Cyber Criminals Set to Get ‘Creative’ in 2017

Uploaded on 2017-01-26 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

IoT threats, new EU data laws and the industrialisation of cyber-crime are all set to dominate the agenda as we head into 2017, according to professional services giant KPMG.

David Ferbrache, technical director in KPMG’s cyber-security practice, made the predictions in his 10 expected trends of the coming year.

The Internet of Things will become a major threat vector and target in its own right, thanks to “misconfigured devices, default passwords, obsolescent operating systems and out of sight devices,” he claimed.

The Mirai DDoS attacks of late 2016 of course blazed a trail for the hackers in this regard.

More generally, Ferbrache predicted that the coming year would see cybercrime gangs increasingly leverage cheap labor and sophisticated tools to target victim organisations.

Social media will help these efforts, providing a wealth of information on employees which the black hats can use to tailor and personalise attacks in order to increase their chances of success.

Even ransomware will become “smarter and more targeted” as the year progresses, supported by the “as-a-service” model of the dark web, Ferbrache argued.

In fact, it already is, with reports emerging last week of fraudsters purporting to be Department for Education officials cold-calling schools to obtain the email addresses of head teachers, in order to improve the success rate of ransomware attacks.

Cybercrime tactics and targets will continue to evolve apace.

Ferbrache predicted that if the international retail banking community responds to recent high profile attacks by improving security standards, the black hats will likely look to fresh targets including insurance, e-payment and e-retail channels.

“We have already seen evidence of banking Trojans being re-purposed to attack the links between customers and e-retailers, with the aim of placing fraudulent orders for goods and services,” he told Infosecurity. “There is a risk that retailers implementing digital channels may find themselves being targeted by such criminals.”

The coming 12 months will see organizations and industry respond to the growing cyber threat in several ways, KPMG claimed.

Passwords will become increasingly rare as the security and business community realize they need better ways to authenticate which use “multi-factor authentication (including biometrics), behavioural analysis and contextual information to make judgements on whether the user really is who they say they are; and just how risky their attempted transaction really is.”

The board will get increasingly involved in security issues, holding CISOs to account for their decisions, and siloes between fraud prevention and cybersecurity will begin to come down.

Finally, the forthcoming European GDPR will propel privacy to the top of the boardroom agenda for any firm globally which handles data on European citizens.

Ferbrache urged firms to test their web portals against common attacks including DDoS, cross-site scripting, SQLi and others.

“Firms also need to secure their key payment infrastructure from manipulation in the event of a compromise of the firm’s corporate network. This is a combination of segregation of key systems (PCI DSS) and also effective fraud control and monitoring over such systems to detect anomalous transactions,” he explained.

“Firms also need to play through key cyber scenarios which might include the compromise of their payment systems or infrastructure, including how they would handle customer/client communications and restore confidence.

Info-Security:       2017: Cybersecurity At A Turning Point:      What Are The Big Cyber Threats In 2017?:

 

 

« UK Bank Fraud Landmark: TSB Repays Victim & Admits Giving Criminals Bank Accounts
Director's Departure Leaves A Big Hole At GCHQ »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The Josef Group (TJG)

The Josef Group (TJG)

The Josef Group Inc. is a certified woman-owned permanent staffing agency specializing in Information Technology, Engineering, and US Government "cleared" IT candidates.

TZ-CERT

TZ-CERT

TZ-CERT is the National Computer Emergence Response Team of Tanzania.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Yokogawa Electric

Yokogawa Electric

Yokogawa is an electrical engineering company providing measurement, control, and information technologies including industrial cyber security.

UK Cyber Security Forum

UK Cyber Security Forum

UK Cyber Security Forum is a community interest group for cyber security companies in the UK.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Infopulse

Infopulse

Infopulse is a global provider of Software Engineering, Cloud & IT Infrastructure Management, and Cybersecurity services.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Risk Based Security (RBS)

Risk Based Security (RBS)

Risk Based Security provide the most comprehensive and timely vulnerability intelligence, breach data and risk ratings.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

NWN Carousel

NWN Carousel

NWN Carousel delivers AI-powered technology solutions for the modern workplace. From unified communications and intelligent infrastructure to robust cybersecurity.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

CRYPTIQ

CRYPTIQ

CRYPTIQ empowers businesses to navigate the ever-evolving cybersecurity landscape with confidence and clarity.