Cyber Criminals Set to Get ‘Creative’ in 2017

Uploaded on 2017-01-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

IoT threats, new EU data laws and the industrialisation of cyber-crime are all set to dominate the agenda as we head into 2017, according to professional services giant KPMG.

David Ferbrache, technical director in KPMG’s cyber-security practice, made the predictions in his 10 expected trends of the coming year.

The Internet of Things will become a major threat vector and target in its own right, thanks to “misconfigured devices, default passwords, obsolescent operating systems and out of sight devices,” he claimed.

The Mirai DDoS attacks of late 2016 of course blazed a trail for the hackers in this regard.

More generally, Ferbrache predicted that the coming year would see cybercrime gangs increasingly leverage cheap labor and sophisticated tools to target victim organisations.

Social media will help these efforts, providing a wealth of information on employees which the black hats can use to tailor and personalise attacks in order to increase their chances of success.

Even ransomware will become “smarter and more targeted” as the year progresses, supported by the “as-a-service” model of the dark web, Ferbrache argued.

In fact, it already is, with reports emerging last week of fraudsters purporting to be Department for Education officials cold-calling schools to obtain the email addresses of head teachers, in order to improve the success rate of ransomware attacks.

Cybercrime tactics and targets will continue to evolve apace.

Ferbrache predicted that if the international retail banking community responds to recent high profile attacks by improving security standards, the black hats will likely look to fresh targets including insurance, e-payment and e-retail channels.

“We have already seen evidence of banking Trojans being re-purposed to attack the links between customers and e-retailers, with the aim of placing fraudulent orders for goods and services,” he told Infosecurity. “There is a risk that retailers implementing digital channels may find themselves being targeted by such criminals.”

The coming 12 months will see organizations and industry respond to the growing cyber threat in several ways, KPMG claimed.

Passwords will become increasingly rare as the security and business community realize they need better ways to authenticate which use “multi-factor authentication (including biometrics), behavioural analysis and contextual information to make judgements on whether the user really is who they say they are; and just how risky their attempted transaction really is.”

The board will get increasingly involved in security issues, holding CISOs to account for their decisions, and siloes between fraud prevention and cybersecurity will begin to come down.

Finally, the forthcoming European GDPR will propel privacy to the top of the boardroom agenda for any firm globally which handles data on European citizens.

Ferbrache urged firms to test their web portals against common attacks including DDoS, cross-site scripting, SQLi and others.

“Firms also need to secure their key payment infrastructure from manipulation in the event of a compromise of the firm’s corporate network. This is a combination of segregation of key systems (PCI DSS) and also effective fraud control and monitoring over such systems to detect anomalous transactions,” he explained.

“Firms also need to play through key cyber scenarios which might include the compromise of their payment systems or infrastructure, including how they would handle customer/client communications and restore confidence.

Info-Security:       2017: Cybersecurity At A Turning Point:      What Are The Big Cyber Threats In 2017?:

 

 

« UK Bank Fraud Landmark: TSB Repays Victim & Admits Giving Criminals Bank Accounts
Director's Departure Leaves A Big Hole At GCHQ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

Backup Technology

Backup Technology

Backup Technology is a world leader in the Online Cloud Backup, Disaster Recovery and Business Continuity market.

MetricStream

MetricStream

MetricStream provide integrated GRC solutions across business, IT, and security functions.

Crossword Cybersecurity

Crossword Cybersecurity

We work with research intensive European university partners to identify promising cyber security intellectual property from research that meets emerging real-world challenges.

Viavi Solutions

Viavi Solutions

Viavi Solutions is a global leader in both network and service enablement and optical security performance products and solutions.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

Bechtel

Bechtel

Bechtel’s Industrial Control Systems Cyber Security Laboratory focuses on protecting large-scale industrial and infrastructure systems that support critical infrastructure.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

ITonlinelearning

ITonlinelearning

ITonlinelearning specialises in providing professional certification courses to help aspiring and seasoned IT professionals develop their careers.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Qascom

Qascom

Qascom is an engineering company offering security solutions in satellite navigation and space cybersecurity. We are one of the European key players in GNSS authentication and security.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Outsource Group

Outsource Group

Outsource Group is an award winning Cyber Security and IT Managed Services group working with a range of SME/Enterprise customers across the UK, Ireland and internationally.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.