Biggest Cyber Security Threats To Watch For In 2016; Gartner Forecasts 6.8B Devices Connected To Internet Of Things In 2016
Harriet Taylor, in a December 28, 2015 article on CNBC’s website is the latest in a series of articles on the evolving cyber threat and what may be the top cyber threats next year. “Headless worms, machine-to-machine attacks, jailbreaking, ghostware, and two-faced malware,” top the list of key cyber threats to prepare for next year.” In the coming year,”hackers will launch increasingly sophisticated attacks on everything from critical infrastructure, to medical devices,” said Fortinet Global Security Strategist, Derek Manky. “We are facing an arms race in terms of security. Every minute we sleep, we are seeing about a half a million [cyber] attack attempts that are happening in cyber space,” he added.
Here’s How The 2016 Cyber Threat Landscape Looks To Some Experts:
The rise of machine-to-machine attacks: Research company Gartner predicts there will be 6.8B connected devices in use in 2016; a 30 percent increase over 2015. By 2020, that number will jump to more than 20B connected devices, the company forecasts. That would mean an average of two to three Internet-connected devices for every human being on the planet. The sheer number of connected devices, or ‘Internet of Things (IoT), presents an unprecedented opportunity for hackers. “We’re facing a massive problem moving forward for growing attack surface,” said Manky.
“That’s a very large playground for attackers, and consumer and corporate information is swimming in that playground,” he said. In its 2016 Planning Guide for Security and Risk Management, Gartner said: “The evolution of cloud and mobile technologies, as well as the emergence [maturation?] of the IoT,’ is elevating the importance of security and risk management foundations.”
“Smartphones present the biggest risk category going forward,” Manky believes. “They are particularly attractive to cyber thieves because of the sheer number in use, and multiple vectors of attack, including malicious apps and web browsing;
“We call this drive-by-attacks — websites that will fingerprint your phone when you connect to them; and, understand what that phone is vulnerable to,” Manky said,. “Apple devices are still the most secure,” he added. But, he also cautioned that there is no such thing as a totally safe device connected to the IoT.
Are you nurturing a headless worm?: “The new year will likely bring entirely new [cyber] worms and viruses able to propagate from device-to-device,” predicts Fortinet. the new year will see the first “headless worms” — malicious code — targeting “headless devices,’ such as smartwatches, smartphones, and medical hardware;” “These are nasty bits of code that will float through millions, and millions of computers,” Manky warns. “The largest we’ve seen to date, is about 15 million infected machines, controlled by one network — with an attack surface of 20B devices. Certainly that number can spike to 50M, or more. You can suddenly have a massive outage globally, in terms of all these consumer devices just simply dying and going down [dark];”
Jailbreaking the cloud: “Expect a proliferation of attacks on the cloud, and cloud infrastructure, including so-called virtual machines, which are software-based computers. There will be malware specifically built to crack these cloud-based systems “Growing reliance on virtualization; and both private and hybrid clouds — will make these kind of attacks even more fruitful for cyber criminals,” according to Fortinet. “At the same time, because apps rely on the cloud, mobile devices running compromised apps will provide a way for hackers to remotely attack public and private clouds and gain access to corporate networks.”
Hackers will use Ghostware to conceal attacks: “As law enforcement boosts its [cyber] forensic capabilities, hackers will adapt to evade surveillance and detection, [Stealth] malware designed to penetrate networks, steal information, then cover up its tracks will emerge in 2016. So-called Ghostware, will make it extremely difficult for companies to track exactly how much data has been compromised, and hinder the ability of law enforcement to prosecute cyber criminals.”
“The attacker and the adversaries are getting much more intelligent now,” Manky said.
“Alongside Ghostware, cyber criminals will continue to employ so-called “blastware,” which destroys and disables a system/s when detected. “Blastware can be used to take out things like critical infrastructure, and it’s much more of a damaging attack,” he added.
“Because attackers may circumvent preventative controls, detection and response capabilities are becoming increasingly critical,” advises Gartner in its report.
Two-Faced malware: “Many corporations now test software in a safe environment called a sandbox, before running it on their networks.” “A sandbox is designed to do deeper inspection to catch some of these different ways that they’re trying to change their behaviors,” Manky said. “It’s a very effective way to look at these new threats as we move forward.”
“That said,” Ms. Taylor writes, “hackers in turn, are creating malevolent software that seems benign under surveillance; but, morphs into malicious code, once it’s no longer under suspicion. It’s called……two-faced malware.”