in 2017, IoT will be leveraged in more sophisticated attacks such as ransomware and data leaks, but for the most part, we'll continue to see the same kind of attacks we saw in 2016.
Why? It’s true that IoT will continue to standardise operating systems around Android & Linux variants, eventually making it easier to write broad-scale attack/exploit code. But for now, IoT operating systems and embedded systems are still too fragmented. You cannot write a worm that can exploit almost every Windows Desktop, SQL Server, Exchange Server, or Office/Outlook client with the same exploit.
3. Threat actors will find a new way in
As endpoints get harder to compromise, adversaries such as nation-states, hacktivists, and cyber criminals will ramp up the number of external threats hurled against organisations. Therefore, most of the incidents that will lead to data breaches will come from external sources, especially in digital channels like social, mobile, email, and the cloud, where many digital assets are unknown (and thus unmanaged) by the organisations that are responsible for them.
4. How will the cat and mouse game will evolve? Data.
Threat actors are getting more sophisticated at hiding their tracks—they anonymise their infrastructure and are improving at detecting and hiding from security scanners and crawlers that detect attacks via websites and ads. Hunt teams will need to deploy increasingly modern sophisticated technology to detect them in the form of new combined internet datasets—such as linking together related hosts, third-party web components, and WHOIS information—that fingerprint and track these new threat actor tactics.
5. Your biggest vulnerability may have nothing to do with you
Like they say, if you can’t beat ‘em, target a third-party component that’s part of their infrastructure. Now that Microsoft Windows and Office aren’t the easiest common denominator to exploit, threat actors will move towards other shared components and infrastructure that give them a “many-to-one” advantage, i.e., pieces that plug into many different organisations at the same time.
For example, Content delivery networks (CDNs) like Wordpress are a big target. If a threat actor accesses one, they also access thousands of websites. Additionally, if a marketing partner like Eloqua and Marketo are compromised, a threat actor gains access to data from thousands of customer campaigns as well as thousands of corporate websites that use plugins from these services.
6. Keyloggers might steal your credit card info
Because modern vulnerability scanners don’t detect embedded attacks in progress, threat actors will get even sneakier. To avoid detection, they will launch attacks that rewrite the document object model (DOM) of page using keyloggers, which is spyware that can record every keystroke made to log a file. That means when you're punching your credit card info into a compromised eCommerce site, it falls right into the hacker's hands.
7. Modern threat actors move fast. Seconds will count more than ever
We are increasingly hearing of attack campaigns from instances of domain infringement used for phishing and malware campaigns that go live the day the account is created and only last for a few hours. The speed at which these attacks appear and vanish make them unsolvable by human analysts. That means companies need automation that can quickly and accurately detect these attacks, and push them into global blocking solutions in minutes—if not seconds—to get ahead of them.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the attackers, the board a decade behind security discussions and regulation needing more industry input.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that the UK’s Mid-Market IT Leadership expects to see a shortfall in IT spend in 2022. While 52% of IT decision-makers believe their 2021 budget met the ambitions of their team, there seems to be less certainty and confidence about future finances — 61% think their budget will need to increase in 2022, but only 13% expect it to.
Atos has launched Atos OneCloud Sovereign Shield, a set of solutions, methodologies, and operational cloud services that is unique on the market, enabling clients across the world to meet the challenges of managing their data in the edge to cloud continuum, in line with the highest jurisdictional data governance requirements. Part of the Atos' OneCloud initiative, Atos OneCloud Sovereign Shield is a comprehensive edge to cloud platform ecosystem and highly secure service that improves the level of control clients have over the data they produce and exchange, helping them regain control and effectively deal with legal dependencies.
New distribution agreement set to bolster Westcon-Comstor’s Zero Trust offering in more markets across Europe with further expansion into APAC planned.
Research from Avast has found that employees in almost a third (31%) of Small and Medium Businesses (SMBs) in the UK are connecting to the corporate network using personal devices that do not have any security controls in place, according to IT Decision Makers (ITDMs) within SMBs.
This year, over half of MSPs or their end customers have been attacked by ransomware but only 53% offer backup services.
Trend Micro has published new research revealing that 90% of IT decision makers claim their business would be willing to compromise on cybersecurity in favor of digital transformation, productivity, or other goals. Additionally, 82% have felt pressured to downplay the severity of cyber risks to their board.
Cyber consultants call on businesses to act now, or risk budgets shrinking further in ‘real terms’ during 2022 – leading to increased cyber vulnerability.