2015 has come to an end and 2016 is already welcoming us. 2015 will be remembered as year of Data breach as we witnessed data leaks from Ashley Madison to JP Morgan Chase & Co. There is no magic-bullet technology which would stop crime being committed but they being well prepared to combat such attacks are wise one. With companies seeing the importance of cyber security in the digital era, eScan team predicts that 2016 can be alarming. There are several security predictions for the coming year as discussed below:
- Ransomware: Ransomware will be a major threat in the year 2016.It is one of the easiest way for a cyber-criminal to extract money from victim. In 2015, we witnessed Ransomware-as-a-service (RaaS) hosted on the Tox, Tor supporting client and makes use of virtual currency for payment purpose. This is expected to grow in the coming year as technological prowess cyber-criminals will make an attempt to access it and use it in hacking into user’s computer. In addition to it, Ransomware creators would be looking to target new operating system such as Mac and would be looking for an unpredictable encryption key on Linux platforms.
- Requirement of Improved Security on IoT Devices: Since the demand for smart devices and other Internet of Things (IoT) device are increasing every day, thus the need for advanced security for these devices has also increased. According to recent statistics, there will be almost 30 billion connected things in major industries and IoT will touch every role across the corporates. Ready devises are going to be in the market. Simultaneously, the attacks against these devices will also rise.
Besides, medical device security might become a mainstream topic in 2016. Life-saving devices like pacemakers or insulin pumps can get hacked. Though no such cases have been reported till now, yet the potentiality always remains high. Under the evolving umbrella of mobile health, the hackers might catch up with the latest technologies to cripple them with unlawful activities. Some industries might even begin to develop guidelines that might address the new risks of information use and data ownership presented by IoT.
- Increase in sextortion: There would be raise in “sextortion” attack as scammers believe they can blackmail and threaten to leak personal photographs and videos of celebrities in return of money. This has set the trend of extorting money from them. The Ashley Madison was the most infamous internet scam ever as it opened Pandora box of scams. The hackers were quick to capitalize on Ashely Madison breach by sending impressive coherent spam messages. The Ashley Madison incident was a classic example of Privacy Breach and the registered users are reportedly having a bigger problem of Identity Theft.
- Increase in Android threats would be murkier: There will be sharp increase in number of Android exploits in the coming year. The Stagefright vulnerability which was heavily reported in 2015 took Android market into storm. It allowed hackers to take over an Android smartphone by enabling malicious programs into audio files, delivered via MP3 or MP4 format.
- Increase in iOS Malware: Apple witnessed security breaches in its App Store, once with the Instagram app- InstaAgent after it was found to store usernames and passwords for Instagram users and sends them to an unknown server. This app was removed from both Google Play Store and Apple Store and prior to that Xcodeghost Malware which infiltrated the App Store. The cyber-criminals created an illegitimate version of Xcode, Apple Software for creating apps, which convinced iOS developers to download. When the apps were developed and downloaded, the attackers were able to steal data of users and send it to servers they control. With millions of apps hosted and tested rigorously in both Apple and Google store, Android allows installation of applications from third party markets, thus making it easier for cyber-criminals to inject malware into unofficial markets.
- Payment systems: To buy something, all you need is cash in your pocket. But thanks to mobile era, Payment systems have been transformed into other forms like Mobile Wallet such as Apple Pay, Android Pay etc. Cyber-criminals would be keen to get their hands on these payment systems and untested financial services.
- Virtualization Firmware: Vulnerabilities in Virtualization Firmware could become an access point for cyber-crooks to gain entry into infrastructure of an enterprise. Virtual machines would be at risk as they could be the next target with system firmware rootkits. This could be the new tactic adopted by cyber-crook to gain entry into any corporate network by compromising it and extract valuable information.
Lastly we can conclude that our users, readers and administrators should be on their toes to escape the deadly fangs of the cyber crooks. Implementation of 3D security policy after understanding the exact requirement thoroughly will help the organization in minimizing the chances of any kind of cyber-attacks. Use eScan and stay safe! Cheers!