By Bev Robb, IT consultant
IT security threats for 2016 will be amplifying many of the cyberthreats that we have seen prevail throughout the year, while adding more emphasis to stealth threats. Ransomware will become hotter with threat actors and kiddie scripters alike, taking full advantage of streamlined and automated ransomware that promise lucrative financial gain.
It will be a year where we find out that our health care data does not primarily exist within the hub of the health care industry—but is actually shared or stored across many industries.
It will also become a year where we can expect a data breach to occur, at any time and in any place.
Here are my top 5 IT security threats for 2016:
1. More online extortion using ransomware
2016 will be the year of online extortion—with hackers re-doubling their efforts with continued use and evolution of ransomware like CryptoLocker.
With reputation and brand name on the line—cyberextortionists will leverage automated ransomware attacks—where businesses will sway beneath the threat of personal or reputational damage and will more likely pay the ransom, rather than suffer the consequences.
At the start of the year, ransomware as a service (RaaS) burst in with distribution through exploit kits and phishing emails. But, that is only the beginning. Now it is so user-friendly, a grade school child could operate it. RaaS is sure to become a top game changer in 2016.
2. More Internet of Things (IoT) attacks
I am a huge fan of the Shodan search engine— an Internet search engine that helps you to find vulnerable device targets. Shodan also finds unsecured IoT devices—while the good guys conduct research to locate vulnerable devices— the bad guys continue to exploit Shodan for their own personal gain.
I agree with other predictions that one of the top cybersecurity trends for 2016 will include: Worms and viruses will be designed to specifically attack IoT devices. The potential for harm could propagate millions of interactive devices.
3. More hacktivist activity with strategic campaigns
I anticipate we will see far more hacktivist activity in 2016 than we have ever seen before. Why? Because high profile hacks (such as the adult site hacks this year) leveraged stolen data to humiliate, shame, or bring to public attention a company’s unethical business practices.
With such vast and far reaching media coverage–hacktivists now have a national stage that can support their campaigns.
4. More stealth techniques to hide evidence of threat actor attacks
Several are predicting threat actors will use new techniques to thwart forensic investigations and hide evidence of their attacks.
“Ghostware is the Snapchat of malware. Snapchat, the popular social app, allows users to send photos and videos to friends that, once viewed, “disappear” and cannot be viewed again. The concept of ghostware is similar: The malware enters into a system, completes its mission (i.e., stealing data), then disappears without leaving a trace. ” says Waqas Ameri, HACKREAD.
Phil Burdette, Senior Security Researcher at Dell SecureWorks Counter Threat Unit (CTU) describes threat actors who use sophisticated attacks via implementing a company’s own legitimate tools to compromise and steal data from the network.
Burdette said that threat actors will use the same tools that a technology professional would use to be able to connect to a system, operate on a system, and take data off it. I predict that threat actors will become quite adept at “living off the land” in 2016.
5. More health record-related data breaches perpetrated by insiders
With more companies maintaining employee’s personal health data outside the health-care sector, there will be more opportunity for threat actors to obtain Personal Health Information (PHI).
An attack from the inside can allow unrestricted access to personal medical records via employee authorization—making it far easier for an insider with malicious intentions to go unnoticed.
Whether a malicious insider is posing as a trusted employee or a trusted employee is careless or negligent with PHI, companies will need to pay far more attention to insider threats next year.
Though these are only a few of the predictions that I think will gain more traction in the coming year—the threat landscape of 2016 will continue to evolve in the areas of online extortion, strategic attacks on IoT devices, more hacktivism, with more stealth techniques to hide threat actor evidence, and more insider health-related data breaches.
Perhaps Dell SecureWorks says it best:
“Cyberattacks happen every minute of every day. It’s not a matter of if you will be attacked, but when and how.
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.