2017 — A potluck holiday feast of predictions
It’s that familiar season again — chestnuts roasting on an open fire, sleigh bells jingling … and the usual round of cybersecurity predictions for the new year. We’ve been reading, so you don’t have to.
Kaspersky Security Bulletin Predictions for 2017 — Indicators of Compromise, or IoCs, are dead, declares the global security giant, still run from Russia by its eponymous founder. IOCs “are a great way to share traits of already known malware,” but increasingly useless against truly advances threat actors like Project Sauron, “a truly bespoke malware platform whose every feature was altered to fit each victim and thus would not serve to help defenders detect any other infections.”
“We expect information warfare operations to increase in popularity for the sake of opinion manipulation and overall chaos,” write Kaspersky researchers. “Threat actors interested in dumping hacked data have little to lose from crafting a narrative through an established or fabricated hacktivist group.” The real danger at this point, they conclude “is not that of hacking, or the invasion of privacy, but rather that as journalists and concerned citizens become accustomed to accepting dumped data as newsworthy facts, they open the door to more cunning threat actors seeking to manipulate the outcome by means of data manipulation or omission.
“Vulnerability to these information warfare operations is at an all-time high,” they conclude — and that includes the possibility of “true false flag” operations — “An operation by Threat Actor-A carefully and entirely crafted in the style and with the resources of another, blameless, Threat Actor-B, with the intent of inciting tertiary retaliation” against the innocent party by the victim.
McAfee Labs 2017 Threats Predictions — The venerable security outfit, with no relation to its eponymous founder, predicts that ransomware will peak in the middle of next year but then begin to recede; that threat intelligence sharing will see major advances; that there will be even more cooperation between security vendors and law enforcement agencies to take down cybercriminals; and that the volume of “fakes”— “product reviews, ads, security warnings, and more — will continue to grow, eroding trust in the internet.”
“We predict that initiatives like the No More Ransom! collaboration, the development and release of anti-ransomware technologies, and continued law enforcement actions will reduce the volume and effectiveness of ransomware attacks by the end of 2017,” write the researchers.
They also predict that internet of things expansion will carry big risks. “The rush to market is fast and furious, and home IoT device makers generally employ the [minimum viable product] approach [eschewing security-by-design]. Many, for example, rely on third-party code libraries to shorten the development process and reduce costs.”
Experian’s fourth annual 2017 Data Breach Industry Forecast — The credit-rating and data security giant predicts a wave of “Aftershock” password breaches from massive compromises like LinkedIn and Yahoo — “As more and more personal credentials are compromised, the risk for users may extend far beyond the initial breach as attackers continue to sell old username and password information.” Because of password re-use “companies that didn’t experience a first-hand data breach may see repeat unauthorized log-ins and be forced to notify their users that their information is being misused.” As a result of these aftershocks, “more companies should push toward using two-factor authentication to verify users,” researchers say.
Experian also predicts that “Nation-State cyber-attacks will move from espionage to war,” and that “Healthcare organizations will be the most targeted sector with new, sophisticated attacks emerging” against them.
Tenable Network Security 2017 Global Cybersecurity Assurance Report Card — Averaging responses from 700 security practitioners across seven industry verticals and nine countries, Tenable and research partner CyberEdge Group produced two summary indices that reflect the abilities of the world’s enterprises to assess cybersecurity risks and mitigate threats. The “Risk Assessment Index” represents “an organization’s ability to assess cybersecurity risks across 11 key components of enterprise IT infrastructure,” according to Tenable. It stands at 61 percent, down 12 percent since last year. The “Security Assurance Index” represents “an organization’s ability to mitigate threats by investing in security infrastructure fueled by executive and board-level commitment.” It stands at 79 percent for 2017, unchanged since last year.
