The future of cyber attacks

0
228

2016 in review, 2017 in forecast

 

October 2016 witnessed a major DDoS attack, in which the hackers attacked Dyn, a major company that runs the internet Domain Name System (DNS). This attack left many popular sites including Netflix, Twitter, Spotify, Reddit, CNN, PayPal, Pinterest and Fox News unresponsive – as well as newspapers including the Guardian, the New York Times and the Wall Street Journal

 

 

In January this year, when the New World Hacktivists (NWH) attacked and crippled the then US presidential candidate Donald J. Trump’s official election campaign website www.donaldjtrump.com, they were unaware that this will not hurt his campaign at all but will help him gain more popularity; to the extent that he would become the new 2017 US president leaving all polls, experts, media and analysts in surprise. But all cyber-attacks are not so rewarding.

The year 2015 broke all previous records by nine-mega breaches. 113 serious attacks exposed the identities of 429 million people. Experts were of the view that more companies chose not to reveal the real magnitude of their data breaches and if calculated with precision the compromised records could cross the figure of half a billion.

In terms of cyber-attacks, 2016 was worse than 2015. Cyber crimes including malware, PoS malware, account hijacking, targeted attack, DDoS, DNS hijacking, local file inclusion, email harvesting, defacement and malvertising topped the list. In 2016, 60.7pc of the total reported internet incidents were cyber crime, 28pc hacktivism, 7.4pc cyber espionage and 4.3pc of cyber warfare. Major targets that came under attack were governments 29.3pc 17.0pc finance, law enforcement agencies and single individuals 8pc, organisations 6.7pc, online services 5.3pc and educational institutions 4.0pc among others.

October 2016 witnessed a major DDoS attack, in which the hackers attacked Dyn, a major company that runs the internet Domain Name System (DNS). This attack left many popular sites including Netflix, Twitter, Spotify, Reddit, CNN, PayPal, Pinterest and Fox News unresponsive – as well as newspapers including the Guardian, the New York Times and the Wall Street Journal.

This was a year when hackers bit millions. More than 3,000 major data breaches were reported exposing 2.2 billion records and still we have few days to its end. 427 million passwords are on sale after a successful hack of MySpace, another hacker is selling millions of twitter accounts, 171 million www.vk.com accounts were stolen, 51 million file sharing accounts were presented for sale on dark web, data of 2 million users was hacked from Ubuntu, Oracle reported data breach at Micros point-of-sale division, thousands of logins were stolen from Epic’s forums, millions of Steam Game keys and 43 million www.last.fm account details were stolen as well.

In September 2016, Iran reportedly attacked and destroyed computers at six critical organisations in the Saudi Arabia including Saudi’s General Authority of Civil Aviation. Thousands of computers were destroyed in the Saudi air office. A “digital bomb” was detonated inside the systems of several agencies in KSA with the name of “Shamoon Virus”. This is the same virus that in 2012 wiped the hard drives of its state-run oil giant, Saudi Aramco. In this attack, it not only deleted the files but replaced them with an image of burning American flag. Earlier, a cyber-attack on the central bank of Bangladesh resulted in losses of $81 million and prevented another $850 million in transactions from being processed.

Recently, Google initiated to label HTTP-only sites as unsafe. Free Secure Sockets Layer (SSL) and Google’s recent act will weaken security standards, driving potential spear-phishing or malware programs due to malicious search engine optimization practices

 

The security landscape is consistently changing, so is the focus of the security industry. As the year passes by towards its end, experts are now thinking what types of crimes would emerge in the internet world next year. Although, hackers are quite sharp, intelligent and innovative as compared to the experts designated to defend but still they are able to forecast some areas and types of threats that we will possibly experience next year.

As the organisations and workplaces are introducing virtual reality and IoT connected devices and their data is available to everyone in the office by cloud applications and solutions the focus will be shifted from protecting end-point devices towards safeguarding users and information across all applications and services.

As Ford, Munich, BMW, NuTonomy, Delphi, MobilEye, Volkswagen, General Motors, Toyota, Tesla, Audi A8, Jaguar, Landrover, Daimler, Nissan, Continental and even google have coined that they will be launching driverless cars from September 2017 onwards, it is an understood fact that these cars will be highly dependent on remote access networking. So, these will be vulnerable to hacking and cyber crimes as well. We can, therefore, expect a large number of automobile hacking incidents in coming years. This could possibly include hacking driverless cars for ransom, spying activities including tracking their location, hijacking or for intelligence collection activities. This will also pose serious threats to the relationship between software firms and car hardware manufacturers. Future of driverless cars will be heavily dependent on their safety against cyber-attacks.

In recent years, for the internetworking of physical devices, electronics, software, actuators, sensors, buildings and other things, Internet of Things (IoT) has emerged as a dominant technology area in 2016. Through IoT, objects are sensed and controlled remotely in the network infrastructure, hence connecting computers with people for better efficiency, economic benefit, and accuracy. It is expected that in 2017, IoT operated computers, mobile devices, heating and cooling systems, thermostats, ACs, Washing Machines, printers, building control and security systems will come under attack. So it is expected that our IoT controlled household lives and devices will come under attack in the upcoming year. The next year will be more crucial for IoT device manufacturing companies as insecure devices can not only kick them out of business but also will bring serious financial repercussions when recalling of these devices will be done for security updates.

Money is valuable, but in today’s world data carries more value. With the countless hardware failures, governments, companies, organisations and individuals now prefer to place the data on clouds. It is expected that in 2017 hackers would be focusing these clouds not for power show but for ransom instead. Think of a situation when the whole operational data, machine codes, financial logs and customer profiling of your company, placed on the cloud, is hacked and the hacker is demanding good money to give the access back. How would you respond? Clouds are not protected by firewalls or other such traditional security measures. These attacks in 2017 can amount multi-billion dollars loss of crucial data and a huge amount of ransom.

This year Wells Fargo, Indian, Bangladeshi and Russian banks came under serious cyber-attacks that cost them billions of dollars along with a lost goodwill. Terrorists and Rogue organisations in 2017 will possibly launch more coordinated attacks to the financial systems. Financial Terrorism will become a new terminology that will make people forget all previous instances.

In 2016, a new type of attack was introduced, “Fileless Malware”. In this attack, the infection is written on the RAM without copying or using files of any kind. This is difficult to detect the attack and can dodge the antivirus or intrusion prevention programs very cleverly. Such PowerShell attacks will increase in 2017 as well.

Recently, Google initiated to label HTTP-only sites as unsafe. Free Secure Sockets Layer (SSL) and Google’s recent act will weaken security standards, driving potential spear-phishing or malware programs due to malicious search engine optimization practices.

An Information Warfare is also about to intensify in 2017. With America, China, Japan and Russia blaming one another for cyber-attacks, it is expected that if continued this can even result in a serious Information War. Rich countries are putting more resources in cyber hacking and spying tools. There is no expectation that this will end in 2017. The World seems to have played enough with high-tech arms and ammunition. Time is approaching when the countries will be destroyed, not physically, but their information, communication, finance, defense and management systems will be ruined by means of cyber-attacks. The security blame game will heat up in the days to come.

Except for firing bullets and missiles, the world today is using “Drones” for search and rescue, inspections, security, surveillance, science and research, aerial photography, aerial video, surveying and unnamed cargo system. “DroneJacking” will be a new term in Cybercrime-17. Hackers are expected to intercept drone signals and redirect them for their own benefit. Anti-DroneJacking technology is a new area that might emerge for cyber security agencies to do business in.

Man has born to invent,

A few in crime and others in defense.