Trend Micro expects evolving technology to introduce threats in 2017; while penetrating newer vulnerable surfaces

Cybersecurity company Trend Micro released Wednesday its annual security prediction report, “The Next Tier — 8 Security Predictions for 2017.” The upcoming year will include an increased breadth and depth of attacks, with malicious threat actors differentiating their tactics to capitalize on the changing technology landscape.

The Internet of Things (IoT) and Industrial Internet of Things (IIoT) will play a larger role in targeted attacks in 2017. These attacks will capitalize upon the growing acceptance of connected devices by exploiting vulnerabilities and unsecured systems to disrupt business processes, as we saw with Mirai.

The increasing use of mobile devices to monitor control systems in manufacturing and industrial environments will be combined with the significant number of vulnerabilities found in these systems to pose threats to organizations.

Business Email Compromise (BEC) and Business Process Compromise (BPC) will continue to grow as a cost-effective and relatively simple form of corporate extortion.

A BEC attack might yield $140,000 by luring an innocent employee to transfer money to a criminal’s account. Alternatively, hacking directly into a financial transaction system, while requiring more work, will result in far greater financial windfalls for criminals — as much as $81 million.

“Next year will take the cybersecurity industry into new territory after 2016’s threat landscape opened doors for cybercriminals to explore a wider range of attacks and attack surfaces,” said Raimund Genes, chief technology officer for Trend Micro. “We foresee the General Data Protection Regulation (GDPR) causing extensive data management changes for companies around the world, new attack methods threatening corporations, expanding ransomware tactics impacting more devices and cyber-propaganda swaying public opinion.”

In 2016, there was a large increase in Apple vulnerabilities, with 50 disclosed, along with 135 Adobe bugs and 76 affecting Microsoft. This apparent shift in exploits against vulnerable software will continue in 2017 as Microsoft’s mitigations continue to improve and Apple is seen as a more prominent operating system.

Trend Micro expects in 2017 the number of new ransomware families is predicted to plateau, only growing 25 percent, but will branch out into IoT devices and non-desktop computing terminals, like PoS systems or ATMs. Vendors will not secure IoT and IIoT devices in time to prevent denial of service and other attacks, while new vulnerabilities will continue to be discovered in Apple and Adobe, which will then be added to exploit kits.

With 46 percent of global population connected to the internet, the rise in cyber-propaganda will continue as new world leaders are appointed, potentially influencing public opinion with inaccurate information

As seen in the Bangladesh Bank attack early in 2016, BPC attacks can allow cybercriminals to alter business processes and gain significant profits, and BEC attacks will continue to be useful to extort businesses via unsuspecting employees. GDPR will force policy and administrative changes that will greatly impact costs and require organizations to conduct complete reviews of data processes to ensure compliance, while the new targeted attack methods will focus on evading modern detection techniques to allow threat actors to target different organizations.

Trend Micro expects a 25 percent growth in the number of new ransomware families in 2017, translating to an average of 15 new families discovered each month. Although the tipping point has passed in 2016, a period of stabilization will push competing cybercriminals to diversify, hitting more potential victims, platforms, and bigger targets. It also predicts that ransomware will become an increasingly commonplace component of data breaches. Cybercriminals will first steal confidential data to sell in underground markets, then install ransomware to hold data servers’ hostage, doubling their profit.

Mobile ransomware will likely follow the same trajectory as desktop ransomware given how the mobile user base is now a viable, untapped target. Non-desktop computing terminals like point-of-sale (PoS) systems or ATMs may also suffer extortion-type attacks.

Thousands of webcams that people didn’t think twice about securing became the stronghold for the Mirai DDoS attack that took down major websites.

Connected devices, like sleeper agents, are innocuous until activated by cybercriminals. Trend Micro expects that in 2017, more cyber attacks will find the IoT and its related infrastructure front and center, whether threat actors use open routers for massive DDoS attacks or a single connected car to stage highly targeted ones.

Trend Micro also forecasts that cybercriminals will use Mirai-like malware in DDoS attacks. From 2017 onward, service- oriented, news, company, and political sites will get systematically pummeled by massive HTTP traffic either for money, as a form of indignation, or as leverage for specific demands.

Unfortunately, Trend Micro foresees that vendors will not react in time to prevent these attacks from happening. In the Mirai attack, webcam recalls were indeed triggered by the vendor, but it did not exactly prompt similar code reviews on unaffected but still controllable connected devices. Therefore, there will always be a potent attack surface available to threat actors.

Likewise, as IoT introduces efficiencies into industrial environments like manufacturing and energy generation, threat actors will build on the effectiveness of the BlackEnergy attacks to further their own ends. Together with the significant increase in the number of supervisory control and data acquisition (SCADA) system vulnerabilities (30 percent of the total number of vulnerabilities found by TippingPoint in 2016), the migration to IIoT will introduce unprecedented dangers and risks to organizations and affected consumers in 2017.

These dangers can be proactively addressed by vendors who sell smart devices and equipment by implementing security-focused development cycles. Barring that, IoT and IIoT users must simulate these attack scenarios to determine and protect points of failure. An industrial plant’s network defense technology must, for instance, be able to detect and drop malicious network packets via network intrusion prevention systems (IPSs).

Enterprises have limited visibility of the risks associated when business processes are attacked. The typical security focus is to ensure that devices do not get hacked into. Cybercriminals will take full advantage of this delayed realization.

Security technologies like application control can lock down access to mission-critical terminals while endpoint protection must be able to detect malicious lateral movement. Strong policies and practices regarding social engineering must be part of an organization’s culture as well.

Adobe outpaced Microsoft for the first time in 2016 in terms of vulnerability discoveries. Among the vulnerabilities disclosed through the Zero-Day Initiative (ZDI) so far in 2016 were 135 vulnerabilities in Adobe products and 76 in Microsoft’s. 2016 was also the single-biggest year for Apple in terms of vulnerability as 50 vulnerabilities were disclosed as of November, up from 25 the previous year.

Trend Micro predicts that more software flaws will be discovered in Adobe and Apple products in addition to Microsoft’s. Apart from the fact that Microsoft’s PC shipments have been declining in recent years as more users opt for smartphones and professional-level tablets instead, the vendor’s security mitigations and improvements will also make it more difficult for attackers to find more vulnerabilities in its operating system.

The discovery of Adobe vulnerabilities will invariably lead to the development of exploits that can then be integrated into exploit kits. Exploit kits will continue to be part of the threat landscape, but cybercriminals may find even more use for them apart from delivering ransomware. Exploit kit usage dwindled after the arrest of the Angler Exploit Kit creator, but as with BlackHole and Nuclear, other exploit kits will simply take over.

Leave a Reply

WWPI – Covering the best in IT since 1980