Cyber Criminals Set to Get ‘Creative’ in 2017

Uploaded on 2017-01-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

IoT threats, new EU data laws and the industrialisation of cyber-crime are all set to dominate the agenda as we head into 2017, according to professional services giant KPMG.

David Ferbrache, technical director in KPMG’s cyber-security practice, made the predictions in his 10 expected trends of the coming year.

The Internet of Things will become a major threat vector and target in its own right, thanks to “misconfigured devices, default passwords, obsolescent operating systems and out of sight devices,” he claimed.

The Mirai DDoS attacks of late 2016 of course blazed a trail for the hackers in this regard.

More generally, Ferbrache predicted that the coming year would see cybercrime gangs increasingly leverage cheap labor and sophisticated tools to target victim organisations.

Social media will help these efforts, providing a wealth of information on employees which the black hats can use to tailor and personalise attacks in order to increase their chances of success.

Even ransomware will become “smarter and more targeted” as the year progresses, supported by the “as-a-service” model of the dark web, Ferbrache argued.

In fact, it already is, with reports emerging last week of fraudsters purporting to be Department for Education officials cold-calling schools to obtain the email addresses of head teachers, in order to improve the success rate of ransomware attacks.

Cybercrime tactics and targets will continue to evolve apace.

Ferbrache predicted that if the international retail banking community responds to recent high profile attacks by improving security standards, the black hats will likely look to fresh targets including insurance, e-payment and e-retail channels.

“We have already seen evidence of banking Trojans being re-purposed to attack the links between customers and e-retailers, with the aim of placing fraudulent orders for goods and services,” he told Infosecurity. “There is a risk that retailers implementing digital channels may find themselves being targeted by such criminals.”

The coming 12 months will see organizations and industry respond to the growing cyber threat in several ways, KPMG claimed.

Passwords will become increasingly rare as the security and business community realize they need better ways to authenticate which use “multi-factor authentication (including biometrics), behavioural analysis and contextual information to make judgements on whether the user really is who they say they are; and just how risky their attempted transaction really is.”

The board will get increasingly involved in security issues, holding CISOs to account for their decisions, and siloes between fraud prevention and cybersecurity will begin to come down.

Finally, the forthcoming European GDPR will propel privacy to the top of the boardroom agenda for any firm globally which handles data on European citizens.

Ferbrache urged firms to test their web portals against common attacks including DDoS, cross-site scripting, SQLi and others.

“Firms also need to secure their key payment infrastructure from manipulation in the event of a compromise of the firm’s corporate network. This is a combination of segregation of key systems (PCI DSS) and also effective fraud control and monitoring over such systems to detect anomalous transactions,” he explained.

“Firms also need to play through key cyber scenarios which might include the compromise of their payment systems or infrastructure, including how they would handle customer/client communications and restore confidence.

Info-Security:       2017: Cybersecurity At A Turning Point:      What Are The Big Cyber Threats In 2017?:

 

 

« UK Bank Fraud Landmark: TSB Repays Victim & Admits Giving Criminals Bank Accounts
Director's Departure Leaves A Big Hole At GCHQ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

Synelixis Solutions

Synelixis Solutions

Synelixis Solutions is a high-tech company founded to provide complete telecommunications, networking, security, control and automation solutions.

spriteCloud

spriteCloud

spriteCloud is an independent software testing, test automation and cybersecurity services provider.

Raonsecure

Raonsecure

Raonsecure is one of Korea’s leading ICT security software companies – providing a variety of PC and mobile security solutions to financial institutions, government, and enterprise.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

TwoThreeFour

TwoThreeFour

ThreeTwoFour provide tailored cyber security solutions, delivered by highly-skilled, experienced consultants who respond to the real needs of you and your business.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

RAND Corporation

RAND Corporation

The RAND Corporation is a non-profit institution that helps improve policy and decision making through research and analysis.

NormCyber

NormCyber

NormCyber provide award-winning cyber security and data protection as a service for midsize organisations.

TrustCloud

TrustCloud

TrustCloud is a global company specializing in the orchestration and custody of secure digital transactions including identification, signature, payments, and electronic custody.

Algoritha

Algoritha

Algoritha is a pioneering entity in the realm of security and forensic services.