SponsoredPost Sponsored by AT&T Learn More
Watch these top 4 cybersecurity trends in 2017
By Charles Cooper
When it comes to cybersecurity, this much is guaranteed: security practitioners face a busy year. Cyberattacks set a record in 2016 and the threat environment is going to get even more dangerous in 2017. Here are four themes to watch for in 2017.
The changing face of ransomware
As more data gets stored on mobile devices than ever before, ransomware will continue to gain popularity with cybercriminals. This has been a lucrative exploit that encrypts content, making it unrecoverable unless a ransom is paid. But ransomware is also getting more sophisticated and can now target any device. At the summer DEFCON conference, for example, researchers from Pen Test Partners demonstrated how attackers can grab control of an internet-connected thermostat and lock its controls until victims accede to the ransom demand.
Another new wrinkle to watch: Cybercriminals are eschewing broad, spam-based attacks in favor of a greater number of precision spear phishing ransomware attacks. Their targets are often executives and other individuals in positions of authority who are more likely to pay to protect valuable corporate or personal information.
Open season on IoT
Billions of new Internet of Things devices are getting connected to corporate networks. But considering how many remain unsecure, greater adoption will only increase the number of hacker targets. Last October’s Dyn attack demonstrated how easy it was for cybercriminals to manipulate the IoT to wreak havoc on a wide scale. Especially troubling was the deployment of Mirai malware by hackers who used IoT devices as bots for the DDoS attacks. They also created an attack template for copycats. Cybercriminals can just as easily acquire Mirai source code and other attack tools to launch their own botnets or hook up with organized criminal groups on the internet that offer DDoS services for hire.
In addition to DDoS attacks using IoT devices, ransomware criminals are likely to try replicating their success elsewhere by launching ransomware attacks against IoT devices. The upshot: IT managers overseeing enterprise IoT deployments are going to have their hands full.
Mobile security threats everywhere
About 4% of all mobile devices are infected with malware, while about half are at high risk of exposing sensitive corporate data. Employees still disregard corporate protocol and download malware-laden mobile apps from unauthorized app stores onto devices they use to connect to corporate networks. Even when they follow recommended practices, there’s still risk; reputable stores have sometimes been fooled by rogue developers, who create malicious development environments designed to hide malware in apps that appear, at least superficially, to be safe. Bottom line: As more employees access corporate data via mobile devices, they are destined to become ever bigger targets for the bad guys in 2017.
Political hacking goes mainstream
Nation states have regularly conducted cyberespionage, but state-sponsored cyberattacks aren’t going to remain confined to industrial espionage. The Democratic National Convention hack offered a textbook example for how groups believed to be acting on behalf of state sponsors use stolen materials to propagate disinformation, sow discord or spread propaganda to further their political goals. Even those businesses that don't get involved directly with politics need to update their threat assessments. Fact is that any organization can wind up in the cross hairs of a rival nation.
And the threats no longer only emanate from nation states. Security practitioners also need to defend against threats posed by an assortment of politically minded hacktivists who use cyberattacks to promote causes or advance an agenda.
Charles Cooper has covered technology and business for the past three decades. All opinions expressed are his own. AT&T has sponsored this blog post.
在网络安全方面,下面这种情况是非常确定的:安全从业人员正在经历忙碌的一年。2016年的网络攻击创下了纪录,2017年的网络环境威胁将更加严峻。这里有四个需要注意的问题。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
敲诈软件(ransomware)的变脸
随着越来越多的数据存储在移动设备上,ransomware将继续受到网络犯罪分子的欢迎。这是一个有利可图的加密内容的漏洞,除非支付赎金,否则无法恢复。但是,ransomware也会变得越来越复杂,现在可以用于任何设备。例如,在夏季DEFCON会议上,Pen Test Partners的研究人员演示了攻击者如何控制互联网连接的恒温器,并锁定其控制措施,直到受害者接受赎金需求为止。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
另一个需要注意的新趋势是:网络犯罪分子正在避免使用广泛的基于垃圾邮件的攻击,而更多地选择基于大量精确钓鱼网络的ransomware攻击。他们的目标通常是高管和其他有权力的人,因为他们更有可能为保护有价值的公司或个人信息买单。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
IoT 开放季
数十亿新的物联网设备正在连接到企业网络之中。但考虑到有多少设备仍然是不安全的,更多的部署只会增加黑客攻击的目标数量。去年十月的 Dyn 攻击显示网络犯罪分子操纵大规模物联网上设备造成严重破坏是多么容易。更令人不安的是,黑客将未来(Mirai)恶意软件部署到 IoT 设备上并将其作为 bots 发起 DDoS 攻击。 他们还为盲从的模仿者创建了一个攻击模板。网络犯罪分子可以很容易就获得 Mirai 的源代码和其他攻击工具,或者通过与互联网上提供 DDoS 租赁服务的有组织犯罪集团勾结来发起自己的僵尸网络。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
除了使用 IoT 设备的 DDoS 攻击之外,ransomware 的罪犯很可能尝试通过发起对 IoT 设备的 ransomware 攻击来复制在其他设备上的成功。后果将是:监督企业中负责托管部署的 IT 经理将忙的不可开交。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
无处不在的移动端安全威胁
大约有4%的移动设备被恶意软件感染,与此同时,大约有一半的设备处在暴露企业敏感数据的高风险中。大部分企业员工仍然无视企业的安全协议,到非官方的 app 商店下载装有恶意软件的移动应用到他们用来连接到公司网络的那些设备中。即使他们用的是推荐的做法,仍然存在风险;流氓软件开发商创建了恶意的开发环境,让 app 应用中的恶意的软件隐藏起来,即使是信誉良好的应用商店也会被流氓的开发商所欺骗,因为至少它们表面上看起来是安全的。注意:越来越多的企业员工通过移动设备访问企业网络,而这注定要成为这些坏家伙们 2017 年的大目标。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
其它翻译版本(1)
政治黑客变得主流
国家会定期组织网络间谍活动,但是国家赞助的网络攻击目前依然只是被限制在专业的间谍活动上。民主党全国代表大会的黑客提供了一份教科书式的例子,他们代表了赞助者的利益,使用偷取资料的方式来传播错误的信息,散布是非或者传播口号以利于他们未来的政治目标。即使那些不直接参与政治的企业也需要重新评估威胁。实际上,任何组织都可能会被对立国家卷入这场磨难。
翻译于 3个月前
0人顶
顶 翻译得不错哦!
威胁不再仅仅来自国家。安全从业人员也需要防范各种使用网络攻击来传播或推动政治思想的黑客。
By Charles Cooper
Charles Cooper 在过去三十年里从事技术和业务工作。本文仅代表作者个人观点 。 AT&T赞助了这篇博文
3615
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
