In 2017, the sophistication of the technology, strategies, and methods employed by cybercriminals will continue at an accelerated rate.
The explosive growth of personal mobile devices, the huge shift towards cloud applications and the growing impact of the Internet of Things (IoT) in the last year has set the scene for a complex and challenging threat landscape in 2017.
Cybercriminals have had a busy year exploiting old vulnerabilities and developing new ways to threaten us online. We anticipate that 2017 will see this continue at an accelerated rate. As education about and awareness of threats increase, so does the sophistication of the technology, strategies, and methods employed by criminals to stay ahead of the good guys.
Here are what we predict will be the top new and emerging cybersecurity threats.
2016 may have been crowned the ‘Year of Ransomware,’ but it is already set to lose its crown to 2017 because now it's easier than ever to deploy on any operating system, including mobile. Avast has spotted more than 150 new ransomware families in 2016, and that was just for Windows OS. We expect this number will be increased by the growing number of open-source ransomware programs hosted on GitHub and hacking forums. These programs are freely available for anyone who has the basic knowledge needed to compile existing code.
Even if the wannabe perpetrator doesn’t have the skills to create their own malware from free code, this can now also be readily outsourced. There is already a RaaS (Ransomware as a Service) model, which provides automatically generated ransomware executables for anyone who wants to get rich by infecting potential victims (i.e. Petya, RaaS, Ransom32). Creating or buying your own ransomware has never been easier, meaning ransomware is here to stay and is expected to be a bigger problem yet in 2017.
There is an emerging trend of cybercriminals asking their victims to spread the ransomware if they cannot pay but want their data back. While, traditionally, ransomware has seen victims forced to pay or lose their own data, we see the rise of new offers, where the user would have the choice to spread the threat or pay the ransom.
Victims already infected are offered a chance to restore their personal files if they actively assist the spread of the ransomware. This could be particularly profitable if a user was to infect their company network. Obviously an infected SMB or enterprise is far more profitable for ransomware operators than a single private user.
Dirty COW is a privilege escalation vulnerability in the Linux Kernel, allowing the attacker to bypass the permissions framework to write over the original read-only code. Although it is suspected this vulnerability has been around for possibly as long as nine years, only recently have we started to see it used to exploit devices that were previously thought un-rootable.
Consider the significant number of Linux and Android devices built on this Linux kernel combined with its use in the many proof of concepts created by researchers worldwide for testing in various Linux environments, and you can see how we have reached a tipping point. We would expect these to be misused by criminals to take root access to various devices, enabling them to control those devices without the user even suspecting a thing.
Cybercriminals could then exploit these devices with this vulnerability to access almost anything they want including social network application databases and full internal device access. It would also potentially enable governments and forensic companies to gain access to previously un-rootable devices.
In 2017, this vulnerability will be spread through social engineering tactics, tricking unsuspecting users into installing the malicious applications that will allow Dirty COW to run.
Ransomware is common nowadays as is file deletion if you do not pay the ransom fast enough. The threat of ransomware encryption and file deletion can be minimized by solid malware protection, email hygiene, and by regular offline backups. Such a backup can restore your files if the protection fails and you end up with encrypted or deleted files.
But what if the crooks also download a copy of your valuable files (private emails, photos, instant messaging history, company contracts and paychecks, etc.) then threaten to publish and expose these files online if you do not pay? This technique is called doxing and has been used in hacking attacks where systems have been penetrated. While so far only proof-of-concept inclusions of doxing capabilities have been seen in ransomware, we expect to see more of this type of extortion in the wild in 2017.
With the growth of the connected home, and the accelerating pace of smart cities and workplaces, everything from connected cars to routers, video monitors, and thermostats is more vulnerable to attack.
Think about your own home: routers, IP cameras, DVRs, cars, games consoles, TVs, baby monitors, and many other IoT devices could be quite easily targeted just by abusing default log-in credentials or other well-known vulnerabilities. In 2016, we've seen large botnets built from these unsuspecting devices that were used for mining crypto currencies, spamming, or DDoS attacks (e.g. the recent Mirai botnet). We predict the number of botnets that can enslave IoT devices will continue to grow in 2017 as the number of devices vulnerable to exploitation increases.
The growth in wearables also presents a growing challenge. Not only do they offer the opportunity to simplify processes and everyday actions – such as providing security clearance to buildings or as a way of tracking activities so that time is used efficiently – but they also create new potential vulnerabilities. Like any other device, wearables run on software, and software can be vulnerable to attack. As Wear Your Own Device (WYOD) becomes an increasingly common extension of BYOD behaviors, wearables simply represent greater opportunities for attack.
Every new connected device that enters the home or the workplace is a new way in for hackers. Assuming IT security is already in place and being monitored, the most important immediate actions for families and businesses to focus on are educating themselves on the security risks connected devices pose, and keeping device firmware up to date.
The routers used in our homes, and most businesses, to connect this plethora of devices to the internet are the most critical component here. The process of flashing firmware to keep pace with threats is inadequate and unsustainable. The router needs to evolve in 2017 to be a smart router, because it is the gateway to all of your connected devices and a potential weak link in the chain allowing criminals to highjack your smart home.
In the very near future, leading ISPs will make the shift to smart router platforms that incorporate security by design to keep pace with threats, and which are also capable of delivering new types of services to their customers.
With due respect to William Gibson, one certainty is that many pundits will be predicting machine learning as a trend for 2017. For those of us at the sharp end of IT security that future is already here. For several years, Avast has been using machine learning as an essential component to be delivering protection against evolving and emerging threats.
The “good guys” use AI to defend and protect. However, we have seen the first AI vs AI cyber security battles happen in the lab. The availability of low cost computing and storage, coupled with the availability of off-the-shelf machine learning algorithms and AI code is likely to see increasingly regular offensive deployment of AI from the bad guys. This is one prediction we hope pushes out well beyond 2017.
Avast Threat Lab lead and malware expert Jakub Kroustek hacks the hacks in episode two of Mr. Robot, Season Three.
Avast solutions help users control who can access their webcam to prevent unwanted spying.