Cyber Criminals Set to Get ‘Creative’ in 2017

IoT threats, new EU data laws and the industrialisation of cyber-crime are all set to dominate the agenda as we head into 2017, according to professional services giant KPMG.

David Ferbrache, technical director in KPMG’s cyber-security practice, made the predictions in his 10 expected trends of the coming year.

The Internet of Things will become a major threat vector and target in its own right, thanks to “misconfigured devices, default passwords, obsolescent operating systems and out of sight devices,” he claimed.

The Mirai DDoS attacks of late 2016 of course blazed a trail for the hackers in this regard.

More generally, Ferbrache predicted that the coming year would see cybercrime gangs increasingly leverage cheap labor and sophisticated tools to target victim organisations.

Social media will help these efforts, providing a wealth of information on employees which the black hats can use to tailor and personalise attacks in order to increase their chances of success.

Even ransomware will become “smarter and more targeted” as the year progresses, supported by the “as-a-service” model of the dark web, Ferbrache argued.

In fact, it already is, with reports emerging last week of fraudsters purporting to be Department for Education officials cold-calling schools to obtain the email addresses of head teachers, in order to improve the success rate of ransomware attacks.

Cybercrime tactics and targets will continue to evolve apace.

Ferbrache predicted that if the international retail banking community responds to recent high profile attacks by improving security standards, the black hats will likely look to fresh targets including insurance, e-payment and e-retail channels.

“We have already seen evidence of banking Trojans being re-purposed to attack the links between customers and e-retailers, with the aim of placing fraudulent orders for goods and services,” he told Infosecurity. “There is a risk that retailers implementing digital channels may find themselves being targeted by such criminals.”

The coming 12 months will see organizations and industry respond to the growing cyber threat in several ways, KPMG claimed.

Passwords will become increasingly rare as the security and business community realize they need better ways to authenticate which use “multi-factor authentication (including biometrics), behavioural analysis and contextual information to make judgements on whether the user really is who they say they are; and just how risky their attempted transaction really is.”

The board will get increasingly involved in security issues, holding CISOs to account for their decisions, and siloes between fraud prevention and cybersecurity will begin to come down.

Finally, the forthcoming European GDPR will propel privacy to the top of the boardroom agenda for any firm globally which handles data on European citizens.

Ferbrache urged firms to test their web portals against common attacks including DDoS, cross-site scripting, SQLi and others.

“Firms also need to secure their key payment infrastructure from manipulation in the event of a compromise of the firm’s corporate network. This is a combination of segregation of key systems (PCI DSS) and also effective fraud control and monitoring over such systems to detect anomalous transactions,” he explained.

“Firms also need to play through key cyber scenarios which might include the compromise of their payment systems or infrastructure, including how they would handle customer/client communications and restore confidence.

Info-Security:       2017: Cybersecurity At A Turning Point:      What Are The Big Cyber Threats In 2017?:

 

 

« UK Bank Fraud Landmark: TSB Repays Victim & Admits Giving Criminals Bank Accounts
Director's Departure Leaves A Big Hole At GCHQ »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Security Mentor

Security Mentor

Security Mentor provides innovative, online security awareness training designed for how people learn and work.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Markel International

Markel International

Markel International is an international insurance company which looks after the commercial insurance needs of businesses. Specialist services include Cyber Risk insurance.

Aeriandi

Aeriandi

Aeriandi is a leading provider of hosted PCI security compliance solutions for call centres, trusted by high street banks and major Telcos.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Netlawgic Legal Services

Netlawgic Legal Services

Netlawgic is exclusively focused on delivering cyber law solutions to the industry. We provide our clients with specialized attention and problem solving in all aspects of cyber law.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Upfront Security

Upfront Security

Upfront Security helps companies with innovative products & services to prevent, recognise and recover from (identity) fraud.

Visory

Visory

Great businesses depend on great technology. We make sure our clients go to market with enterprise-level technology and world-class security for their data and infrastructure.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Upwind Security

Upwind Security

Upwind delivers comprehensive cloud security, precisely when and where it’s most critical.

The Nu-Age Group

The Nu-Age Group

The Nu-Age Group is a technology services firm that specializes in managed IT services, cybersecurity, Cloud solutions, and strategic IT consulting.