Cyber Security: Predictions 2016

The Industrial revolution in the 17th century Britain introduced technological advancements in various fields but it also led to an enormous increase in crime as most criminals were poor, unskilled and uneducated people from overcrowded cities and rural villages. The movement of people from villages to cities put a lot of pressure on the already existing lower classes. In this digital age, communication has evolved from being real to virtual and the whole world is a global village connected through internet. This Digital Revolution has created a new forum for both terrorist activity and criminal behavior.

Critical infrastructures, emergency services, public utilities, banking sectors, food supplies, and transportation systems, have resulted in interconnectivity which is inconsistent with traditional security strategies. People have failed to deploy additional protection to safeguard their digital life. In fact, it may be argued that the Digital Revolution has hatched a favorable environment in which traditional criminals are adapting and new ones are emerging. India continues to be an attractive option for hackers.

Cybercrime in India has increased immensely in 2015, with 72 per cent companies accepting that they faced online attacks and 94 per cent respondents indicated that cybercrime is a major threat faced by organizations, according to KPMG Cybercrime security report 2015.

Also, India was one of the top target countries for Web Application Attacks as stated by Akamai Q2 2015 State of the Internet report.

Here are few security predictions for the year 2016.

Privacy concerns

Many of us receive promotional e-mails, calls or messages when we don’t even ask for such information in the first place. This can be perceived as a lack of transparency on the part of the companies. What is done with our personal data is a question worth asking. Hackers are known to break into accounts and company databases to see our private information. The legal or permissible use of data collection and analytics on consumer behavior is likely far more common and wider impacting.

Cisco midyear Security Report reveals that global cyber governance is not prepared to handle the emerging threat landscape or geopolitical challenges. The question of boundaries — how governments collect data about citizens and businesses and share among jurisdictions — is a significant hurdle.

With IoT and billions of connected devices, privacy concern as an argument has entered the mainstream debate. Furthermore, as big data grows, enterprises need a robust data privacy solution to help prevent breaches.

Attack on mobile devices and Point of sale (POS) to intensify

According to ESET survey, 40.8 per cent of Indian respondents engage in risky behaviors online making India the nation with the most risk taking tendencies when it comes to cybersecurity. In 2016, cybercriminals will ramp up attacks on mobile devices and point of sale (POS) systems. Hilton Worldwide recently suffered a breach when a malware attacked its point of sale (PoS) system thereby enabling attackers to steal credit card information.

We also have the third largest Internet user base in the world out of which more than 50 per cent are mobile-only internet users this brings us into a high risk zone where hackers will exploit key vulnerabilities to breach these devices.

Hacktivism will continue to grow

Hacktivist group Anonymous has been involved with many high profile attacks on government, religious, and corporate websites through DDoS (Distributed denial-of-service) attack. Starting the year by condemning the attack on Charlie Hebdo and attacking ISIS related websites and Twitter accounts the group has warned of massive retaliation after the recent Paris attacks. We can surely expect that next year more and more of such attacks will be on the agenda of the hacktivists. Access to real-time actionable threat intelligence will be the key for protection against these threats.

State sponsored cyber-attacks to increase

A large-scale global cyber spying operation was discovered in March 2009 by Infowar Monitor. Termed as GhostNet, this APT had infiltrated high-value political, economic and media locations in more than 100 countries including India.

According to Sergey Novikov, Deputy Director, Global Research & Analysis Team, Kaspersky Lab, “The line between financially motivated gangs and nation-sponsored cyber gangs is shrinking and the potential impact of these attacks will always be bigger than the numerical significance of such attacks.” The other major concern is that these cyber weapons can be reused and can resurface whenever the need arises. According to Kaspersky research these advanced attacks generally focus on:

• Factoring RSA-1024 keys

• Live modification of OS updates

• OS boot process orchestration

• Jailbreaking mobile OS

• HDD firmware infection

In a nutshell such attacks combine the most destructive elements like complete data exfiltration and disclosure, global DoS via destructive malicious code, public defacement and credential dumps.

Critical infrastructure to be targeted

Attacks against SCADA systems are on the rise, and tend to be political in nature as they target operational capabilities within power plants, factories, and refineries.

Greater focus on critical infrastructure protection (CIP) is expected in 2016 as the weaknesses in industrial control systems (ICS) are detected by states to launch such attacks globally. In January 2015, a German federal agency revealed that an Advanced Persistent Threat (APT) attack physically damaged an unnamed iron plant. Further investigation revealed that the attackers had advanced know-how of not only conventional IT-security, but also precise technical knowledge of the industrial control systems and production processes used in the plant.

Attackers can easily access the tools to search the internet and locate sites on which ICS hardware runs openly. Organizations need to conduct a thorough analysis of their network device and service exposure to the internet.

Attack on Open source software inevitable

The software ecosystem is saturated with many OSS products. Many of these products, or libraries, such as OpenSSL, are even integrated into another piece of software thereby creating widespread vulnerabilities once the exploits are developed. Though many OSS projects consist of many files and thousands of lines of code, a professional hacker can simply download a copy of the program and review its source code to identify flaws through reverse-engineering.

Ransomware

According to security solutions firm Symantec, India witnessed as many as 60,000 ransomware attacks on computers last year, making it the third-most attacked nation in Asia. Recently, two well-known Indian companies faced ransomware attacks and were forced to pay the amount. India ranks ninth globally—along with developed countries such as the US, Japan, Germany and Italy—and on top in Asia Pacific in terms of ransomware attacks. The average ransom, demanded in India last year was USD 200 or around INR 13,000 according to the same report.

Till last year, most of the ransomware attacks happened on PCs, but the latest ISTR 2015 report by Symantec reveals that hackers have diverted their attention towards Android thereby making the digital extortion process mass-scale.

Attack on communication channels

More than a third of users take no additional precautions when logging on to public Wi-Fi. Also, with the rise in the number of IoT based smart products, billions of devices are expected to be connected by 2020. Given the growth witnessed by the Indian companies in recent years and with increased Internet penetration, India is becoming more integrated to the global cyber village, thereby, making it more vulnerable to such attacks.

Hot products/developments to expect in 2016

• India has the world’s second largest population, and a very small cyber security economy. According to a latest PwC report, India’s cyber security market size is expected to cross $1 billion USD by 2016.

• The network security sandbox market is set to grow immensely as advanced persistent threats (APTs) have made it mandatory to implement behavioral approach to detecting malware.

• 2014 was an important year for companies offering cyber insurance with a significant jump in both the number of companies offering cyber insurance and the number of firms buying them. Demand for that insurance rose by 21 per cent across all industries and the same can be expected next year.

Hot products released in 2015

Seagate Surveillance HDD – is the world’s first 8TB surveillance hard drive disk (HDD), the largest drive of its kind for surveillance applications in the industry. Targeting surveillance system integrators, end users and system installers, the Seagate Surveillance HDD offers the highest capacity on the market.

ESET Mobile Security & Antivirus

With the strong detection rate, this security app has an easy-to-use interface. The app comes with a suite of anti-theft tools. This enables you to remotely locate and lock your smartphone or tablet, and you can prevent anyone from uninstalling apps by using password protection.

eScan – Mobile Anti-virus

eScan Mobile Anti-virus and Security for Android protects your device against evolving cyber threats, thus ensuring you its uninterrupted usage. It restricts unauthorized access of data, in case the device is lost or stolen. It allows remote locking, data wiping, SIM watching and even helps to locate phone through GPS finder. Also, the app comes with parental control featuring enabling you to block specific websites and applications.

360 Security

The latest 360 Security app has several new features to secure your device from threats. It has a good blend of usability and protection. It offers smooth performance and a host of extra features as well. It also optimizes your background apps, memory space, junk (cache) files and battery power, while keeping your device safe from virus and trojan. This also has the anti-theft solution that includes, Erase, Locate, Alarm and Lock can assist you with retrieving a lost device and protecting personal data. Scan installed apps and local APK files in real time and also monitor each installation process.