By Joe Dysart
2016 Cybersecurity Outlook
Still Chasing the Ever-Nimble Hacker
Intel’s wafer fabrication facility in Chandler, Arizona.
Businesses still reeling from seemingly endless reports of hacker break-ins last year should brace for even more sophisticated capers in 2016 as IT security departments simultaneously roll out new tactics for thwarting the criminals. Security experts say that the image of yesteryear’s hacker—the pimply faced teen on a lark for grins and giggles—has given way to organized-crime teams who are hell bent on stealing and monetizing stolen data.
“Select any economic sector at random, and the chances are high that you’ll find something in the media about a cyber-security incident or problem,” said Aleks Gostev, chief security expert at security software maker Kaspersky Lab.
The impact of hackers’ antics has never been greater. Witness a string of suicides that were attributed to the hack of Ashley Madison—a web meeting place for cheating spouses—which revealed the identities of 30 million spouses who had joined the website, according to “Hazards Ahead,” a November report released by security software maker Trend Micro.
“The evolution of breaches is beginning to take a turn toward real-world effects on enterprises’ bottom lines and people’s lives,” said Raimund Genes, CTO of Trend Micro.
High on the list to watch out for in 2016 will be a spike in ransomware showing up on Apple computers, which previously had been bypassed by hackers in favor of more prevalent Windows machines, according to Kaspersky.
“We expect ransomware to cross the Rubicon to not only target Macs but to also charge ‘Mac prices,’” said Juan Andres Guerrero-Saade, senior security researcher for Kaspersky Lab.
Also increasingly vulnerable will be point-of-sale computer systems and ATMs, according to the Trend Micro Report. Unfortunately, many of these systems are still running Windows XP, an obsolete operating system that stopped getting security updates from Microsoft more than a year ago.
More vulnerable, too, will be mobile devices, including those running the Android operating system, according to the Trend Micro Report. Hackers are also expected to spend more time plundering home computers, which can often serve as easy knock-offs to what hackers are really looking for: easy entry into the corporate networks they’re linked to, according to the “McAfee Labs Threats Predictions Report” that was released in November by Intel Security.
“Organizations should expect to be hit,” said Tom Kellermann, chief cybersecurity officer for Trend Micro. “Preparing to overcome this challenge will become the mantra in the winter of 2016.”
Equally vulnerable will be all those wondrous devices connected to the much-ballyhooed Internet of Things—including cars, according to the Intel report.
Unfortunately, just like any other computerized device, cars can be hacked, as security researchers Charlie Miller and Chris Valasek (who now work for Uber) proved with chilling certainty this past summer when they wirelessly hacked a Jeep. Incredibly, Miller and Valasek’s infiltration into the Jeep’s computer systems—which they hacked via the Sprint Network—gave them complete control over the vehicle’s steering, transmission, brakes and dashboard. Chrysler gulped and rushed out a software update on a USB drive to 1.4 million Jeep owners within weeks to correct the problem.
“Vehicles are now connected devices, confronting manufacturers and suppliers with a whole new world of security challenges,” said Hubertus von Roenne, a vice president at BT Global Services (www.globalservices.bt.com/us/en/home).
Expect the same kind of vulnerability for many of those brand-spanking-new devices such as activity trackers, smart watches and other gadgets and sensors. Most are long on the gee-whiz factor, but many are short on hacker protection, according to the Intel report.
Meanwhile, hackers are also expected to increasingly drill down much deeper into computers in 2016, bypassing software and operating systems such as Windows and instead infecting the machine’s BIOS or firmware—systems that were considered impenetrable until recently, according to the Intel report.
A case in point is the Equation Group Malware, which is capable of reprogramming a hard disk even after the infected computer has its operating system erased and its hard drive completely reformatted. Such feats, according to the Intel report, were “stunning” to uncover.
Incredibly, the coming year is also expected to give rise to the hacker as information broker, with hackers amalgamating data they’ve stolen about you from more than one database, repackaging it, and then selling the resulting much more dangerous and much more potent invasion of your privacy at a higher price. For example, instead of simply selling your stolen credit card info, an enterprising hacker could combine that data with other info stolen from your health insurance plan, tax return and company employee records.
Intel researchers said that hackers in 2016 will also be using personal data stolen from major security breaches during the past few years to steal even more data by phone or over the Internet, given that the same data is often used in challenge questions companies use to identify you.
Essentially, questions such as “What’s your social security number?” or “What street did you grow up on” will be child’s play for hackers who may already have this info on you from previous data breaches.
'Unfortunately, would-be hackers without the technical wherewithal to break into your computer have an easy alternative. There’s already a thriving market for off-the-shelf hacker software, which is specifically designed for the nontechnical criminal—a market that is expected to grow in 2016, according to “Kaspersky Security Bulletin: Predictions 2016,” released in December by Kaspersky.
Joe Dysart is an Internet speaker and business consultant based in Manhattan.
But even while increasingly sophisticated hacker break-ins appear inevitable in 2016, IT security experts don’t plan to take the onslaught lying down. Google, for example, has announced that it will issue regular security updates for its Android software, after being repeatedly stung by a series of hacks in 2015. And antivirus makers such as Symantec—which has candidly admitted that antivirus software is becoming increasingly ineffective against hackers—have added behavioral analytics to their arsenal. Essentially, behavioral analytics scout your PC for signs of unusual behavior or the installation of unknown programs and offer you quick tools and/or advice for how to (hopefully) neutralize the problem.
“Integrating breach-detection systems with intrusion-prevention systems is fundamental to decreasing the time hackers dwell on their networks,” said Trend Micro’s Kellermann.
Finally, the Cyber Threat Alliance—including Intel—has been formed to foster the sharing of information about hacker techniques and exploits between business, governments and security vendors.
“When we joined the Cyber Threat Alliance, we dedicated ourselves to working closely with our partners in industry and law enforcement to detect and disrupt cybercrime campaigns,” said Vincent Weafer, vice president of McAfee Labs Intel Security.