Cybercriminals won’t be letting up their attacks on hardware and firmware in 2016, and the security industry will be working harder to meet the growing challenge. According to the recently released McAfee Labs Threat Predictions Report, threats will expand to virtual machines, wearables, and other surfaces. The report explores developments in the cyber threat landscape and assesses threats expected in 2016 through 2020.
The report includes opinions from 33 Intel Security thought leaders and is designed to help organizations address threats as they currently exist and will change in the future, said Vincent Weafer, vice president of Intel Security’s McAfee Labs.
Coming In 2016
The 2016 predictions covers threats from ransomware, infrastructure attacks, attacks on automobile systems and the sale and warehousing of stolen data.
• Hardware: Attacks on hardware and firmware will continue while the market for the tools that facilitate them will increase. System firmware toolkits could target virtual machines.
• Ransomware: Ransomware is a growing threat that could anonymize payment methods and networks. More inexperienced cybercriminals will use ransomware-as-a-service.
• Wearables: Most wearable devices store only small amounts of information, but cybercriminals could target them to undermine the smartphones that manage them. The industry will have to protect attack surfaces like networking and wi-fi software, operating system kernels, memory, user interfaces, storage systems and local files, web apps, virtual machines and security and access control software.
• Employee systems: Attackers are likely to target organizations through their employees, including their home security systems, to access corporate networks. Organizations will have to stay vigilant by implementing new security technologies, create effective policies and hire experienced people.
• Cloud services: Attackers could exploit vulnerable security policies that protect cloud services. These services could undermine business strategy, financials, portfolio strategies, next-generation innovations, employee data, acquisition and divestiture plans, and other data.
• Automobiles: Connected automobile systems that lack security capabilities will be potential scenarios for exploitation. Automakers and IT vendors will partner to provide standards and solutions to protect attack surfaces like engine and transmission engine control units (ECUs), remote key systems, advanced driver assistance system ECUs, passive keyless entry, USBs, OBD IIs, V2X receiver, smartphone access and remote link type apps.
• Warehouses of stolen data: The dark market for stolen, personally-identifiable information and user names and passwords will increase in 2016. Big data warehouses that link together stolen, personally-identifiable information sets make combined records more valuable to attackers.
• Integrity attacks: Selective compromises to systems and data mark one of the most significant new attack vectors. Such attacks seize and modify transactions or data to favor perpetrators. An attacker can change direct deposit settings for a victim’s paychecks and direct the deposit to a different account. Cyber thieves could steal millions of dollars in an integrity attack in the financial sector in 2016, McAfee Labs predicts.
• Sharing threat intelligence: Enterprises and security vendors will increasingly share intelligence. Legislative action could allow governments and companies to share threat intelligence. Best practices in this area will increase, allowing success metrics to emerge and quantify protection improvement. Threat intelligence cooperatives among vendors will grow.
Looking To 2020
Looking to 2020, McAfee Lab explores how threat actors will change, how their behaviors and targets will shift and how the industry can meet the challenges.
• Below-the-OS attacks: Attackers could seek vulnerabilities in firmware and hardware as operating systems and applications strengthen against more conventional attacks. Attackers could access resources and gain control of administration and control capabilities, giving them broad control.
• Detection evasion: Attackers will target new attack surfaces to avoid detection. Difficult-to-detect styles will include encrypted infiltrations, file-less threats, exploits of remote shell and remote control protocols, sandbox evasion malware, and below-the-OS attacks that target and exploit BIOs, master boot records (MBR) and firmware.
• New devices and attack surfaces: There has not been a surge in wearable and IoT attacks, but by 2020 there could be install bases of such systems that reach penetration levels substantial enough to attract attackers. Virtual solution providers and technology vendors will seek to establish safety guidance and industry best practices. They will also build security controls into device architectures.
• Cyberespionage goes corporate: The dark market for hacking services and malware code could allow cyberespionage malware to find use in corporate and public sector attacks for market manipulation and financial intelligence gathering to favor the attackers.
• Privacy challenges and opportunities: The value and volume of personal digital data will expand and attract cyber criminals. This could lead to new global privacy regulations. Individuals will seek and gain compensation for sharing data. A market will develop from this “value exchange” and it could change the way individuals and organizations manage digital privacy.
• Security industry response: The industry will create more effective tools to correct and detect sophisticated attacks. Behavior analytics could evolve to identify irregular actions that could indicate compromised accounts. Shared intelligence will likely provide better and faster protection capabilities. Cloud-integrated security could enhance control and visibility. Automated correction and detection technology portends the ability to protect enterprises from common attacks and free IT security staff to focus on the most critical security incidents.
Organizations Must Take Action
To succeed in preventing future threats, organizations have to see more learn more, detect and respond faster, said Weafer. Organizations have to fully utilize all human and technical resources available to them.
Readers can access the full report here.