The ongoing struggle between hackers and the civilized world is usually described as a cat and mouse game, with both hackers and security experts trying to stay one step ahead. But as the stakes get higher and “hacktivism” becomes more audacious amidst an increasingly polarized political landscape, 2017 will probably look more like Call of Duty than Tom and Jerry. Are the good guys well enough armed to handle next year’s level of cyber sophistication and severity?
The following are just a few attack scenarios we can expect to see unleashed in the coming year.
1. Voting fraud attacks
The brazen hack on the Democratic National Committee is still fresh in our minds, but the repercussions may take years to assess. From an attacker’s point of view, this was an extremely successful hack – a fact that will likely only lead to more of the same. Attacks targeting political organizations, prominent players, and voting systems in order to impact national leadership may become more prevalent as this new type of hacktivism takes hold. Expect to see sophisticated, evasive assaults exploiting weaknesses in voting systems that could successfully manipulate electoral results. These techniques will intelligently sync voting manipulation with demographics and expected results in each locale, allowing voting results to be altered in a way that goes unnoticed.
2. Next-gen ransomware
Ransomware caused a whole lot of pain in 2016, and digital extortion will become even more common in the immediate future, especially as more and more valuable information is stored in soft, vulnerable cloud-based infrastructure. As the virus marketplace expands and malware becomes more automated, basic ransomware attacks will become easier to generate, almost like generating DDoS attacks. Here are some new directions:
Doxing. Holding sensitive or incriminating information for extortion or shaming, called “doxing,” is likely to morph from standalone attacks on single links into a more sophisticated attack chain. Attackers will focus assaults on victims’ work networks, making the infection process much more targeted and the financial stakes that much higher.
Ransomworms. The more advanced types of ransomware campaigns will use innovative techniques like automatic internal propagation that scan for additional vulnerable hosts inside the compromised network and then self-propagate, allowing access to targets with more confidential data, typically inaccessible from the outside world.
Backup deletion. A dirty but admittedly innovative tactic is targeting backup files for deletion. This ensures there will be no possible avenue for data recovery other than paying the ransom or acquiescing to other demands.
It’s a hacker’s dream: tens of billions of IoT devices in our lives by 2020. Connected cars, smart medical devices, and even basic domestic tools like connected baby monitors and home lighting systems can and will be targeted by cyber criminals. Of course, things like hackable pacemakers or steering wheels keep security experts up at night, but imagine a hacker being able to capture video of you by commandeering your wearables, or simply turning on your toaster, microwave, air-conditioner, washing machine and dryer all at once, causing an electrical fire. The threat only rises with every new device connected to the Internet.
Expect wearables to become a key target in the coming year. Wearable smart devices seem to be everywhere these days, tracking every step we take and logging our location through GPS. They are privy to such intimate data as our daily schedules, our financial information, and even our heart rates. It’s not only our privacy that’s at risk.
But there’s another side to IoT threats – a new generation of DDoS attacks that hijack the connected devices themselves and draft them as troops in the attack force, creating a botnet of millions of devices. Even low-bandwidth IoT gadgets can be drafted into the attack as low-level, unexpected “signalers” that can catch a security system off guard. These connected gadgets can be added, removed, and replaced dynamically in such an attack, making shutting them down almost impossible.
4. Advanced fragmented attacks
Sure, security products are becoming more adaptive and more specialized – in order to be more accurate and effective – but so are tomorrow’s viruses. 2017’s sophisticated cybercrime organizations will be able to analyze all the security products defending a particular target, and then carefully select a set of multi-stage and multi-vector attacks to circumvent them. They will break down an attack campaign into fragments such that each attack element may be detected by one security product but rarely by more. In this case, the threat actors are depending on a severe lack of communication between various elements of the defense. The excessive amount of time it takes for most organizations to collect and correlate the pieces of evidence from each product greatly multiplies the bad guys’ chances for success.
To contend with these and other emerging threats, we will see increased investment in security analytics, prediction, and orchestration technologies in 2017. Similarly, defenders must have the ability to create and share vendor-agnostic security orchestration models. Crowd intelligence will be crucial here – pooling our collective resources and best practices to match the seemingly endless resources enjoyed by organized crime and state actors.
Staying one step ahead will continue to be crucial, but we may need two or three steps to keep hackers from constantly breathing down our necks.
Avi Chesla is CEO and founder of empow, a cyber security company. Prior to empow, he was CTO and VP of Security Products at Radware, where he was responsible for defining and leading the company’s strategic technology roadmap and vision, including the foundation and management of Radware’s Security Division, a provider of cyber-attack mitigation solutions. Follow him on Twitter: @cheslaavi.