Bitdefender experts predict a marked rise in IoT attacks against individuals and companies alike, continuing trouble with encrypting ransomware, IoT botnets, adware and the revival of darknet markets for illegal goods and services.
Ransomware - more prevalent than ever. Building on the massive financial milestones in 2016, ransomware operations will likely dedicate more resources to improving automated targeting in 2017. This feature will help them discriminate between home users and corporations, and trying to extort higher fees from the latter.
2016 was arguably the year of ransomware, and this threat will continue to proliferate in the year to come, sparing no operating system or platform. Data extracted from our telemetry, as well as intelligence collected from exposed command and control servers and compromised botnets, suggests that ransomware operation is a crime which still pays - and very well indeed.
"One particular ransomware botnet we were monitoring raked in 1.5 million in just one week of operation, earlier this year" explained Bitdefender Chief Security Strategist Catalin Cosoi.
The profitability of such schemes lays in part in the fact that people really do value their private data, although there do seem to be cultural differences even in this field. When surveyed by Bitdefender, only one third (33%) of consumers in Germany have claimed they would pay to regain access to their data if it were held to ransom, while the figure is 50% for the US.
Ransomware knows no boundaries, but the willingness of actual victims to give in to ransom demands also varies - 36% of the people whose data has actually been held to ransom in Germany said they paid to get their data back, while only 40% of affected US citizens did the same. As for the monetary worth that people assign to their personal data, this varies across cultural boundaries, but presumably also with economic status - where Romanians would only pay an average of $132 to get their data back, Britons value their information at a whopping $568.
DDoS attacks, possibly amplified by use of IoT botnets, as seen in the recent attacks against the Dyn DNS provider, will continue to make the headlines. While most will be, as before, politically motivated or performed in support of larger hack attacks, an increasing proportion will target companies for the purpose of simple extortion as well.
The IoT botnet phenomenon can only grow, as these devices have been built without any serious thought given to security, not to mention they are also difficult (sometimes impossible) to patch. For instance, there are tens of millions of vulnerable IoT devices that have patches available but the methodology of applying the patch is so complicated that people choose to remain vulnerable. And who ever heard of a webcam or DVR manufacturer issuing a product recall because of a vulnerable web interface?
"The major emerging threat for 2017 is the botnet made up of not-so-smart things" opined Catalin Cosoi.
A single IoT botnet (Mirai) managed to cripple the Internet for several hours by simply targeting one of the major DNS providers. This is, simply put, a level of control over worldwide communications that was previously reserved for the most powerful state actors, now in the hands of unknown individuals.
"We have even observed a simplification of attacks targeted at corporations' networks - where in past years you would see highly complex APTs targeting them, we are now witnessing a reversal to cruder tactics, such as simple worms which try dictionary attacks to gain access to intranets. This reflects both the lack of security prevalent in such networks, and the fact that ever lower-level criminals get involved in the lucrative business of separating corporations from their data" explains Catalin Cosoi.
As penetration of IoT devices in industry will grow, so will the threats posed to security by their uncontrolled deployment and use. Personal IoT devices will also increasingly get carried across physical and logical security boundaries by employees, compounding the issues.
As the market penetration of smart devices grows, the population of legacy devices which remain unpatched and thus vulnerable "forever" will only grow itself. This creates the possibility of crossover threats, as 60% of those surveyed keep private files in their PCs or laptops which share the home network with smart devices.
The problem is similar with that of users hanging on to their Windows XP installs way past their toss-by date - except thermostats aren't supposed to have a toss-by date.
Worse, users do not have good security habits when it comes to their smart devices - 42% of smarthome dwellers surveyed for Bitdefender claimed they never update their smart TVs, for example, claiming "lack of time" as the foremost reason, closely followed by "lack of know-how".
Although awareness is high (almost half of the people surveyed by Bitdefender are concerned about the possibility of data theft), knowledge and skill required to mitigate the threat of data loss or theft remains low, while the industry has not yet moved towards comprehensive, hardware-enabled smarthome data security solutions.
"We estimate that starting with 2017 the Internet of Things will be slowly replaced with the Internet of Threats" concludes Catalin Cosoi.
Threats against SCADA systems will also become more widespread, as SCADA providers continue to move towards TCP/IP as protocol of choice within their networks and the decreasing cost of chips leads to ever "smarter" (and thus easier to exploit) industrial process controllers and sensors.
Targeted attacks, possibly targeting corporations public cloud presence, will also be on the increase in 2017, as threat actors ranging from nation states to industrial espionage outfits to activist NGOs will seek to exploit the security weaknesses in organizations.
Darknets and the associated markets in illegal materials and services (cyber-crime tools included) represent an emergent problem, which will probably rise again to mainstream attention during 2017 . The highly successful (and thus highly centralized) Silk Road market has been crushed by law enforcement, but a myriad TOR-ified or otherwise hidden specialized markets have sprouted in its stead, and are expected to continue growing to the point of becoming again a global problem.
Increased cooperation in stamping out cybercrime between governments, the security industry and affected entities (companies and individuals) is the one bright spot in this otherwise dark landscape. Such initiatives will, if continued and strengthened, serve to curb botnets and illegal markets by targeting their operators. Increased cooperation on a global scale, as well as a reduction of bureaucratic obstacles, will be needed to support this goal.