The Internet of Vulnerabilities and Other Scary Stories: How Cyber Criminals Will Up Their Game in 2017
New year, new tricks. As technology advances for good, cyber criminals advance for bad.
Here’s what to fear in 2017.
Beyond Stealing Data, Hackers Will Change It
Data theft is so 2016. Moving forward, savvy attackers are compromising data integrity—a scenario that is particularly worrying for industries that rely heavily on public confidence, according to David Masson, a country manager for Darktrace.
“A laboratory that cannot vouch for the fidelity of medical test results, or a bank that has had account balances tampered with, are examples of organizations at particular risk,” he explains. “Governments may also fall foul of such attacks, as critical data repositories are altered, and public distrust in national institutions rises.”
We all witnessed how this type of attack might influence public opinion—see the latest presidential election for evidence—but what if a group could go beyond leaking emails to manipulating them in order to create a false impression.
“Tomorrow’s cyber-attacks will make it harder than ever to parse fact from fiction,” says Masson.
The Internet of Vulnerabilities
According to Gartner, 13.5 billion connected things will be in use in 2020, with more than half of major new business processes incorporating some element of IoT. Yet these smart devices are woefully insecure in many cases, opening the door for hackers.
Masson calls this “the internet of vulnerabilities.” The more connected devices we have, the more susceptible we may be to intrusion—and the greater amount of our lives and information can be taken and controlled by a potential hacker.
Artificial Intelligence Will Go Dark
Artificial intelligence was arguably the hottest tech topic of 2016. From hobby projects like Mark Zuckerberg’s Jarvis to the advancement of fully autonomous vehicles, AI is powering a riveting—and terrifying—future.
“Artificial intelligence will be used by attackers to wield highly sophisticated and persistent attacks, attacks that blend into the noise of busy networks,” warns Masson.
Polymorphic malware is one example, he notes. It changes its attributes mid-attack to evade detection. And the next generation of attacks could use customized code to emulate the behaviors of specific users so accurately as to fool even skilled security personnel.
“We can expect AI to be applied to all stages of a cyber-attacker’s mission,” says Masson. “This includes the ability to craft sophisticated and bespoke phishing campaigns that will successfully dupe even the most threat-conscious employee.”
More Attacks From Insiders
There’s no doubt that someone on the inside can do the most damage. They know more and they’re harder to detect. Sometimes, an insider is not even a hacker, but an oblivious worker who makes a simple mistake.
“Non-malicious insiders are just as much of a vulnerability as deliberate saboteurs,” explains Masson. “How many times have you clicked on a link without checking the actual email address? Or circumvented security policy in order to get your job done quicker, such as using Dropbox when your company has forbidden it?”
Instead of raising security measures, Masson suggests increasing visibility into internal systems.
“We don’t expect our skin to protect us from all viruses; we shouldn’t expect our firewall to stop all advanced cyber-threats,” he notes.