That is according to Proofpoint, a global security-as-a-service vendor that delivers data protection solutions and currently serves more than 3,000 global enterprises (over half of the Fortune 100), universities and government agencies, and supports tens of millions of users.
The aggressive incorporation of social engineering techniques highlights the weakness of ‘the human factor’ in the attack chain. People are the targets in 2016: from email, web, social media, and mobile apps, attackers will develop campaigns and vectors that leverage the human factor to bypass increasingly sophisticated detection and response capabilities.
More than ever before, the ease of automating cyber-crime campaigns (off-the-shelf, ‘commodity’ tools), the use of machine learning to identiify victims, rent a botnet by the hour, and a money rich and robust underground cybercrime economy have driven a process of mass customization. This makes for huge malware payloads with the qualities of custom malware that is undetectable by signature and reputation-based defenses, resistant to analysis, stealthy data exfiltration, self-deletion, and the ability to download additional payloads and support lateral movement within the target organization. As a result, broad-based campaigns regularly employ delivery techniques, infection chains, and payloads that easily evade traditional defenses and remain undetected in the compromised organization for months or even years.
Kevin Epstein, vice president of Threat Operations at Proofpoint said “Next year we will see cybercriminals cast a wider net, move away from malicious document attachments and increasingly leverage emerging vectors such as mobile applications and social media platforms. Our six 2016 predictions all have one theme in common—cybercriminals are targeting the people behind devices and are looking to capitalize on their willingness to click.”
Its predictions are interesting. Some are new and some reinforce the message to be vigilant and take care as mobile – iOS and Android – are the new attack vectors in 2016. Read on for its predictions.
1. Cybercriminals will build on their 2015 successes by developing campaigns and exploiting vectors that target user willingness to click across email, social media and mobile applications
2. Attackers will look beyond PCs and other end-point devices and attack high-value financial infrastructure, ATMs, point of sale terminals, new EMV card readers, and payment portals
3. Malicious document attachment campaigns have disappeared almost entirely in the major markets. They will be replaced by a new type of high-volume campaign that combines effectiveness and scalability to target users – links to infected web sites
4. It detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software and more - this trend is expected to spread across all verticals that make use of social media, to steal personal customer data, or organisation financial data
5. It says that more malware will be discovered on official app stores. Malware is being increasingly targeted at enterprises, where malicious behaviour will only activate once inside targeted enterprises, and will not trigger when run by consumers or app store vetting mechanisms
6. Businesses will be increasingly squeezed between the demands of data privacy and law enforcement. The momentum for data privacy and access will shift to the side of law enforcement and intelligence agencies – more bureaucracy and enforcement
It gives special mention to the darker side of social media. Its value is as a research tool. Proofpoint observed examples of attackers embracing social media as a targeting and delivery vector. Two major trends emerged, and Proofpoint predicts that these will dominate the social media security and management landscape in 2016:
Support account impersonation
Proofpoint Nexgate researchers increasingly see hackers, scammers and pranksters use fraudulent customer care accounts to phish credentials, steal personally identifiable information (PII) and compromise brand reputations. Bank account credential phishing is just the tip of the iceberg when it comes to fraudulent accounts: it has detected thousands of fraudulent social media accounts that support malware distribution, knock-off product sales, pirated software, and even brand pranks. It expects this threat to spread and target customers of businesses in any vertical that makes use of customer accounts, be it to reinforce loyalty or provide services.
Known primarily in the form of the phenomenon ‘Twitter shaming,’ in 2016 social mobs became a challenge for organizations of all sizes. Proofpoint Nexgate researchers are seeing companies of all types targeted with “social mob” attacks. These can be politically motivated, but they are as frequently simply protesting an action or position that the company has taken. These attacks are carried out across all social media, from Facebook and Twitter to even Instagram. As a result of social mob action, a company can receive overnight 25,000 or more negative or unrelated comments on social media, often simply copied and pasted from a central ringleader.
The good news for organizations is that the strength of social media is also its weakness: that is, the ability to reach a large number of potential victims through a single social media account also makes it easier for organizations to mitigate – with the assistance of purpose-built solutions for social media security and compliance – the threat of social mobs and Support account impersonation through the use of countermeasures ranging from user controls and conversation management to account verification and even takedowns.
Have a great Xmas - with your shiny new malware magnet!