The best hockey players navigate within the ice rink, grapple with opposing players, take advantage of opportunities when available, and critically, as Wayne Gretzky once said, always skate to where the puck is going to be—not where it has been.
The newly released McAfee Labs Threat Predictions Report offers short- and long-term trend insights for organizations racing to keep pace with and perhaps overtake business and technological change, while continuously fending off a growing variety of cyber threats.
The report predicts key developments on the cyber threat landscape in 2016 and provides unique insights into the expected nature of that landscape through 2020, as well as the IT security industry’s likely response.
It illustrates an ever-evolving threat landscape, where applications and prominent operating systems are hardened to attacks, but attackers shift their crosshairs to less prominent but critical attack surfaces, innovative attack styles, and new device types.
Researchers depict enterprises building out their complex security defenses and comprehensive policies, while attackers target the weak security of employees working remotely. The cybercrime-as-a-service ecosystem discovers, mutates, and sells these advanced capabilities and support infrastructure down to the least sophisticated malicious actors in cyberspace in the burgeoning dark Web.
Here are some key threat predictions from the report for 2016:
- Hardware. Attacks on all types of hardware and firmware will continue, and the market for tools that make them possible will expand and grow. Virtual machines will be targeted with system firmware rootkits.
- Ransomware. As it has come to pass in other areas of cybercrime, the true accelerator of ransomware growth will be the availability of ransomware-as-a-service offerings on the dark Web. By lowering barriers to entry into cybercrime, this ecosystem of talent, tools, and infrastructure will enable more criminals to launch more attacks.
- Attacks through employee systems. Organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies, and remain vigilant. Thus, attackers are likely to shift their focus to increasingly attack enterprises through their employees by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.
- Cloud services. Cyber criminals could seek to exploit weak or ignored corporate security policies established to protect cloud services. Now home to an increasing amount of business-confidential information, such services, if exploited, could compromise organizational business strategies, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data, and other data.
- Warehouses of stolen data. Stolen personally identifiable information sets are being linked together in big data warehouses, making the combined records more valuable to cyber attackers. The coming year will see the development of an even more robust dark market for stolen personally identifiable information and usernames and passwords.
- Integrity attacks. One of the most significant new attack vectors will be stealthy, selective compromises to the integrity of systems and data. These attacks involve seizing and modifying transactions or data in favor of the perpetrators such as a malicious party changing the direct deposit settings for a victim’s paychecks and having money deposited into a different account. In 2016, we could witness an integrity attack in the financial sector in which millions of dollars could be stolen by cyber thieves.
- Sharing threat intelligence. Threat-intelligence sharing among enterprises and security vendors will grow rapidly and mature. Legislative steps may be taken that make it possible for companies and governments to share threat intelligence. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat-intelligence cooperatives among industry vendors will expand.
To “beat the puck” on business, technology, and threat landscape realities in 2016 and beyond, organizations will need security strategies that enable them to see more, learn more, and detect and respond faster, all the while fully utilizing the decidedly finite technical and human resources at their disposal.
Stay tuned for my next post, which will revisit the McAfee Labs Threat Predictions Report to preview the 2020 threat landscape and the likely cybersecurity industry responses to it.