Security Market Segment LS
Wednesday, 07 December 2016 12:02

A new era of cybercrime – Symantec’s predictions for 2017 and beyond

By

Rogue nations will be financed by cybercrime, the used of undetectable file-less malware (firmware) will grow, IoT devices are fair and easy game, HTTPS/SSL will be abused – these are a few of Symantec’s emerging trends and predictions for paddling in cyberspace.

These are some takeaways from a briefing with Symantec’s Mark Shaw, technology strategist for the Pacific Region, Peter Sparkes, senior director, Cyber Security Services, APJ, and Ian McAdam, managing director, Pacific region.

The three proceeded to demolish all hope of the good guys winning over cybercriminals in 2017.

McAdam led off saying that company boards could no longer ignore cybersecurity leaving it to the IT guys – they must focus efforts and budgets on increasing cyber security because 2017 presents so many more threats. He commented on the fact that after Symantec’s acquisition of Bluecoat, it now had more than 3000 engineers working on cybersecurity and had combined resources to be the world’s largest global intelligence network.

Shaw said that Symantec had identified ten trends that were all new – these are future issues for concern.

#1 Proliferation of the Cloud generation

Symantec sees more attempts on things like VR, IoT, cameras, routers, wearables – the consumerisation of IT. The biggest issue was a lack of standards; manufacturers back doors for firmware updates and device telemetry, and a general inability to run security on the devices. All these devices needed to have controls on identity and information sent to the cloud.

#2 connected cars will be held for ransom

In the past months, a group of Chinese white hat hackers had taken control of a Tesla using nothing but remote web access – all attacks were contactless and without physically modifying the car. Tesla is updating the firmware accordingly, but it shows the rush to remotely connected cars is not without its issues.

The techniques used were nothing special – it simply exploited weaknesses found in so many IoT devices. Shaw said he expected to see “fleets” of cars held for ransom – pay up, or you can’t drive.

But hacking could also include location tracking, recording conversations, or crashing the car.

#3 IoT devices penetrate the enterprise

Look around now, and you will see IoT devices in the boardroom, office and lunchroom – these smart devices might include cloud-connected cameras, Wi-Fi routers, smart appliances like refrigerators or coffee machines, NEST style climate controls and more.

Also, IoT devices may start to monitor and control things like printers, access points, time clocks, room locks and more. Shaw said that these things provide additional and largely insecure attack points but more importantly are often connected to the company network as they require Internet and cloud access.

#4 An increase in IoT DDoS attacks

Shaw said this could be easily subtitled “Looking for a smart refrigerator”, and pointed to Shodan, that can find weaknesses in IoT devices including refrigerators, webcams, power plants, IoT and building automation.

Again the lack of standards, manufacture’s backdoors for telemetry and firmware, and a general lack security awareness made these obvious devices to use for DDoS. He referred to the 900,000 ZyXEL routers taken offline at Deutsche Telekom last week.

The key issue is that hackers can monetise these massive botnets and sell DDoS as a service. But what if hackers started selling access to security cameras at ATM sites?

#5 Ransomware and the Cloud

Shaw said that the cloud was becoming just as an attractive target as on-premise computers and very often it was less secure than devices behind the corporate firewall.

But he had noticed that ransomware was being delivered from the cloud as well – hidden in corporate files.

#6 Machine learning will require sophisticated big data capabilities

It would not be a prediction without throwing in machine learning. It is being used by both the good guys and the cyber criminals with equal effectiveness. Shaw was concerned however that all the data was generating far too many false positives and a lot more work needs to be done here to make it more useful. At present those false positives are being reviewed by “the wetwork” (humans)

#7 Rogue nation states will fiancé themselves by stealing money on-line

An amazing number of hacks bear the hallmark of one nation,  including the Sony hack, SWIFT bank transfers like the Ecuador Bank and spreading of ransomware.

Shaw was too polite to name the nation but is concerned it's becoming clear the action is at least state-sponsored. The definition of a rogue state is here.

#8 File-less malware will increase

Malware that runs in memory overwrites BIOS or firmware, and installs rootkits is the way to the future as its harder to track than malware. Regardless of how good security gets humans will still be the week point clicking on suspect links and allowing “things” to execute on the computing device. While education is a good start it is clearly not enough.

#9 Secure Sockets Layer (SSL) abuse will lead to increased phishing sites using HTTPS

HTTPS is supposed to be safe and Symantec aims to have all websites encrypted by providing free SSL certificates.

Google is getting on board and will start to identify HTTP sites as less secure. But all that does is focus cybercriminals on how to use HTTPS sites as delivery vectors.


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments