2016 was a year of premieres and hit and runs – we’ve seen the first malware designed for IoTs, ransomware paralyzing hospitals and massive data leaks disrupting huge companies – twice.
To paint a clearer picture of the 2016 cybersecurity landscape, and how it will affect us going into 2017, we asked some of our finest cyber-security experts to share their opinion on the biggest “bads” and sprinkle in their best security tips.
“The ransomware industry exploded, as we’ve seen a lot of new families this year,” Cristina Vatamanu, malware researcher at Bitdefender says. “Known exploit kits now distribute various families of ransomware.”
Healthcare was particularly affected by ransomware. Media reports revealed that German and US-based hospitals were lost thousands of dollars, but not all agreed to pay the cyber-extortionists. Recently, three British hospitals suffered a malware attack that lead to the complete shutdown of IT systems and operations.
The main culprit? The human behind the computer, clicking whatever link or message seems more interesting.
Although cyber-attacks evolve in complexity, old-school social engineering tricks still work, whether we are talking about classic phishing schemes or spear-phishing,” says Adrian Miron, Head of Antispam Labs. “This year, spam has also taken advantage of real-life terrorist events to fool users into downloading malicious files.
Speaking of terrorism, 2016 witnessed very public confrontation between law enforcers and technology companies. Apple and the FBI battled over user privacy and decryption of private communications in the famous San Bernardino case.
When it comes to attack techniques, it seems some things stay the same. “It’s safe to say that email remains one of the most effective ways to spread malware, especially ransomware,” Miron adds.
Thus, as redundant as it may seem, this advice remains a high priority on experts’ list.
“The number one rule to avoid infections is to stop opening links, emails and documents from unknown sources,” says Viorel Canja, Head of Bitdefender’s Antimalware and Antispam Labs.
Cybersecurity will always be like a cat and mouse chase,” malware researcher Cristina Vatamanu adds. “No matter how vigilant anti-malware solutions may be, social engineering still works. So aside from keeping all your software up to date (to avoid vulnerabilities) and keeping your security solution updated (so you can take advantage of the latest malware protections), educate yourself! Be paranoid and don’t click any everything you receive in your Inbox. “
Bitdefender expects targeted attacks to increase in 2017, as threat actors such as governments and third-party organizations seek to exploit the security weaknesses in their competitors.
But what truly spiked this year, was the number and sophistication of threats targeting the IoT ecosystem. We’ve witnessed the birth of malware specifically designed for IoT gadgets – Mirai. In an unprecedented large-scale DDoS attack, Mirai took control of millions of compromised IoT webcams and DVRs and knocked down DNS provider Dyn and sites such as Twitter, Amazon and Netflix.
This year, devices turned rogue,” says Dan Berte, IoT Director at Bitdefender. “Ransomware and botnets are now entwined in the IoT – more vicious than ever, largely distributed, stealthy and potentially out of control in some product categories. “
Bitdefender predicts this botnet phenomenon will continue to grow in 2017, as there still are a lot of vulnerable devices out there and applying patches is a tedious process. Read more about 2017’s predictions, here.
“The major emerging threat for 2017 is the botnet made up of not-so-smart things,” says Catalin Cosoi, Chief Security Strategist at Bitdefender.
Lastly, we can’t forget cyber-security breaches. Financial companies had their share of problems. A single $81 million malware attack against a Bangladeshi bank targeting the SWIFT transaction software transformed into a large hacking epidemic.
LinkedIn, Oracle, Dropbox, Cisco and Yahoo also disclosed impactful data leaks that affected millions of their customers.
In Dropbox’s case, password reuse was devastating. An employee password, stolen during the 2012 LinkedIn breach, was re-used to access his Dropbox account. There, the user had uploaded a document containing Dropbox email addresses, and, apparently passwords.
That is why changing passwords regularly and enabling two-factor authentication are some of the best practices users can carry out themselves to boost account security.
Remember, passwords are the key to your privacy,” Berte says. “You need a system. And it has to be your system. Use a keychain tool like the one on the Mac, or a Wallet app like the one from Bitdefender for your PC. Generate random passwords using a generator for your websites and apps. Use really strong passwords for your email and social media accounts. Don’t slouch. One account compromised can compromise them all.”
Did we leave anything out?