Security Market Segment LS
Wednesday, 14 December 2016 08:25

Proofpoint 2017 cybersecurity predictions – humans still the problem


Security vendor Proofpoint has predicted that some things will get worse in the enterprise security space. And the biggest weak link is people.

Proofpoint states that in 2017:

  • Attackers will continue to exploit humans to install malware, transfer funds, and steal information, with significant changes in techniques and behaviour across the three main vectors that attackers use to target people: email, social media, and mobile apps.
  • Advanced threats will shift to more targeted, lower volume campaigns, using more sophisticated tools to build and execute attacks that integrate social engineering.
  • Business email compromise attacks will remain a major challenge for organisations, but gradual adoption of additional controls around transfers by large enterprises will shift the focus (and the losses) onto smaller and non-US businesses.
  • Attacks via social media and mobile apps will increase in volume, severity, and effectiveness thanks to the adoption of automation and sophisticated toolkits by attackers.
  • State-sponsored cyber attacks will increase in frequency and see renewed activity by countries that have been relatively quiet. These attacks will also take a greater variety of forms, from the traditional theft of state and industrial secrets to destabilisation and harassment via social media and information leaks.

Read on for more predictions by the company.

Advanced threats will turn down the volume

The year 2016 saw unprecedented highs in phishing email campaigns delivering Locky ransomware and hundreds of millions of potential victims with many thousands of the messages getting through.

With that volume came the increased risk that security vendors would see the new techniques and block them. Despite incorporating increasingly sophisticated filtering techniques designed to hide their campaigns, exploit kit actors found that scale carries as many risks as rewards.

Small will be the new big, as sophisticated threat attackers return to smaller, more targeted campaigns.

Malicious macros finally run out of gas

High-volume, malicious “Word” macro campaigns faded away by the middle of 2016 replaced by JavaScript and zipped executable attachment campaigns distributing Locky. Cyber criminals focused on continuous innovations in malware sandbox evasion, but even those measures were no longer be sufficient to drive ROI.

Malicious macros were relegated to smaller, more focused campaigns distributing banking trojans such as Dridex, Ursnif, Vawtrak, and a wide variety of other payloads – keyloggers, RATs, downloaders, and information stealers.

Cyber criminals will continue to improve and expand automation of spear-phishing campaigns in larger-scale “personalised” socially engineered, campaigns, adding more identifying, personal details to increase the credibility of their messages.

Attackers will focus more intensely on social engineering as a central part of the infection chain, by getting users to click on embedded executables within documents, tricking them into installing malicious payloads disguised as legitimate applications delivered as attachments, as links to legitimate hosting and file-sharing services, or disguised as familiar parts of the Windows user experience.

Exploit kits will become 'human kits'

Exploit kits (EK) use known vulnerabilities in computers and servers. There has been a steady decrease in the total number of disclosed vulnerabilities. With enterprise users patching more consistently and improved security of browsers and operating systems, attackers are simply not getting the ROI they need.

EKs will become "human kits" with an extensive toolset of techniques designed to trick users into infecting their own machine with a malicious payload via malvertising or click bait or through convincingly individualised emails, such as those seen in the “personalised” email campaigns during 2016.

EKs will not disappear but will be more focused on regions that are slower to patch and where monitoring by researchers is less intense.

Business email compromise will continue to evolve, and the big losses will continue

Business email compromise resulted in more than US$3 billion in losses, according to recent estimates.

Business process changes will all but eliminate the eye-popping individual losses of 2015 and 2016 by erecting more controls on transfer process of funds. But these changes will not be universal, and outside the major business environments of North America and Europe, it will remain possible for individuals to carry out these transfers.

There will continue to be seasonal variants on business email compromise attacks similar to the “W2 request” campaigns that marked early 2016, but these will remain relatively infrequent.

Angler phishing will be fully automated

Angler phishing has grown in the breadth of targets and the depth of social engineering techniques used. These attacks have not reached the levels of automation seen in exploit and phishing toolkits – you can still see copy-paste errors, grammatical and spelling mistakes, incorrect brands in messages, and other common mistakes that are the trademark of humans doing manual work.

Attackers will implement automation and some level of natural language processing to improve on their attack techniques. With the increased automation, attackers will scale up their targets to more brands and the number of victims they can message in each campaign.

Attackers have already shown an ability to be aware of things like product launches so that they can launch their campaigns at a time when a lot of communication is expected on social support channels.

The pace of attacks via social media will continue to increase and explore new frontiers

Social media’s hyper growth has paved the way for rapid growth of attacks used on their platforms as they offer a significantly higher rate of ROI.

The year 2017 will see:

  • Social scams and phishing grow by more than 100% year-over-year;
  • Social media spam grow more than 500% year-over-year;
  • Significant increases in fraud and counterfeiting using fake social accounts; and
  • Significant increases in integrated fraud techniques using social media accounts, fake mobile apps, fraudulent websites, and imposter emails.

Snapchat is just one social media platform in the crosshairs in 2017. It has become one of the hottest social networking and communication platforms, and it is ripe for major campaigns.

Social payment platforms like Facebook, Wechat, Line, and others will be subject to sustained attacks. These ecosystems will get the attention of hackers from both vulnerability and social engineering perspectives.

Mobile threats: The genie is out of the bottle

Malicious clones of popular apps (fake apps), increased use of side loading to distribute unauthorized apps, and the availability of targeted attack tools removed any lingering doubts that Android and to a lesser extent iOS mobile devices — and the humans who use them — are as vulnerable to attack as PCs.

In 2017, zero-day attacks such as Pegasus and the associated “Trident” vulnerabilities will no longer be confined to state-sponsored actors targeting dissidents but will affect companies and individuals.

Cybercriminals will increasingly use the SMS and iMessage systems to deliver malicious URLs and zero-day attacks. These will be both broad-based, such as phishing for bank account passwords and debit cards; and targeted, including attacks on employees and executives.

These malicious and risky apps will expand to include fraudulent apps, where users are socially engineered into installing apps that are not from the company from which they purport to be. These apps may be designed to infect mobile devices or to simply make money by using a legitimate company’s brand to trick users into fraudulent credit card purchases or to click on fraudulent ads.

State-sponsored attacks will increase and expand beyond hacking and data breaches

The new US presidential administration brings many unknowns to the realm of US policy in areas ranging from trade to defence. Upcoming elections in France and other European countries also have the potential to bring a similar level of uncertainty.

There will be a resurgence of state-sponsored cyber attacks, and, in particular, sophisticated, stealthy intrusions (a.k.a. APTs) targeting all branches of the US government from a wide range of countries, including renewed action by relatively quiet Chinese state-sponsored actors.

Email will remain the primary attack vector for targeting individuals and organizations that might have access to data that will help foreign states understand and anticipate the policies and plans of the new US and European administrations in diplomatic and trade negotiations.

The nature of state-sponsored cyber attacks will expand significantly beyond theft of secrets and industrial espionage. It will go after enterprise.

With the effectiveness of doxing (searching for private or identifying information about a particular individual), data theft, embarrassing disclosures, and disinformation already demonstrated in multiple countries, more governments will attempt to use cyber-attacks to steal information and leverage social media and news outlets to create discord and disruption in states that have the potential to interfere with the advancement of their interests.

In the social media realm, state-sponsored trolls have been used to target dissenters and critics, a practice already well-documented in Central and Eastern Europe, and evidence of it in the United States emerged during the months leading up to the US election. The year 2017 will see it employed more widely and more aggressively by a variety of state actors to influence public discussions and policy.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Ray Shaw

joomla stats

Ray Shaw  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News