Partner Perspectives  Connecting marketers to our tech communities.
11/30/2016
04:00 PM
Matthew Rosenquist
Matthew Rosenquist
Partner Perspectives
50%
50%

Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2)

With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.

Knowing what cybercriminals are targeting today is easy. Their attacks are loud, impactful, and have the elegance of a herd of bulls crashing through a glassware shop. The tougher challenge is figuring out where they will take aim tomorrow. Knowing where cyberthreats will attack in the future gives the necessary insights to be one step ahead of their mayhem. 

The Short Term

With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware. It is also a time for dark markets to thrive, selling unmentionables to those looking for illegal items for holiday celebrations. 

We must all expect malware-ridden holiday sale emails and websites. Be on the lookout for fake shipping invoices or urgent messages from merchants. Shady ecommerce sites advertising insane deals as bait will look to harvest credit card accounts, emails, and maybe convince you to install some “helpful” software. Phishing will increase a notch, and look for a new wave of ransomware to hold family pictures, personal files, and entire systems for extortion. Identity theft will add to the rise of new credit card applications to do some unauthorized shopping. In the next couple of months, all these financially motivated threats will increase, so now is the time to be on your guard.

Businesses Beware

Businesses must worry about the increased amount of ecommerce fraud, ransomware that extorts money to unlock important files, and the ever present risk of data breaches. Healthcare, retail, and financial sectors will be targeted the most, but all businesses are in jeopardy. Social media will be targeted as a springboard to reach more potential victims and influence them to download or visit sites containing malware. For some larger companies, who rely on heavy Web traffic, there will be Distributed Denial of Service (DDoS) extortion attempts. The threat: Pay or be unavailable to your customers. As always, cash is king and credit is queen.

More ATM attacks are in our future. Europe will be the hotbed, given its machine density and proximity to current thieving bands that are becoming more proficient at these attacks. The US will suffer from more credit card and debit card fraud -- some in-store, but more shifting toward online sites as the chip-on-card initiative forces thieves to adapt.

Exploiting IoT Devices

Hacking home Internet of Things (IoT) devices -- the ones always connected to the Internet -- is easy for botnet herders looking to amass an army to conduct DDoS attacks. But there is little money in attacking. Some will adjust to provide “protection” extortion schemes. Others will move into using those simple devices to create social media accounts which can “follow” or “like” in mass for a fee. Early signs are already present as buying followers/likes is lucrative business in the ego-markets of social media.

Looking down the road a bit, we will actually see fewer random attacks against IoT devices. Two factors are at play here. First, IoT device manufacturers and consumers will shift to close the basic weakness: the use of default passwords. The second change will be when professional hackers, likely organized criminals and nation states, take over the market with more professional hacking capabilities. They tend not to play nice with others. Upon compromising an IoT device, they will immediately close the vulnerability so they are not displaced by another hacker. This ensures they keep control of their victim.  

We will see more creative ways for attackers to monetize this resource by coupling with ransomware, DDoS attacks, data leakage, creation of mass accounts to facilitate fraud, and perhaps even creating specialty routing networks to obfuscate traffic. The result is more devices exploited, but in a more organized manner, until such time as the IoT industry becomes more secure overall.

In my next blog, I will share what cybercriminals will target in the long term. There are many opportunities for them to choose from that could reap big payouts. They are a greedy lot, and I expect them to make bold moves.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Matthew Rosenquist is a cybersecurity strategist for Intel and benefits from 25 years in the field of security. He specializes in strategy, measuring value, and developing cost-effective capabilities and organizations that deliver optimal levels of security. Matthew helped ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark Reading,  12/6/2017
NIST Releases New Cybersecurity Framework Draft
Jai Vijayan, Freelance writer,  12/6/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.