- Financial Losses and Human Lives through IoT attacks – While there is a lot of talk about IoT-level attacks, 2017 will bring the seriousness of these attacks to the forefront. Not only IoT will attacks result in major financial losses, there is at least a good likelihood of loss of life or injuries when you look at Connected Cars and Connected Medical Devices, resulting from cyberterrorism. While some of the leading-edge vendors in these spaces are working on securing their devices and apps, a vast majority has not taken it seriously enough. And, 2017 just might catch them by surprise. Let’s hope that damages will be limited to financial losses only.
- Mobile banking and payment apps will be key targets – Hackers attack banks because that’s where the money is. Banks are moving to more mobile banking to offer ease of use, competitive differentiation, and to achieve operational efficiencies. But security continues to lag in the mobile code and hackers are going to have a blast exploit these apps. Many banks and retailers are creating mobile payment apps to reduce their cost and have better control over the payment chain. Most of these apps are severely lacking in security and hackers can easily manipulate these for major financial gains.
- Cyberterrorism will go more mainstream – There was a lot of talk about hacking during the elections but the reality is that a proxy cyberwar has been going on for some time between various nations and it’s only going to accelerate in 2017. We expect major attacks occurring at the government infrastructure as well as commercial companies at the IoT level causing serious damage.
- More regulatory standards for Mobile and IoT security– Industry associations and federal regulators are finally starting to realize that Mobile and IoT have become the weakest link in both our commercial and government infrastructure. With legacy servers and networks more secure, hackers are going after Mobile and IoT devices and applications with easy to exploit vulnerabilities. Work has already started at the association level like NIST, and at the government level with the Congress trying to work on new guidelines and standards for securing IoT infrastructure.
- Drones will offer a new attack vector –Drones have their own unique identity but they could be considered mobile as well as IoT devices as those start connecting with other devices. As drones will start getting used more for deliveries of goods, expect dronejacking and other attacks. Hackers can also cause drones to malfunction with a malware, resulting in injuries.
- Insider attacks will continue to grow and get more sophisticated –Whether it’s the disgruntled employees attacking to take out their anger at the employer, or employees collaborating with external hackers for monetary gains, these types of attacks will continue to grow because they are easier to execute. Now these attacks will be targeted more at the mobile and IoT infrastructure.
- Retailers will get attacked at various levels – Retailers are focused on one thing – to create new ways to generate more revenues and beat competition. Mobile and IoT applications are the new and exciting areas for retailers to create differentiators. But in the haste of creating these applications, security is usually an afterthought. And hackers know that. We’ll expect to see cyberattacks at both the mobile and IoT level at some of the large retailers.
- Connected Homes will see malware infections grow– More and more home owners will start using connected devices without understanding the security implications. There will be malwares that find their way into these devices and exploited at the right time whether for ransomware or some other malicious purposes
- More IoT DDoS attacks –Hackers are already selling the attack botnets on the dark web to be used to launch attacks. Mirai was just the beginning which will bring all kinds of new hackers into the playing field.
- Ransomware will continue to bear fruits –For the hackers that is. And it’s a low hanging fruit. Hackers have realized these are easy pickings as consumers and companies would rather pay and not deal with the hassles and loss of productivity.
[su_box title=”About Arxan” style=”noise” box_color=”#336588″][short_info id=’60238′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.