January 4, 2017

2016 results, 2017 predictions

Security

As a tradition, at the end of the year our GReAT cybersecurity experts publish their predictions for the upcoming year. Let’s see which of last year’s predictions came true and then try to look into the future and see what awaits us in 2017.

2016 results, 2017 predictions

Predictions that came true

User security

As predicted by GReAT last year, ransomware of all kinds proliferated throughout the year. For example, 2016 was the year when notorious threats like Petya and CryptXXX first saw the light of day. Also fulfilling the forecast, an cryptor for mac OS appeared back in the spring.

All in all, the number of ransomware samples and attacks grew significantly. However, we did a better job fighting them: In 2016, the No More Ransom project was born. It collected a lot of free decryptors under one roof and united a number security vendors and governments under its banners.

We predicted blackmail on greater scale, as well. In fact, the instances were not many, yet the number of exposed user credentials was higher than ever before. Dropbox, Twitter, Yahoo and many other services were compromised. In many cases, they had actually been compromised years before, yet the breaches became apparent only last year. 2016 can be legitimately considered the Year of the Breach.

Smart car hacks, as predicted, slowly gained speed in 2016. That unfortunate Jeep was hacked again, and so was the Tesla Model S, the smartest of smart cars.

Corporate security

Fewer specialized and customized malware programs were used for targeted campaigns, as we predicted. But adversaries increasingly use legitimate software as part of a malware campaign and resort to a malware-as-a-service approach.

More attacks on banks and financial services came as well. Moreover, last year, criminals started using SWIFT to carry out attacks and siphoned huge sums of money. The most significant incident happened to the Central Bank of Bangladesh: the attempted theft of a whopping $1 billion dollars from the government. The thieves got away with $81 million; the suspicious activity was spotted thanks to a typo in the bank details, and subsequent rogue transactions were declined.

What awaits us in 2017?

At the #KLDetective event, GReAT experts Alex Gostev and Sergey Golovanov named six key cybersecurity trends to look for in 2017.

1. APT attacks will be hushed up. Kaspersky Lab’s experts think that advanced persistent threats (APTs) will be less publicized because they have become “too political” lately. A hacker from Country A attacking services in Country B is one thing — but what if the hacker was working for the government? That would be a de facto act of cyberwar. And a real-life war could follow.

2. Data leaks will be publicized to manipulate public opinion. In 2016, hacktivists took to publishing leaked data on the likes of wikileaks.org and providing the stolen data to the media. Such leaks provoke huge scandals and lively discussion. In 2017, such scandals are likely to be just as numerous: France and Germany are holding elections this year.

3. Heated discussions about privacy issues will continue. Our data is being collected by everyone able to collect it. This year’s massive breaches made both users and governments realize how insecure user data is. It’s hard to say now who will take action and what that action might be, but something has to change.

4. Cryptocurrency will gain traction. Not long ago, there was only one cryptocurrency, bitcoin, but now as many as 50 of them exist. Even governments and banks have to accept cryptocurrencies, and banks are even considering developing their own financial blockchain-based services. But with new technologies come new threats and vulnerabilities. Cryptocurrencies will get much more attention in 2017 than they did in 2016.

5. Hackers will opt for short-term attacks. APT attacks are changing, and may lose the “P”: In 2017, cybercriminals are likely to choose types of attacks that do not presuppose persistence of malware in compromised systems.

Malware authors are already using Microsoft PowerShell, a completely legitimate piece of software that helps to create small programs that reside in system memory and are deleted on reboot. What good does that do a criminal? Of course, it allows them to steal data from an infected system without leaving a trace.

6. Attacks on financial services. As we said, last year cybercriminals learned how successful attacks on SWIFT banking networks could be. But the list of targeted financial services is not limited to SWIFT: there are stock exchanges or investment funds out there. Experts predict in 2017 the attack vector will shift more toward other types of financial companies.