1. Ransomware Ransomware Ransomware
Thought 2015 was the Year of Ransomware? Security vendors say it’s only the beginning. This year, we will see ransomware and Ashley Madison-style attacks become ubiquitous to the point of evolving into an “as-a-Service” model.
According to Intel Security, even inexperienced cybercriminals will gain access to the service while staying relatively anonymous. According to IBM X-Force, the practice will migrate to mobile as well.
2. Cyber espionage may lead to full-out warfare
Researchers at Hewlett Packard Enterprise posit that cyber attacks in 2016 will lead to “military retaliation.” While this may sound extreme, Western militaries are already targeting hackers in the ISIS terrorist group. What’s new is that, much like the nuclear threat of the cold war, tensions are mounting and countries are developing “hotlines” to call other states in case of accidents to avoid crisis.
Meanwhile, for intentional attacks, Intel Security predicts that the number of cyber espionage incidents may actually decrease as they become stealthier. Many may go unreported in 2016.
3. Cybersecurity issues will kill a product
We’ve reported on the slow death of the Adobe Flash plugin, but unfortunately, the death looks to be a very slow one. While not pointing any direct fingers, HPE predicts a major product will shut down due to security issues in 2016 due to the cost-benefit scale tipping the other way.
Nevertheless, Intel Security predicts that new “mitigation features” introduced in a recent Flash Player patch should slow down exploits of this attack vector
“Because the code quality and complexity of Flash has not changed, there will still be many Flash vulnerabilities,” the company said in a statement. “Any transition away from Flash will be slow. The Internet is full of legacy Flash content, at least for desktops (though not for mobile devices). We don’t expect to see this change soon.”
4. Malware capable of surviving drive reformats
This is a scary one. Attacks uncovered in 2015 indicate that emerging malware is capable of reprogramming drive firmware, which means that traditional last-resort methods of wiping hard disks and reinstalling operating systems no longer work. This, according to Intel Security involves an “intimate knowledge of firmware and reference code from specific manufacturers and using those details to aggressively maintain the malware’s persistence.”
The security vendor expects the trend of flying below the operating system to grow in 2016.
5. Social Engineering and Wearables will work together
With the adoption of non-secured wearables, it is becoming easier for hackers to understand a user’s habits and exploit that knowledge for use in social engineering, such as in sophisticated phishing. Intel gives one scenario involving GPS data from a fitness tracker that reveals a user’s coffee habit. An email with the message “I think you dropped this at the coffee shop this morning” with a malicious link could easily be mistaken for genuine.