2017-01-04

At this time of year, it appears that everyone has something to say about what we can expect to see in the next 12 months. My research team at WatchGuard is no different. They spend their time keeping their fingers on the pulse and spotting trends and developments in the world of cyber security to try and stay one step ahead.

As the cyber criminals and state-sponsored groups become more sophisticated and better resourced, this becomes increasingly difficult. However, my research team has a pretty good track record when it comes to their predictions coming to pass, so here are just some of the things they expect in 2017.

They include the morphing of ransomware into fast spreading ransomworms; the appearance of IoT botnet zombies; the first civilian cyber cold war casualties; and the use of AI (artificial intelligence) in attacks over the next 12 months.  Sounds daunting. So, let’s go into a bit more detail:

1. 2017 will see the first ever ransomworm, causing ransomware to spread.

If there was an award for malware, ransomware would be the 2016 winner, with criminals moving from just targeting large corporates and high net-worth individuals to hitting SMEs in a big way.

But I think that cybercriminals will take ransomware to the next level in 2017 by introducing auto-propagating characteristics traditionally found in network worms like codered and conficker. This will result in a breed of ransomware designed to produce endless duplicates of itself, spreading the infection far and wide.

2. Attackers will exploit infrastructure-as-a-service (IaaS) as both an attack platform and attack surface

Cloud adoption is growing at an incredible rate among organisations of all sizes. RightScale’s 2016 State of the Cloud report showed that 71% of SMBs are running at least one application in AWS or Azure. As these platforms become increasingly engrained in the fabric of business operations, they are also a ripe target for criminal hackers.

I think that public Infrastructure-as-a-Service (IaaS) will be leveraged as both a potential attack surface and as a powerful platform to build criminal malware and attack networks. Expect to see at least one headline-generating cyberattack either targeting, or launched from a public IaaS service next year.

3. IoT devices become the de facto target for botnet zombies

In 2016, the Mirai IoT botnet source code was leaked, enabling criminals to construct enormous botnets and launch massive DDoS attacks with record-setting traffic. Now that hackers are weaponising IoT devices in this way, we can expect them to expand beyond DDoS attacks in 2017.

The pure volume of Internet-connected devices that are manufactured full of vulnerabilities presents a new attack surface. In the coming year, we’ll see criminals launch specialised IoT botnet click-jacking and spam campaigns to monetise these new attack methods the same way that traditional computer botnets were monetised.

4. In 2017, we’ll see civilian ‘casualties’ in the Cyber Cold War

With the nation state cyber cold war well underway, we expect to see at least one ‘civilian’ casualty as collateral damage in 2017. Nation states have allegedly damaged enemy nuclear centrifuges using malware, stolen intellectual property from private companies and even breached other governments’ confidential systems.

For some time now, the US, Russia, Israel and China have been mounting strategic cybersecurity operations and hording zero-day flaws to use against one another. This practice of building up arsenals of vulnerabilities – rather than helping vendors fix them – will undoubtedly lead to an unsuspecting private business or citizen falling victim to an undisclosed zero-day exploit.

5. SMBs turn to small MSSPs for cyber security

As they become increasingly targeted by cyber criminals, SMEs will continue to make network security a higher priority. With small IT teams and rarely any dedicated internal security professionals or without the resources to configure, monitor or adjust their own security controls, SMEs will recognise that their managed service provider (MSP) may be the solution.

So, we can expect to see more MSPs adding security services to their IT offerings and estimate that in 2017, at least a quarter of small businesses will turn to more specialised managed security services providers (MSSPs) for their security needs.

6. Increased use of biometrics hides credential insecurity

In the face of countless credentials breaches over the past several years, biometric solutions like fingerprint scanners for authentication will continue to rise as a popular alternative to passwords.

But while the widespread adoption of biometrics is a convenient alternative to remembering passwords as the primary method for authentication, this will not erase the fact that weak passwords are still hiding in the shadows – a core part of operating systems and just as vulnerable as ever.

7. Attackers start leveraging machine learning and AI to improved malware and attacks

My final prediction is that cyber security companies will come to a rude awakening when it becomes clear that they don’t have a monopoly on machine learning in 2017. Machine learning has done far more than any human could to help the security industry become more predictive and less reactive in the fight against malware.

By analysing gigantic datasets and huge catalogues of good and bad files, these systems can recognise patterns that assist information security pros in rooting out new threats. Next year, advanced cyber criminals will turn the tables and begin leveraging machine learning themselves to cook up new and improved malware to challenge machine learning defences.

What is clear is that as new technologies come out, the cyber criminals continue to evolve their attacks to be more effective. As the Cloud, IoT and AI become increasingly prevalent, hackers adjust their tactics and create more evasive malware and new attack vectors that exploit previously hidden vulnerabilities.

And we also know for certain that hackers are no longer just focused on the big companies; SMEs have customer data and computing resources that cyber criminals are increasingly targeting.

Jonathan Whitley, director of Northern Europe at WatchGuard Technologies

Image Credit: ESB Professional / Shutterstock

Show more