Everything related to cybersecurity is advancing at a breakneck pace. So it’s no shock that in the first month of 2017, we’ve already begun to see movement with the many trends and predictions we’ve been hearing for the year ahead.
Ransomware Continues Grabbing Headlines
One of the most frequently cited trends carried over from last year is ransomware, which I (and many others) believe will still be a big and continuously evolving threat in 2017. MarketsandMarkets backed up that expectation, kicking off the year by predicting a 16.3% compound annual growth rate in the market for ransomware defense, rising from $8.16 billion in 2016 to $17.36 billion in 2021.
So far, Ransomware has lived up to expectations, retaining its prominence as a widespread threat and getting even more dangerous with doxing and DDoS functionality in many strains. Anti-malware company Emsisoft reported a sophisticated new ransomware called Spora that is now being sold on the darknet. KillDisk, a powerful and compact software utility that can completely and securely destroy all data on hard drives and flash devices, has been developed into a ransomware package for both Linux and Windows systems. Unfortunately, victims of KillDisk have not gotten their files back – even after paying up. A variant of the Petya ransomware, called GoldenEye, has appeared in attacks targeting HR departments, playing off that industry’s propensity for opening email attachments. That’s just a sampling of what’s happened this month, and there’s surely more to come.
IoT Security Concerns on the Rise
Vulnerabilities related to the internet of things (IoT) is another big trend we’ve been hearing about. A whole range of smart devices can be used to take advantage of consumers, take down companies through DDoS attacks and blackmail, and even provide a myriad of new endpoints thorough which attackers can gain access to a network. Even the smallest devices today can (and will) be connected to the internet and controlled from a centralized location, making them a potential target for a cyberattack. The economics of manufacturing these small devices often makes security an afterthought, so communication protocols between those devices are often unencrypted and easily compromised. We’ve already seen how IoT can enable DDoS attacks and the damage those attacks can cause, but the real potential of IoT vulnerabilities is much more severe.
The FDA recently posted a cybersecurity notice on its website, warning that certain pacemakers, specifically St. Jude Medical’s Merlin@home Transmitters, were vulnerable to being hacked. According to the FDA, a hacker could “remotely access a patient’s RF-enabled implanted cardiac device by altering the Merlin@home Transmitter,” and “the altered Merlin@home Transmitter could then be used to modify programming commands to the implanted device, which could result in rapid battery depletion and/or administration of inappropriate pacing or shocks.”
Will Biometric Authentication Gain Mainstream Acceptance in 2017?
Enhanced authentication has also been a big prediction or 2017, with new smartphone-based authentication methods expected to enter the market. Enrollment and deployment have been major challenges when it comes to biometric security, but since most smartphone users in 2017 will have a fingerprint scanner, iris scanner, or voice recognition tool in the palm of their hand, the barriers to biometric authentication are rapidly disappearing.
Unfortunately, while the barriers to biometric authentication are disappearing, new vulnerabilities are emerging just as quickly. We’ve already seen that stealing fingerprints can be easily achieve with low-tech tools like gummy bears, and now we’re hearing that it might be even easier than that. Japan's National Institute for Informatics (NII) reported in January that flashing a peace sign in a photo may also put your biometric data at risk. According to Isao Echizu, professor of NII's digital content and media sciences research division (as translated by the International Business Times): “Even if you just casually show the peace sign to the camera, your fingerprint can be stolen.”
What Will Happen Next?
With so many trends showing teeth so early in the year, we’re left to wonder what else is to come. Most companies still can't face the volume and sophistication of cybersecurity alerts they get, which means they’re often playing catch up on potential attacks flagged months or years prior. With each passing year, it seems that newly-uncovered hacks and the number of users impacted grow larger and larger. One big prediction for 2017 that we haven’t seen come true yet is that we'll have a new major breach. Chances are very good that a breach like that has already occurred. So the big questions that remain are, when will we hear about it, and how did it occur?