However, we expect 2017 to provide a very different digital threat landscape than years past. With shifting trends such as the internet of things (IoT), new business and operational models, and organisations using digital channels more than ever before, threat actors are bound to wield brand new threat vectors during the upcoming year. As a security professional, here are some of the trends you need to watch out for.
2017 #Infosec Predictions List
1. Phishing will conquer new territory
Our stats show it, and so does everyone else’s: as zero-days and trivial host exploits get harder to pull off, threat actors are reverting to forms of attack that are unsophisticated and primitive—but have proven to be highly effective. That's why phishing is rising in popularity and traditional email and web phishing, spear phishing, and whaling (Business Email Compromise or BEC) all usually share many of the same simple root causes: domain infringement and content, branding, and keyword impersonation.
Phishers are also starting to conquer new ground. We are now seeing a hard pivot by phishers into leveraging social media, and in 2017, this trend will grow exponentially—especially with social networks adding online marketplaces (Facebook) and payment gateways. At RiskIQ, we've been seeing threat actors leverage fake mobile apps for quite some time, but in 2015, we saw a rise in phishers moving to social media in the U.S., primarily targeting banks and major brands with a significant social media sentiment following. And, in early 2016, we detected some of the first phishing attacks via social media targeting in other countries, such as Japan.
2. IoT will increase as a new attack vector—but not how you think
People have sounded the IoT alarm for years now, but threat actors have only exploited IoT in DDoS attacks, like the one we saw targeting Dyn late in 2016. This attack crippled internet traffic across over half the continental U.S. and many other parts of the world. Many will predict that in 2017, IoT will be leveraged in more sophisticated attacks such as ransomware and data leaks, but for the most part, we'll continue to see the same kind of attacks we saw in 2016.
Why? It’s true that IoT will continue to standardise operating systems around Android & Linux variants, eventually making it easier to write broad-scale attack/exploit code. But for now, IoT operating systems and embedded systems are still too fragmented. You cannot write a worm that can exploit almost every Windows Desktop, SQL Server, Exchange Server, or Office/Outlook client with the same exploit.
3. Threat actors will find a new way in
As endpoints get harder to compromise, adversaries such as nation-states, hacktivists, and cyber criminals will ramp up the number of external threats hurled against organisations. Therefore, most of the incidents that will lead to data breaches will come from external sources, especially in digital channels like social, mobile, email, and the cloud, where many digital assets are unknown (and thus unmanaged) by the organisations that are responsible for them.
4. How will the cat and mouse game will evolve? Data.
Threat actors are getting more sophisticated at hiding their tracks—they anonymise their infrastructure and are improving at detecting and hiding from security scanners and crawlers that detect attacks via websites and ads. Hunt teams will need to deploy increasingly modern sophisticated technology to detect them in the form of new combined internet datasets—such as linking together related hosts, third-party web components, and WHOIS information—that fingerprint and track these new threat actor tactics.
5. Your biggest vulnerability may have nothing to do with you
Like they say, if you can’t beat ‘em, target a third-party component that’s part of their infrastructure. Now that Microsoft Windows and Office aren’t the easiest common denominator to exploit, threat actors will move towards other shared components and infrastructure that give them a “many-to-one” advantage, i.e., pieces that plug into many different organisations at the same time.
For example, Content delivery networks (CDNs) like Wordpress are a big target. If a threat actor accesses one, they also access thousands of websites. Additionally, if a marketing partner like Eloqua and Marketo are compromised, a threat actor gains access to data from thousands of customer campaigns as well as thousands of corporate websites that use plugins from these services.
6. Keyloggers might steal your credit card info
Because modern vulnerability scanners don’t detect embedded attacks in progress, threat actors will get even sneakier. To avoid detection, they will launch attacks that rewrite the document object model (DOM) of page using keyloggers, which is spyware that can record every keystroke made to log a file. That means when you're punching your credit card info into a compromised eCommerce site, it falls right into the hacker's hands.
7. Modern threat actors move fast. Seconds will count more than ever
We are increasingly hearing of attack campaigns from instances of domain infringement used for phishing and malware campaigns that go live the day the account is created and only last for a few hours. The speed at which these attacks appear and vanish make them unsolvable by human analysts. That means companies need automation that can quickly and accurately detect these attacks, and push them into global blocking solutions in minutes—if not seconds—to get ahead of them.