December 9, 2015

Kaspersky Lab cybersecurity predictions for 2016

Security Threats

The Internet changes from year to year and online threats develop along with the World Wide Web. So what will the cyber-nightmare of home and corporate users look like in 2016?

Kaspersky Lab cybersecurity predictions for 2016

What’s on the horizon for you and me?

Let’s start with the threats targeting common users. In 2015 a lot of people suffered from ransomware attacks, and in 2016 this trend will continue to grow.

For cybercriminals these viruses seem to be rather profitable. Mass infections are relatively cheap, lead to direct monetization and are complemented with victims’ eagerness to pay the ransom. In short, it’s an effective way to earn a lot of easy money.

In 2016 ransomware creators could probably switch their attention to new platforms. An attack targeting Linux devices has already been tracked, but Mac OS X seems to be a tasty morsel for hackers as potentially owners of expensive Apple devices can pay more. It’s also possible we’ll see ransomware designed to lock different parts of the Internet of Things. How much are you ready to pay to use your smartwatch again? And what about a refrigerator or your car?

Another cyber trend deals with blackmailing and squeezing money for stolen photos and hacked accounts. We’ve already seen a number of scandalous leaks including nude celebrities’ photos and personal data of Ashley Madison users.

Databases are leaked by different people and for different purposes. Some of them demand ransom; others do it to show off — just because they can. And sometimes hackers leak data to dishonor particular people and/or organizations. Regardless of their goals, the amount of these attacks is likely to increase in 2016.

Recently a new problem appeared. For a long time, transportation had no connection to the Internet, but now it is becoming more and more connected and thus vulnerable to cyberattacks. Now it’s quite possible to hack certain car models and take the control over inner systems. But it’s not all of it.

Thanks to self-driving cars, remote control systems become more and more widespread, and they will surely attract hackers’ attention sooner or later.

Culprits probably won’t focus on the systems themselves, but rather on the special protocols, which are implemented to enable communications between cars. Compromise them — and you’ll be able to send fake commands to cars. These actions can lead to a crashes of expensive car and even to lethal consequences.

What are the main threats for business?

Judging by 2015, massive Advanced Persistent Threats (APT) against countries and organizations will almost disappear the way we now know them. However it is not time to relax yet: hackers just are about to switch from creating custom-made malware to improving existing off-the-shelf developments, making them leave less of a footprint.

This approach makes it difficult for security experts to detect the criminals. Also this is cheaper for the customers and nothing makes a hacker’s client happier than high profit with low initial investments.

Nowadays every cyber campaign is unique and designed from scratch. But it’s quite possible that soon we’ll see them offered as a service. Criminals can even start selling not a campaign itself, but results of a breach: access to data and systems of victims, hacked beforehand.

In 2015 hackers successfully targeted banks and financial services, and in 2016 the amount of similar attacks will only increase. Though the majority of financial attacks were directed against ATMs, one can’t but think of the Carbanak group, which stole up to $1bln from dozens of banks worldwide.

Apple Pay, Samsung Pay and Android Pay can very well be the next targets, along with the various other new and popular untested financial services.

What should we all be ready for?

The Internet is, of course, relatively young, but it develops so rapidly, that some ideas, which lie deep in the root of World Wide Web, are already out of date. Or you can say that they are not capable of dealing with the modern design of the Internet.

Different problems appear here and there: botnets are found in routers, BGP — the main routing protocol of the Internet — can be compromised, numerous attacks targeting router DNS settings are performed and so on. The Internet falls apart and this can lead to the reconstruction of the World Wide Web, as governments will take more and more control over it. In this case the web will be subdivided according to the bounds of different countries. Basically, even now Internet in China is quite different from what it is for users from USA, Europe or Russia.

As a result, many sites and services may go underground. Users will need to pay to get access to anything, and this market will continue to grow. Correspondingly, anonymizing technologies will develop significantly.

Another global problem may be happening even on a bigger scale — it is that unhackable things become really hackable — or will become in the nearest future. Modern cryptographic standards were designed with the idea that they cannot be compromised using existing computational powers, but they are not geared to cope with the performance of quantum computers and upcoming technological progress.

It is to be hoped that quantum computers will not come into the criminal’s hands in the near future, but sooner or later it will happen — and then experts will have to reconsider encryption techniques completely, and thereby change root and branch of the Internet.

For more predictions on what 2016 holds, please visit Securelist.