Intel: Wearables, Cars and Stolen-Data Warehousing Will Mark 2016
2016 will see a gamut of cybersecurity trends, including likely threats around ransomware, attacks on automobile systems, infrastructure attacks, and the warehousing and sale of stolen data.
Intel Security’s McAfee Labs Threats Predictions Report predicts attacks on all types of hardware and firmware, while the market for tools that make them possible will expand and grow. Virtual machines could be targeted with system firmware rootkits.
On the ransomware, anonymizing networks and payment methods could continue to fuel the major and rapidly growing threat. Intel believes that in 2016, greater numbers of inexperienced cyber-criminals will leverage ransomware-as-a-service offerings which could further accelerate the growth of ransomware.
When it comes to the Internet of Things (IoT), although most wearable devices store a relatively small amount of personal information, wearable platforms could be targeted by cyber-criminals working to compromise the smartphones used to manage them. The industry will work to protect potential attack surfaces such as operating system kernels, networking and Wi-Fi software, user interfaces, memory, local files and storage systems, virtual machines, web apps, and access control and security software.
Also on the IoT front, researchers will continue to focus on potential exploit scenarios for connected automobile systems lacking foundational security capabilities or failing to meet best-practice security policies. IT security vendors and automakers will proactively work together to develop guidance, standards and technical solutions to protect attack surfaces such as vehicle access system engine control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps and smartphone access.
Intel also thinks that organizations will continue to improve their security postures, implement the latest security technologies, work to hire talented and experienced people, create effective policies and remain vigilant. Thus, attackers are likely to shift their focus and increasingly attack enterprises through their employees, by targeting, among other things, employees’ relatively insecure home systems to gain access to corporate networks.
Cyber-criminals could also seek to exploit weak or ignored corporate security policies established to protect cloud services. Home to an increasing amount of business confidential information, such services, if exploited, could compromise organizational business strategy, company portfolio strategies, next-generation innovations, financials, acquisition and divestiture plans, employee data and other data.
And what happens to all of that stolen data? Stolen personally identifiable information sets are being linked together in big data warehouses, making the combined records more valuable to cyber-attackers. The coming year will see the development of an even more robust dark market for stolen personally identifiable information and usernames and passwords.
Intel also expects a rise in integrity attacks. One of the most significant new attack vectors will be stealthy, selective compromises to the integrity of systems and data. These attacks involve seizing and modifying transactions or data in favor of the perpetrators, such as a malicious party changing the direct deposit settings for a victim’s paychecks and having money deposited into a different account. In 2016, McAfee Labs predicts that we could witness an integrity attack in the financial sector in which millions of dollars could be stolen by cyber-thieves.
And finally, in the plus column, threat intelligence-sharing among enterprises and security vendors will grow rapidly and mature. Legislative steps may will be taken making it possible for companies and governments to share threat intelligence with government. The development of best practices in this area will accelerate, metrics for success will emerge to quantify protection improvement, and threat intelligence cooperatives between industry vendors will expand, Intel noted.
Source: Information Security Magazine