Intel Security has released its McAfee Labs Threats Predictions report, which enlists key security threats in 2016 till 2020. The report includes an overview of cyber-attacks and threats on hardware, wearables, cloud services, etc and the possible response of IT security industry to them.
Predictions for 2016
Intel McAfeeLabs predicts that attacks on all types of hardware and firmware are likely to continue. In 2016, virtual machines could be targeted using system firmware rootkits.
Anonymous networks and payment methods could prove to be major reasons in the growth of ransomware in the coming year, the company says. The report suggests that there will be a rise in number of inexperienced cyber-criminals, who will use ransomware-as-a-service offerings.
Even though wearable devices store a relatively small amount of personal information, these could be attacked to compromise the smartphones used to manage them.
Attacks through employee systems
Organisations will continue to improve their security postures and implement the latest security technologies. Thus, attackers are likely to shift their focus and attack enterprises through their employees, by targeting their home systems to gain access to corporate networks.
Cyber-criminals could seek to exploit cloud services, which are now home to confidential business information, business strategies, company portfolio strategies, next-generation innovations, employee data, and other data.
While security researchers will continue to focus on potential exploit scenarios for connected automobile systems lacking foundational security capabilities; IT security vendors will work to develop guidance, standards, and technical solutions. These include vehicle access system engine control units (ECUs), engine and transmission ECUs, advanced driver assistance system ECUs, remote key systems, passive keyless entry, V2X receiver, USBs, OBD IIs, remote link type apps, and smartphone access.
Warehouses of stolen data
Since personally identifiable information sets are linked together in data warehouses, these also become potential target points. 2016 will see the development of an even more robust market for stolen personally identifiable information, usernames and passwords.
Compromises to the integrity of systems and data will be one of the most significant attacks in the coming year. Cyber-criminals through these attacks can change the direct deposit settings for a victim’s paychecks and have money deposited into a different account. The integrity attack is likely to take place in in the financial sector, where millions of dollars could be stolen by cyber thieves.
Sharing threat intelligence
The company has further said that legislative steps for companies to share threat intelligence with government could be taken. Also, the development of best practices in this area will accelerate and threat intelligence cooperatives between industry vendors will expand.
Predictions through 2020
McAfee Labs has also predicted how the types of threat actors, attackers’ behaviours and targets will change over the next five years:
Attackers could look for weaknesses in firmware and hardware to conceivably access any number of resources, commandeer, administration and control capabilities.
Attackers will attempt to avoid detection by targeting new attack surfaces and actively evading security technology.
New devices, new attack surfaces
By 2020, we may see install bases of these systems reach substantial penetration levels that will attract attackers. Technology vendors and vertical solution providers will work to establish user safety guidance and build security controls into device architectures.
Cyberespionage goes corporate
McAfee Labs has predicted that the market for malware code and hacking services could enable cyber-espionage malware to be used in public sector and corporate attacks. These will be used for financial intelligence-gathering and the manipulation of markets.
Privacy challenges, opportunities
The volume of personal digital data will continue to increase. This is likely to attract cyber thieves and potentially lead to new privacy regulations around the world. Similarly, individuals will seek and receive compensation for sharing their data.
Security industry response
To counter cyber-attacks, the security industry will develop more effective tools to detect sophisticated attacks. Behavioral analytics could also be developed to detect irregular user activities. Cloud-integrated security could improve visibility and control.