Cyber threats predictions for 2017


10 December 2016

McAfee Labs, threat research division of Intel Security Group, has released its McAfee Labs 2017 Threats Predictions Report which identifies 14 threat trends to watch in 2017.

The report, which reflects the informed opinions of 31 Intel Security thought leaders, examines current trends in cybercrime and makes predictions about what the future may hold for organisations working to take advantage of new technologies to both advance their businesses and provide better security protection.

"To change the rules of the game between attackers and defenders, we need to neutralise our adversaries’ greatest advantages," said Vincent Weafer, vice president of Intel Security’s McAfee Labs.

As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it, he said. "To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralised data, and detecting and protecting in agentless environments."

According to McAfee, the 2017 threats predictions run the gamut, including threats around ransomware, sophisticated hardware and firmware attacks, attacks on "smart home" IoT devices, the use of machine learning to enhance social engineering attacks, and an increase in cooperation between industry and law enforcement:

1. Ransomware attacks will decrease in volume and effectiveness in the second half of 2017.

2. Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualisation software will increase.

3. Hardware and firmware will be increasingly targeted by sophisticated attackers.

4. Hackers using software running on laptops will attempt "dronejackings" for a variety of criminal or hacktivist purposes.

5. Mobile attacks will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards.

6. IoT malware will open backdoors into the connected home that could go undetected for years.

7. Machine learning will accelerate the proliferation of and increase the sophistication of social engineering attacks.

8. Fake ads and purchased "likes" will continue to proliferate and erode trust.

9. Ad wars will escalate and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.

10. Hacktivists will play an important role in exposing privacy issues.

11. Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime.

12. Threat intelligence sharing will make great developmental strides in 2017.

13. Cyber espionage will become as common in the private sector and criminal underworld as it is among nation-states.

14. Physical and cybersecurity industry players will collaborate to harden products against digital threats.

Threats come in various forms, including ransomware, firmware attacks, attacks on IoT devices, social engineering attacks and more. Cybercrime will continue to evolve in Asia, and cybersecurity professionals need to evolve correspondingly to ensure our enemies do not get the upper hand, said David Allott, Director of Cyber Defence, Intel Security.

"The cyberthreat paradigm needs to be altered to focus on defender-attacker dynamics. Only then can cybersecurity practitioners break the cycle of cyber criminals circumventing new cyber defence tactics."