The latest threat predictions for 2017 paint a grim picture of what cybercriminals have up their sleeve for the year ahead. It’s no surprise that hackers are expected to only get smarter and more sophisticated, but Kaspersky Lab also revealed their tactics may be used as a weapon of information warfare. In this week’s Hacker Tracker, we explore what’s on the horizon for cybersecurity in the new year and how the industry is preparing to battle whatever may be coming next.
Kaspersky Lab recently announced its threat predictions for 2017, which point to a year ahead filled with new and improved attack methods. Cybercriminals are expected to utilize tailored and disposable tools, leverage misdirection in terms of attacker identity and take advantage of the increasingly fragile internet-connected world.
The cybersecurity company said 2017 may also bring a rise in memory-resident malware — a threat designed to target highly sensitive environments and disappear before the first reboot that will wipe the infection from the machine memory.
This particular malware will be used by stealthy attackers who are aimed at collecting credentials without arousing suspicion or discovery. Other top threat predictions for 2017 include a growing vulnerability to cybersabotage, espionage going mobile, cybercriminals targeting digital advertising and a greater compromise of payment systems.
“Kaspersky Lab expects to see the ‘commodification’ of attacks along the lines of the 2016 SWIFT heists in 2016 — with specialized resources being offered for sale in underground forums or through as-a-service schemes,” the company said in a press release.
As payment systems grow in usage and popularity, Kaspersky added that it expects to see this matched by a greater criminal interest.
Siri Can’t Keep A Secret
While Siri may be helpful in the daily lives of Apple iPhone users, it looks as though the virtual assistant may not be so good at safeguarding personal information.
According to a report by Forbes, hackers can use several steps to trick Siri into divulging personal data about a device user, including text messages, emails, browsing history and photos.
Bad guys must first determine the phone number associated with the device, which Siri can easily provide, and then, by placing a call from another phone to the device and answering with a text reply, they can make their way into the locked phone.
Instead of entering a text message to reply to the call, Siri can be asked to engage in some actions, including enabling VoiceOver, which allows people to interact with iOS via gestures. An example of this attack was posted on YouTube, noted Forbes.
The vulnerability currently exists on all versions on iOS 8.0 to 10.2 and can enable someone to access a device even if it is secured with a passcode or the biometric authentication Touch ID.
Malware Delivers For The Holidays
The holiday shopping season may bring good tidings and cheer, but it may also deliver an unwanted rise in malware infections.
November and December — the prime time for holiday shopping — are also expected to be busy months for malware attacks. Enigma Software Group (ESG) observed an 84 percent jump in malware infections during the holiday shopping season last year, which was a significant 42 percent jump from 2014. The company expects that number to only rise during this year’s shopping bonanza.
“The holiday shopping season is one of the busiest times of year for the cybercrooks who spread malware,” ESG spokesperson Ryan Gerding stated. “They know lots of people will be online looking for deals and tracking their purchases, and that makes those people vulnerable.”
Consumers can expect these malware attacks to come from all sides — scam emails promising great deals, malicious search results for top products and even fake emails from online retailers.
“These cybercrooks know that people are looking for good deals and are most likely in a hurry when checking emails and doing Google searches,” Gerding added. “And the infections they are creating are more diabolical than ever.”