possible cyber security threats of 2016
TRANSCRIPT
Possible Cyber Security Threats of 2016:
Computing is becoming one of the important aspect of life these days. It's used in all area of life, from personal pleasure to serious business dealings and contracts. It has opened the gates to so many opportunities which were hard to imagine in those early days. As the technology is coming forward that much the development is happening to make life easier. Almost all the objects are smarter nowadays. Name it and you will find it, mostly all the modern devices are enabled with internet connectivity, from smart phone, smart television to smart car. Many enhancement has been done which makes it very different to interact, whether it's sight, sound or touch, everywhere technology is involved in one or the other way. No doubt, it’s creating a real meaningful connection with everyone like suppliers, partners, customers or government.
As the technology is moving forward with an ease, the major issue of security is also getting intense day by day. Here are some of the major things which we had already seen till this 2015, which created a big issues that cannot be ignored at all.
Cyberattacks:
The growth of smart devices is going to be more in coming years, so as the users of these smart devices. The major concern is that though it comes with security features but still threats are happening, so the growth of cyberattacks is there.
Hard to Detect Attacks:
We had already seen lot of hard to detect attacks and one of them which is still the biggest is Malware. In this past 2015, we also saw some new types of attacks which were even harder to detect for example file less attacks, exploits on remote shell, theft of personal credentials and many more.
New type of Devices:
In the past year Internet of Things (IoT) has made the tremendous growth. Nowadays, so many new devices have become the part of our life. We have already seen several smart devices which are useful for home security, high-tech smartphones or tablets which even gave growth to wearable devices such as smart watch.
Absolutely, more companies will come forward to launch these type of new devices, but as these companies compete which each other in providing devices as early as possible, they fail to provide the security which makes it a big concern to look at.
Apart from this, these new devices are now accepted within the organization as well, so the possibility of carrying the confidential information which should not be leaked is there. It will be hard to accept but these gadgets like smart watch don’t even provide the basic security, which makes all the confidential data vulnerable for attacks which are fed into these devices. Another important concern to take care of is that these attacks which are done on organization can create a big havoc for the company as well as for their related clients also.
By looking at the above image you can clearly see that how many devices are available in the market. Whether its tablets, wearable devices, loT devices and still more to see in coming years.
Growth in Cybercrime:
As long as these technology based devices are available, criminals will always be there to do harm. So, it’s obvious that cybercrime is going to make its stay for long times to come. As business is to make profit so as these cybercriminals, they look out for monetary gains in one or the other way as easy as possible. One of the reason can be of the growth in cloud computing which can create lot of vulnerabilities and possible threats as mostly cybercriminals go for the data.
Apart from that, cloud computing can also become one of the biggest platform for cybercriminals, as it provides the ability to store huge amount of data and it’s not even possible to shut down the whole cloud computing services.
By looking at the image below you can know that there are about 70% of people who thinks that cybersecurity is the growing concern for their organization whereas about 48% thinks it can be dangerous that can lead to loss of life as well.
Is Organization Prepared?
It's not new that every country has faced cyber-attacks. Even though if we try to find out how many country are prepared for the cyber-attacks if any happen in future, the answer will shock you. Though most countries thinks like they are prepared if any of the cyber-attack happens, which is quite good news but still efforts to make it better should be there.
Cybersecurity Policies of the Organization:
Preparation comes into action when the organization have the proper plans for that. By looking at the above graph it can be said that only 52% of the organization have a plan for cyber-attacks and only 37% of the company have adopted the industrial security standards. By this survey you can say there are chances of devices getting compromised.
Budget of Organization:
Several organizations of different countries still say that their budget for cybersecurity is same, or they are not sure and very few countries are there which has definitely increased their budget for cybersecurity. Due to lack of this step it makes the possibility for some of the serious attacks to countries which are not having up to the mark security measures, as most of the cyberattack techniques are hard to detect by those old methods.
Based on all these, here I would like to share some possible cyber security related threats which can happen in this year of 2016.
Attacks Related to Hardware:
In past year we saw some of the hardware related attacks like malware were able to reprogram the disk on such a level which makes it mandatory to reinstall the operating system or reformat the hard drives. It is one of the example which shows how strong the knowledge of attackers are and how aggressive they have become, and this trend will definitely be seen in 2016 with some other major possible attacks.
Ransomware - One of the Growing Attack:
Ransomware has grown rapidly from 2014 onwards, we saw many attacks of it in the past year 2015 and it’s predictable that it will be continued in 2016 as well. Recently in 2015, Ransomware was sold as one of the service through Tor network which anyone can get it with the help of virtual currencies like Bitcoin. We even saw some of the different types of Ransomware like CryptoWall3, CyptoLocker and CTB-Locker, its sure to say that 2016 will bring some other threats of Ransomware as well.
The main motive of Ransomware is to get income by the help of spam campaigns, and the wealthy countries are the main targets. Till now Microsoft Office, Adobe PDF files or Graphic files has been the
target but in 2016 we can see that, other file extensions will also be used. Mac OSX is also one of the popular OS, so it’s most likely that it will become the next Ransomware target.
COUNTRIES AFFECTED BY RANSOMWARE
In the above images we can clearly determine, how the growth of Ransomware has taken place in past three years and which countries are mostly affected by ransomware.
Vulnerable Applications:
It was and today's date also vulnerability of applications and software are one of the major concern which haven't been solved completely. One of the example is of Adobe Flash which happened recently, some of the vulnerabilities like CVE-2015-0311 & CVE-2015-0313 were found in Adobe Flash player. So, it's possible these types of attacks will make more hype in this year as well. As we can see above, several applications were found vulnerable. These vulnerabilities are still not that dangerous, but the concerned issue is that in this coming year it is possible that the vulnerability in applications of Internet of Things (IoT) can become much threatening.
Change in Payment Methods:
Earlier was the time when shopping just needed cash. In today's date though cash payment does exist but other methods have also came into play. There are several methods available for making payments. Some of them are like paying through Bitcoins, ApplePay, Debit Cards and Credit Cards.
Definitely, the change has made an advancement but with this the threat of security has also been extended. By the growth of other paying methods, the chances of attacks has also increased. As much the technology is making an advancement that much the attackers are also improving their techniques in attacking the target people.
Several change has been seen in methods of attack, but still some of the basic information remains the same such as usernames, passwords and other credentials. So, they have also found several ways to lookout for these information. Due to this, we can surely say that it will continue in this 2016 as well.
Vulnerability in Employees Personal Systems:
Through several years we have seen some of the high profile attacks and definitely this year could also be the same. Though in the past year 2015, we got some bad news for large corporate companies, agencies related to governments and even dating websites such as Ashley Madison. The point to note in these type of attacks is that, there was not any visible change on websites. The target was confidential data like credit card details, social security numbers, residential address and other important details which were stolen.
Though these recent attacks has made the security a major concern and even companies has also started taking precautions. You can see that some of the companies are even investing on training employees for taking proper precautions, but these won’t be able to stop attackers completely. Attackers will opt for other ways to get their work done. Though company make a smart choice of upgrading their security systems, but still there are chances as organization is not aware about the security level of employees personal computer systems or where they are using them, so there’s a whole lot of chance for these type of attacks in this year also.
Services of Cloud Computing:
From past few years we have seen the growth of cloud computing services. From small to big companies, most of them opt for cloud computing, as it offers data storage at minimum cost and accessibility to connect anyone whenever you want.
The main concern is that, the data which is shared among these platforms and services are mostly confidential and any leak could lead to big problems. Most of the companies use cloud computing services for trading and other important things, which makes it quite reasonable why attackers would opt to do their notorious act on cloud services. Apart from this, customers are also having risk as they are not aware about what security measures are taken by the company when they are dealing with sensitive data. Some of the recent attacks of past year are like data breach which included exposing of information like emails, salary details, confidential information of employees and much more. Majority of the organizations go for low-cost or even free cloud services which makes the shared data vulnerable as security details of these type of services are mostly not revealed. So, it’s quite sure to say that chances of attacks are still there in this year as well.
Wearable Devices:
In previous year we saw the huge growth of IoT (Internet of Things). At the time of beginning of loT the main motive was to make the normal devices "smart," by adding the computing and wireless technology into it. Some of the examples like smart TVs and the connected home devices gave lot of promise for the same. In the past we saw the huge growth of it through wearable devices for example smart watches, fitness trackers and other devices as well. In today's market some of the popular brands includes Apple Watch and to name some other like Fitbit and Pebble.
In coming time definitely there’s going to be a boost in sales for these types of devices. Though these types of devices collect simple type of data, which are further stored on smartphones, tablets or computers but, the sad part is that for hackers it’s not that hard to break into these devices as it uses LE (Low Energy) technology like Bluetooth for the process of data transfer applications, as Bluetooth technology is one of the weak technology which should not be ignored.
The applications used for wearable devices does not come with solid security measures which literally shows that in this coming years we can see some of the major attacks through it like our smartphone get completely hacked due to these type of devices.
Attacks on Automobiles:
In past year we saw how much advancement has been made and even the automobiles are also connected with the wireless technology. Though technology getting connected with automobiles is quite exciting, but it should also have some proper protection methods when it comes to security, which is not quite up to the mark as it has to be. Apart from automobiles, even roads will also get connected with technology in the coming years.
As per the survey it has been said that there will be about 220 million cars on roads which will be connected with internet and wireless technology, and from this about 12% of the cars will be internet enabled in this 2016 itself. More to add, consumers are even looking forward for the cars which give access to internet connection through monitor installed in car, auto-detection of traffic signals, alarm warning, capable of night vision, access to social media and much more. As per the security report of Intel, it has been revealed that vehicles should offer privacy of data, encrypted network, monitoring of behavior which is currently not available.
Recently one of the research has been done, where it has been showed that it is possible with certain selected cars to be hacked through entertainment system and to send commands to its dashboards functions and to take control over certain critical functions of the car like steering, brakes and transmission that also from the remotely located laptop. So, it’s not new that it will open the doors for hackers which can lead to some serious life threatening issues.
Easily Available Stolen Data:
The security tools and products such as firewalls, gateways and other end point products works well in protecting the users from common possible attacks. So, attackers look for some other ways to do their mischievous behavior. They might look for some other vulnerability in the security system or else they will even opt for some other options such as to purchase the stolen credentials from the dark web.
Purchasing the credentials give easy access to the companies data, as it looks completely legit due to valid user-names and passwords. In this way they will be able to bypass all the security system. It has been seen from past few years that lot of data was stolen from organizations, government, health care agencies, and these type of attacks are still happening. To overcome this problem the security system of behavioral detection is in process which will be available in coming few years, but till that these attacks can be seen in this 2016 and some coming years as well, as some of the trusted cybercriminals will easily be able to purchase stolen data, compromised details from the big warehouse of the dark market.
Different Approach:
Technology is advancing constantly, so it’s nothing new that the improvement in online security is also happening persistently. No doubt, the industry or any organization will always lookout for the best when it comes to securing their confidential data and other personal details.
One thing to note is that as the technology is improving, that much the plans and tactics of attackers are improving. Attackers do not go with old techniques anymore, they also constantly keep on improving their skills and approach towards the attack they plan to do.
By looking at the past, anyone can say that these are some of the obvious attacks which happened and there’s possibility of the same in present as well as near future, such as data breach, compromised accounts, and many others. But the attackers are nowadays getting more skilled due to which they are out to do some more dangerous attacks like changing the integrity of the system.
Attacks like making change in the integrity of the security system is more dangerous compared to other common attacks which happens. As by these type of attacks, attackers are able to make small change in the security system, which can damage the system in a very serious manner. These type of attacks are possible by someone who have the knowledge of the security system of organization, any employee or any skilled cybercriminal. Main motive is not to damage the system, but it’s to make some change in the current security system to gain profit without making it known to anyone.
Recently these type of attacks has happened which are the perfect example of integrity attacks. For example, researchers showing the car can be hacked. The motive behind this was not to shut down the car but to show, how some of the functions can be manipulated which can be quite dangerous. In future there’s lot of possibility to target financial sectors as well.
Online Snooping:
Online snooping or Cyber Espionage is one type of attack, where attackers try to get the secret information of the organization, without getting permission of the owner. It’s one type of attack which has been noticed in past years. It's mostly done for getting the advantage from rival, individuals, groups or any government agency by using some of the methods on internet.
Here in below are some of the attacks which happened in past years, which shows how it has increased from time to time. Looking at the below data, it’s possible that we can see in this year as well as in coming time.
Nowadays, attackers are also getting skilled with the techniques and they are using stronger method then before. Some of the attacks that could possibly take place in this or coming years are like through services of cloud computing like Dropbox, to take control over servers. Use of Tor network can rise, as it offer undetectable secret connections to servers. In last few years we saw that these types of attack took place by using some Microsoft documents. So, other file extensions such as .ppt, .doc or .xls, can be used in future attacks.
Hacktivism – On its Rise:
Hacking is not new, it has been done through many years, and it’s still going to continue in this year and in future as well. Hacktivism is a kind of hacking in which a purpose is socially or politically motivated and the people who do these are known as hacktivist. There had been several cyberattacks which includes popular ones like attacks on websites of Canadian police, government institutions, and many more. It's mostly possible that in 2016 as well, we can see these type of attacks.
Cyber Attacks towards Critical Infrastructure:
CI (Critical Infrastructure) is the term government use for describing infrastructures, assets or systems which are important for the economy and society. These critical infrastructure is very important and any destruction or attacks on it can create a big impact on security, safety, national public health or anything combined with these type of matters. The point to notice is that these critical infrastructure are quite dependable on each other. So, if one get affected by any attack, other will also suffer in one or the other way. The types of critical infrastructure are like public health service, emergency services, banking and finance sectors, transportation services, important services provided by government.
The cyber-attacks on Critical Infrastructure is not new, though the attacks don't happen frequently like other common attacks but when it happens, it does lot of impact. Some of the famous examples includes like Stuxnet Malware which happened during 2010. By looking at these attacks, it is possible that 2016 might see some cyber-attacks on Critical Infrastructures.
These are some of the possible threats which can happen or may not happen and it’s even possible that something could happen which is not listed here. I would like to know what your views are.