Image (GraphicStock) - Threats landscape
New vulnerable surfaces are among threats expected this year, according to a latest cybersecurity analysis, gathered by Computerworld Malaysia as part of a special security insights roundup.
Security software company Trend Micro Malaysia's managing director Goh Chee Hoh (pic below) said threats would change in the coming months, according to findings from the company's annual predictions report. "In essence, attacks will broaden and differentiate to penetrate new vulnerable surfaces."
However, he particularly focused on a continuation of Business Email Compromise (BEC) attacks as a prime concern among other rising security issues. "BEC and Business Process Compromise (BPC) are sophisticated scams targeting businesses that regularly perform wire transfer payments and it will continue to grow as a cost-effective and relatively simple form of corporate extortion."
A typical BEC attack operates by manipulating an innocent employee into transferring money to a criminal's account or takes the form of a direct hack into a financial transaction system, which takes more effort, but will result in increased financial yield for criminals.
"BEC attacks and ransomware have dominated the threat landscape so far in 2016, causing immense losses to businesses across industries and we continue to see cybercriminals adapting to the changing technology landscape," said Goh. "While new ransomware saw an exceptional increase in 2016, that growth is no longer sustainable, so attackers will find new ways to use existing malware families. We foresee new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion."
Emerging tech and silver bullets
He continued to say that emerging technology - the Internet of Things (IoT) and Industrial Internet of Things (IIoT) - will also play a larger role in targeted attacks in 2017 "as attackers become more interested in targeting connected devices to add botnets to carry out DDoS attacks."
"In the past year, IoT security has quickly escalated as a hot-button issue with multiple threats against the enterprise such as the Mirai botnet that took down Twitter, Amazon, and Netflix. IoT malware will open backdoors into the connected home that could go undetected for years," said Goh.
"In addition to that, the increased use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organisations," he said.
"There's no silver bullet to solve these challenges," Goh added. "But you can go a long way by investing in products that offer vulnerability shielding. It's the only way to reliably and proactively mitigate the risk of zero day and unpatched flaws."
Other findings from the 2017 predications report include:
- The number of new ransomware families is predicted to plateau, only growing 25 percent, but will branch out into IoT devices and non-desktop computing terminals, like PoS systems or ATMs
- Vendors will not secure IoT and IIoT devices in time to prevent denial of service and other attacks
- New vulnerabilities will continue to be discovered in Apple and Adobe, which will then be added to exploit kits
- With 46 percent of the world's population now connected to the internet, the rise in cyber-propaganda will continue as new world leaders are appointed, potentially influencing public opinion with inaccurate information
- As seen in the Bangladesh Bank attack early in 2016, BPC attacks can allow cybercriminals to alter business processes and gain significant profits, and BEC attacks will continue to be useful to extort businesses via unsuspecting employees
- GDPR will force policy and administrative changes that will greatly impact costs and require organizations to conduct complete reviews of data processes to ensure compliance
- New targeted attack methods will focus on evading modern detection techniques to allow threat actors to target different organisations
Sign up for CIO Asia eNewsletters.