IT Security challenges to intensify in 2017
Escan earmarks some of the key cyber threats, which would pose higher risks to IT security:
In 2016, as predicted we have seen the rise of Ransomware attacks which grew by more than 300% within a year costing billions. Many organizations / individuals have fallen prey to this infamous piece of malware and many of the victims have been forced to pay to get their valuable data back.
Security Vendors have started collaborating with each other and the Enforcement agencies in tackling this menace by providing multitude of free decryption tools to various variants of Ransomware. There have been concrete efforts which resulted not just in the take-down the ransomware networks but also led to arrests of the authors/creators of Ransomware. With this collaboration in place, we expect 2017 to be the year of “War Against Ransomware” which is looming large.
Until recently, very few variants of Ransomware used exploit-kits to propagate, however in the later half of 2017, we predict an upward trend in the usage of Exploit-Kits being used to deliver not just the Ransomware, but info-stealers too and this will be according to eScan Research team goig to be the top most cyber threat for 2017.
In September 2016, Mirai Botnet exploited IOT devices, like Network Cameras, DVRs and few other IOT devices, to initiate a historically massive DDOS attack. IoT is growing rapidly than anticipated and also is now ready to be part of the connected world. However, what we observed is the IoT developers did not take into consideration the cyber threat possibilities while creating it, thus making a huge potential bot network, which could cause unimaginable damages in terms shutting down large scale public infrastructure.
IOT devices would be one of the targeted group of devices by hackers to exploit the vulnerabilities for both individual as well as enterprise levels. We predict a rise in attacks to Linux based systems, or firmware. In 2017, we can expect a major overhaul of our understanding of IOT devices and moreover, we should expect IOT vendors and Organizations to take note of the potential cyber threats by IOT devices. We should consider IOT devices a huge security risk for 2017.
Banking has been a fertile ground for cyber attackers due to immediate financial gains it could provide. Online banking users have been always targeted by Skimmers, Phishing, Ransomware and Info-stealing Trojans, Apart from some were victimized by Telephone Scams International Missed Call Scams, while others were conned into divulging their card details and getting their entire savings wiped out.
Internet Penetration in India is at a dismal 34% which has grown from 15% in 2013 and presently India ranks 127 in the comparative list of internet user countries. We believe that it will be a herculean task, to make 75% of Indians have easy access to Internet.
However the recent demonetization has also opened up new gates for cyber criminals in terms of mobile and unified payment options. This would be a great avenue for cyber criminals to exploit the unaware / uneducated mass of victims from this technology transition. Due to the sudden move of switching over to digital payments platforms, more than 85% of users are left wondering how to safely use this new payment option. Already in 2016 there have been sporadic incidents of digital wallets frauds.
This is one of the new emerging areas of concern, as the patterns are less known, but could be a high potential threat due to the financial gains it could provide to the cyber criminals.
The security vendors are getting ready and using latest AI technologies to predict and protect before the attacks happens. However, a lot could evolve with the rampant adoption of technology by unaware users of technology and lack of legal frame work across borders, or the speed of investigation.
eScan predicts that various nodal agencies and government to come together in 2017 to form a worldwide council to create an equal platform for online users across the globe.
For an emerging country like India and the governments vision of making Digital India, it would be imperative that the government bodies take IT security as one of the most urgent and immediate concerns to be addressed by setting up easy to understand legal framework for users and robust security practices to be followed by organizations facilitating IT services from payment gateways to telecom bodies.