With the FBI stating that ransomware alone is estimated to cause a whopping $1 billion in financial losses, cybercriminals have also outdone themselves with the largest denial of service attack to date – 1 Tbps – performed with compromised IoT devices. 2017 is likely to be even more interesting, from a security perspective, than anything we’ve seen before.With the FBI stating that ransomware alone is estimated to cause a whopping $1 billion in financial losses, cybercriminals have also outdone themselves with the largest denial of service attack to date – 1 Tbps – performed with compromised IoT devices. 2017 is likely to be even more interesting, from a security perspective, than anything we’ve seen before.
The IoT Bot Army
The IoT proliferation, estimated to reach 50 billion devices by 2020, will likely be exploited throughout 2017 to perform some of the most massive and disruptive distributed denial of service attacks to date. Built by manufacturers with inherent security vulnerabilities and sometimes even lacking update mechanisms, smart internet-connected devices will likely become part of the largest “armies” of bots controlled by cybercriminals. Potentially ranging in the hundreds of thousands, such massively controlled networks will likely be used to target organizations and even states to disrupt infrastructures and services. If the Mirai botnet that disrupted DNS service provider DYN has taught us anything, it’s that it’s not only amazingly simple to compromise IoT devices, but that the Internet’s infrastructure and IoT security standards need to change to address these concerns.Industrial Control
With SCADA (Supervisory control and data acquisition) systems becoming cheaper to produce and moving towards relying on TCP/IP network protocols for network communications, security researchers have long warned about the dangers of not having the proper security mechanism in place to protect them. Exploiting vulnerabilities in various SCADA components to gain access and control critical systems, such as a country’s power grid, telecommunications, and even transportation systems, attackers could compromise and cripple a town, state, or even a small country. Because most of these systems lack proper security mechanisms as they haven’t been designed around security, security researchers have found that cybercriminals could easily tamper with them and make them execute malicious commands and instructions.
Darknet Proliferation and Targeted Attacks
While seemingly unrelated, the two play a vital role in cybercriminal activities as the tools and malware sold on darknet marketplaces are often used in targeted attacks. Despite the demise of the popular Silk Road website, many TOR-fied hidden services have emerged to fill in the illegal goods distribution vacuum. Highly specialized marketplaces have stepped up to offer everything from illegal drugs and goods to cybercriminal tools, such as ransomware kits, to the highest bidder. This constant supply of cybercriminal tools has spurred a new generation of cybercriminals, focused on financial gains.Targeted attacks will also become a lot more common, as not only the tools used for pulling them off have become easily available, but the rewards of successfully breaching a high-profile company are highly profitable. Either for public shaming or to extort the victim into paying large fees not to publish online sensitive and critical data, targeted attacks will likely intensify through 2017, potentially hitting large organizations and financial institutions.
A Safer 2017
With 2017 just around the corner, many security experts believe cooperation between law enforcement agencies and security companies can only lead to a diminishing in cybercriminal activities. Once such activity has already concluded with the dismantling of a massive international criminal ring and that operated 20 malware and ransomware families.
Dubbed Avalanche, the operation was not only a success, but also proved that both law enforcement and security agencies can stifle cybercriminal activities, which is about everything you could wish for 2017. With the increased sophistication of and persistency of malware, 2017 is all about securing all your devices. Total security for multiple devices does just that and platform-agnostic protection is the best type of protection against new and unknown malware that might ruin your 2017.