Symantec: Each year, the digital security space faces new forms of threats as cybercriminals evolve their approach to access in organizations data. As we approach 2017, security experts at Symantec Corp., the world's largest cyber security company, have turned their attention to the trends we can likely expect to see in 2017, and in the years to come.
Given the ever-changing landscape, it is important to focus on the focus of digital security and how it will move for the coming year.
Symantec: Internet of Things (IoT)
• Cloud growth: 2017 will continue to see a shift towards the modern workplace, as more and more businesses allow their employees to use new technologies such as wearables, virtual reality but also network-connected devices (IoT), while supporting one fast-growing potential, from cloud-based applications and solutions. Businesses should focus their attention beyond safeguarding Endpoint devices and protecting their users and information in all applications and services related to new technologies applied to the work environment.
• Linked cars will become the target of ransom: Given that cars are starting to have interconnection capabilities, it's a matter of time to see large-scale hacking in them as well. This could occur in the form of ransom for these cars, automatic and unauthorized monitoring and gathering of information, or other threats associated with them. This whole situation will also lead to the question of who is responsible for this threat: the software vendor or the car manufacturer? A question that will have long-term implications for the future of the automotive industry.
• IoT devices will get even more into business. Looking beyond the simple vulnerabilities of portable devices and computers, security departments in enterprise computing will now have to look at other safety devices, such as thermostats for example and smart devices that are connected and use access to a business's network. Corresponding examples of attacks we had several years ago with print servers. Everything almost in a business connected to the internet should be protected.
• Increase of IoT DDoS attacks: The Dyn Attack last October has proven the vast number of IoT devices that are unsafe and extremely vulnerable to attacks.
As more and more IoT devices are installed in the mass market, the risk of security breaches will increase. As soon as unsafe devices are installed on the market, it is almost impossible to correct the problem, with only a solution to reinstall or update updates. As this lack of security will continue in the near future, the number of IoT attacks will increase.
Symantec: Cloud Generation will determine the future of the business
• The business network will expand and become more vague and scattered. With the workforce becoming more "portable" than ever, the need to protect an on-premise network will become increasingly short-sighted. The need to have firewalls to defend a single network becomes redundant if it is plugged into the cloud. All businesses will start moving towards wireless and cloud-based services instead of investing in expensive and unnecessary networking solutions.
• Money cheaters will attack the Cloud. Given the significant shift to cloud-based storage and services, Cloud becomes a very lucrative target for attacks, since it is not protected by firewall or other traditional security measures. So businesses need to defend their data. Attacks can lead to extortion and compensation of many millions of euros as well as the loss of critical data. The need for protection will become even more critical.
• The artificial intelligence will require sophisticated Big Data capabilities. Το 2017, η μηχανική μάθηση και η τεχνητή νοημοσύνη θα συνεχίσουν να αναπτύσσονται. Μάλιστα, η εταιρεία ερευνών Forrester προβλέπει ότι οι επενδύσεις στην τεχνητή νοημοσύνη θα αυξηθούν κατά 300%, μέσα στο 2017. Με την ανάπτυξη έρχονται νέες, ισχυρές ιδέες για τις επιχειρήσεις καθώς και μια αυξημένη συνεργασία μεταξύ των ανθρώπων και των μηχανών. Από την άποψη της ασφάλειας, αυτή η επέκταση θα επηρεάσει τους οργανισμούς με περισσότερους από έναν τρόπους - συμπεριλαμβανομένων των endpoints και των μηχανισμών στο Cloud. Με τις νέες μορφές μηχανικής μάθησης και τεχνητής νοημοσύνης να συνεχίζουν να εισέρχονται στην αγορά, οι επιχειρήσεις θα πρέπει να επενδύσουν σε λύσεις που έχουν τις δυνατότητες να συλλέγουν και να αναλύουν δεδομένα από τα αμέτρητα endpoints και τους αισθητήρες επιθέσεων, σε διάφορους οργανισμούς, βιομηχανίες και γεωγραφικές περιοχές. Οι λύσεις αυτές θα αποδειχθούν καθοριστικής σημασίας ως μηχανισμοί εκμάθησης για το πώς να λειτουργεί η “πρώτη γραμμή” της παγκόσμιας μάχης που αλλάζει κάθε μέρα, λεπτό προς λεπτό.
Symantec: Cybercrime
• Malicious attacks will be self-funded with theft of money. There is a dangerous possibility that rogue nation-states could align themselves with organized crime for their own benefit, such as those we saw in the SWIFT attacks (Society for Worldwide Interbank Financial Telecommunications). This could lead to the downfall of countries in terms of their political, military or economic systems.
• The Fileless malware will increase. Fileless infections – which are written directly to a computer's RAM without the use of any files – are difficult to detect and often escape intrusion prevention and antivirus programs. This type of attack increased throughout 2016 and is expected to continue to increase, gaining prominence on the threat list in 2017, most likely via PowerShell attacks.
• Secure Sockets Layer (SSL) abuse will lead to increased phishing sites with HTTPS. The rise in popularity of free SSL certificates combined with Google's recent initiative tosignalMarking HTTP sites as insecure will weaken security standards, leading to spear-phishing or malware candidates due to malicious search engine optimization practices.
• Drones will be used for espionage and attacks. Αυτό ίσως να εμφανισθεί το 2017, αλλά είναι πιο πιθανό να συμβεί αργότερα. Μέχρι το 2025, μπορούμε να περιμένουμε ότι θα δούμε "drone-jacking", το οποίο σημαίνει ότι θα υποκλέπτονται σήματα drone, με αποτέλεσμα τον αναπροσανατολισμό τους προς όφελος του εισβολέα. Λαμβάνοντας υπόψη αυτή τη δυνατότητα, μπορούμε επίσης να περιμένουμε ότι θα δούμε και “αντί – drone hacking” δηλαδή τεχνολογία η οποία αναπτύσσεται για τον έλεγχο των GPS συσκευών των drone και άλλων σημαντικών συστημάτων.
Εδώ να αναφέρουμε ότι η Symantec με την τελευταία "πρόβλεψη" δεν είναι και τόσο εύστοχη, καθώς τα drones χρησιμοποιούνται ήδη για κατασκοπεία και επιθέσεις. Όσον αφορά το hacking στα drones και αυτό το έχουμε δει από το 2015.
