New year, same threat of cyber attacks

Sophos has put together some of the top thoughts on how cybersecurity trends will play out throughout 2017.

As 2017 gets underway, New Year’s resolutions are still in full-force. However, one thing that is unlikely to change this year is the massive number and variety of cyberattacks – which is set to continue to grow. From high-profile DDoS attacks to hacks with a political motive, such as the alleged hacking during the US election, the range and scale of these types of cyberattacks, on organisations big and small, will continue to cause significant losses of people's personal and professional information, as well as to exploit security vulnerabilities in homes and companies across the world.  

Here at Sophos we've put together some of our top thoughts on how these cybersecurity trends will play out throughout 2017. 

Ransomware evolves

With ransomware dominating the headlines, more users, whether in a personal or professional setting, are starting to recognise the risks of ransomware attacks via email. Therefore, cybercriminals are looking for new ways to exploit vulnerabilities – within the users and the computers themselves.  

Some cybercriminals are starting to use built-in tools that contain no executable malware to avoid detection by endpoint software codes that focus on executable files. Others are experimenting with malware that re-infects later, long after the ransom is paid. We have recently seen unique examples which offer to decrypt the files after the victim shares the malicious code with two other users, and they pay the ransom.  

On the flip side of these new innovative ways, creators of ransomware exploits are also going back to basics. Using old techniques other than encryption, such as deleting or corrupting file headers, these may not be able to be remediated – users may fall victim to attacks that can't be 'fixed' because payment locations no longer work.  

Either way, ransomware isn’t going away soon. 

Shift from exploitation to targeted social attacks

Cybercriminals are getting increasingly skilled at exploiting the ultimate vulnerability: humans themselves. With attacks becoming more targeted towards specific individuals or companies, cybercriminals are creating sophisticated and complex attacks that try to coax users into compromising themselves.  

 Examples we’ve seen in SophosLabs include personalised emails that address the recipient by name, and claims that they have an outstanding debt that the sender needs to collect ASAP – which the user can and will plausibly believe. This is a common and effective tactic employed by cybercriminals, to trick individuals through borrowing authority by pretending to be law or financial enforcement. This email will direct them to a malicious link that a panicked user will click on immediately, effectively opening them up to the attack. These types of phishing attacks are socially engineered to not be recognised by obvious spelling, grammar, and other apparent mistakes, that were once the mark of phishing scams.  

Destructive DDoS IOT attacks will rise  

It is fair to say 2016 was a major year for cyberattacks – and the start of severe IoT vulnerabilities being exploited. The Mirai botnet demonstrated the massive destructive potential of DDoS attacks against insecure consumer IoT devices. Although these attacks only exploit a small number of devices and used basic password guessing techniques, cybercriminals will find it easy to extend this reach due to the outdated code, poorly-maintained operating systems and well-known vulnerable applications within IoT devices. 

As 2017 continues, we can expect more IoT exploits and compromised IoT devices being used for DDoS, or targeting other devices on your personal or professional networks, and more advanced password guessing.  

The downside of encryption

Encryption is becoming universal, and with this, it has become more difficult for security products to inspect all incoming traffic – much to the joy of the cyber crooks, making it easier for them to sneak through without ringing any alarm bells. Not surprisingly, cybercriminals are using encryption in creative new ways. To combat, we need more security products which can deeply integrate network and client capabilities, to rapidly discover possible security problems after code is decrypted on the endpoint.  

Exploitation of the internet’s inherently insecure infrastructure

Simply put, the foundations of the Internet are aging. These principles have long been the backbone of the Internet, and the universality of the Internet makes it practically impossible to update or replace. With these in place, business networks can be surprisingly messy. 

The DDoS attack in October which took down the DNS provider and, with it, access to part of the Internet, including popular websites such as Twitter, Netflix, and Reddit was the largest attacks of its kind. Those who claimed responsibility called this a test run – with more to come. Large ISPs and businesses are able to take some steps to prevent severe disruption, but these are always open to failure if individuals or states choose to exploit the Internet’s deepest and most inherent security flaws.  

Growth of malvertising and corruption of online advertising ecosystems 

There's nothing new about malvertising – spreading malware through online ads and web pages – it will be celebrating its ten-year anniversary this year, with the first sightings of this type of exploitation in late 2007. But we saw much more of this type of attack in 2016. Malvertising has played a huge role in the generation of click fraud, a type of generation of paid-for clicks that don't actually correspond to consumer interest, which simultaneously compromises users and steals from advertisers. This type of attack also emphasises the larger problems in the advertising ecosystem – which we will see more of.   

These are only some of the emerging trends we predict will continue to rise in 2017. Make security a priority in 2017 – with cybercrime and cybercriminals showing no signs of slowing down, it's better to always be as secure and safe as can be, than sorry. 

James Lyne, Global Head of Security Research at Sophos  
Image source: Shutterstock/igor.stevanovic

ABOUT THE AUTHOR

James Lyne is Global Head of Security Research at Sophos. Lyne, a self-professed "massive geek," has technical expertise spanning a variety of the security domains from forensics to offensive security.