2016 has been quite the year. From widespread IoT attacks, to ransomware campaigns that extract millions of dollars, cyberthreats have continued to grow in size and impact throughout the past 12 months. And unfortunately, it looks like there’s no sign of slowing. With McAfee Labs releasing their 2017 Threats Predictions Report, we got to take a look into the future, as they envisioned which threats would increase (specifically around the cloud and IoT), which were on the horizon (like “dronejacking”), and what will be needed to stop them.
Let’s start with the cloud. The cloud has been a puzzling problem for cybersecurity experts since its inception, and unfortunately, its security is predicted to worsen. In 2017, more and more people are predicted to put faith in storing data in the cloud. This only puts a larger target on the cloud’s back, as cybercriminals will be more than ready to take advantage of outdated authentication systems and explore new attack vectors.
Why will the cloud be an easy “in” for crooks? For starters, users are expected to mismanage their cloud storage systems in 2017. Attackers—mostly those looking to get a hefty paycheck—will take advantage of user carelessness to speedily and anonymously steal large amounts of sensitive data. They may even start initiating “Denial of service for ransom” attacks as well. In this scenario, they’d overload cloud systems with activity so that they shut down—then demand a ransom from the victim to turn their access back on.
Now, where does IoT fall in the new Threats Predictions Report? Well, the opportunities to steal data, deny operations, or cause damage using IoT will be broad, with the hubs that manage IoT devices coming in as the prime targets. When it comes to type of attack, ransomware is predicted to be the biggest threat to IoT. Overall, one thing is for certain: IoT is going to bring user privacy closer to its demise in 2017.
Beyond their more traditional attack methods, such as manipulating IoT devices, cybercriminals are predicted to get more creative with the types of malware they’re delivering, as well as what software and devices they’re attempting to compromise. For instance, mobile phones will be faced with more ransomware attempts, and entire app markets could feel the heat of compromise.
Now here’s a new one: machine learning—artificial intelligence enabling computer programs to teach themselves to grow when exposed to new data—has recently been used by cybersecurity researchers to fight threats. But that too will soon change, with cybercriminals preparing to use machine learning to elevate their own attacks. Specifically, that means more social engineering, and more cleverly computed phishing attacks.
Across all threats McAfee Labs predicts for 2017, what stands out most to me is a growth in “dronejacking.” Drones have recently boomed in popularity, and not just for the Average Joe: they’re now used by law enforcement, farmers, and the media alike. And that’s exactly why they’re so enticing to cybercriminals – they’re now completely omnipresent. If a crook gets ahold of one—and it isn’t hard for them to—the hacking possibilities are endless. McAfee Labs’ new report even foresees drone exploit toolkits soon finding their way into the deep corners of the Dark Web.
Will word of all these evolving and emerging threats, you may be asking yourself what must be done to prepare for these attacks. For the cloud, providers will have to improve the security of authentication systems. For IoT, service providers and device manufacturers alike need to enhance privacy settings on gadgets, develop top-notch user authentication for users to even access them, and build strong security right into the device hardware. And for drones, device security standards as well as usage restrictions need to be put in place. Some good news? The US Federal Aviation Administration is scrambling to put rules into effect as we speak, which govern when and where commercial drones can fly.
And to personally prepare yourself for the threats emerging in 2017, here are a few security tips that you can follow:
- Don’t trust the cloud with everything. With cloud vulnerabilities about, it’s better to be safe than sorry. Avoid putting all of your sensitive data in cloud storage, and look to external hard drives to stow away your most private information.
- Do your due diligence around device security standards. Fan of IoT gadgets, or drones? Great. Just remember to do your research, and look into devices’ security standards, before buying. A fun, new gadget that doesn’t have stringent security in place just isn’t worth a potential hack.
- Use a comprehensive security solution. If there’s one thing for certain about coming threats in 2017, it’s that they’re coming from all directions. Therefore, you need to protect all points of attack, on all of your devices. Be sure to install a comprehensive security solution, such as McAfee LiveSafe.