A recently published report by Gartner & Raytheon (Dec-2015) makes some security predictions for the year 2016. The picture is not comforting at all. The already scary level of attacks by cyber criminals will rise even more because of the cyber terrorists (including the “Syrian Electronic Army” or SEA in short), who will be working in sync with ISIS and other such groups.
1. The US Elections Cycle Will Drive Significant Themed Attacks: The level of use of social and online media for US Presidential election process will exceed all earlier instances. The candidates have started opening websites with their own profile and are regularly updating those with campaign schedules, time tables, issue-based debates etc. They are also using facebook, Twitter, Instagram etc. as campaign tools. A 2014 survey showed nearly 74% of US adults use social networking. According to a recent survey by Pew Research Center, nearly 92% of the Americans are on social media. Of them 96% adults read news on Presidential election there. They have less interest and trust in traditional media like TV, newspaper etc. The candidates also are paying more attention to their Ads in social media sites.
This will make things easier for the hackers and spammers. Pretending to campaign on behalf of some candidate(s), they will present attractive / interesting topics or use offers as bait to trap / cheat users visiting social media as well as push malware, spam etc. in their email / computer.
2. The attack on Google, Bing etc. will reach an extremely high level. There will be attacks through facebook, Twitter “friend” / “connection”. Serious attacks like Highly Transient Web Threat (HTWT) will also happen.
3. Addition of the GTLD system will provide new opportunities for attackers: The top ten botnets like “Cutwell”, “Rustock”, “Mega-D” etc. will become even more powerful and active. They have been spreading spam to about 100 million computers around the world, which is 88% of all the 100s of billions of spam sent daily. In 2016, it might grow by 15 times or more!
Since multinational corporations and marketing agencies are becoming increasingly dependent on online services and web-based systems, there is big growth in “cloud computing”. Now the cyber criminals / terrorists are making “cloud computing” systems as their major target.
4. The cyber criminals will attack the “traditional customer authentication” methods used for online banking and financial transactions to steal funds from bank accounts. There will be tremendous rise in the “Man in the Browser” (MITB) Trojan attack incidents.
5. The cyber terrorists will also attach in guise of lucrative offers in emails (possibly as attachments) with attractive topics, pictures, invites as well fake web links, so that you step into their trap to reveal important personal information.
6. The criminals will also use “BlackHatSEO” to get the fake sites and/or links in front of you in search engine results by suppressing the genuine websites. For this they will use various SEO techniques, including paid SEO.
7. Fake Advertisements in the name of reputed media houses will be used to inject virus into those organizations’ websites. The hackers and spammers will use the still-in-use outdated technologies, such as unsupported and unpatched old software.
8. The tiny URLs used in facebook and Twitter are quite popular among users. Since those are easy to utilize, the criminals will target the tiny URLs to bring people to malware-ridden 100s of thousands of fake websites.
According to an estimate from a few years back by a security software firm, nearly 300,000 fake websites are launched EVERYDAY just to lure unsuspecting users and infect their computers with malware and virus.
9. The cyber criminals are going to use “SQL Injection” attack against the famous multinational banks, commercial and marketing companies around the world, including USA. Along with that they will use Phishing (stealing data through browser / email), Vishing (stealing data via phone calls), Smishing (via SMS to mobile phones) attacks.
10. There will be major increase in the cyber terrorists’ use of “foreign language spam” as well as “identity theft” attacks to steal our “digital signatures” for online (commercial / legal / financial) activities.
The only protection is to be super-careful (being paranoid is OK), even for individuals, because our own personal finances can be ruined by such attacks. A whole lot of people have already been burnt by “ransomware” (a kind of malware). Phishing and Vishing are still going on, and people continue to fall for those. On the other hand, a lot of computer users are oblivious about upgrading their software — Operating Systems, Applications, Browsers etc., even if free upgrades are widely available. There are a lot of people who derive extra pleasure in using pirated software, without understanding how dangerous it is for THEMSELVES. The big software companies can afford to lose a couple of billions in lost revenue due to piracy, but a compromised computer can terribly affect an individual’s life or a small business. It really doesn’t cost much when it’s spread over the lifetime of a computer and software. However, some people still find it necessary to avoid paying the dues and lead a risky life. Also, some computer users indiscriminately download and install “free” software from the Internet. Is “free” a business model for anyone? Yes, there are some legitimate “free” (mostly open source) software organizations, but they are well known. Why use software from a random company that pops up in a Google search? Does anyone buy any other thing like that? In real life do you use an item handed out by a complete stranger? Hopefully not.
It’s important to practice “Safe Computing”:
a) Use ONLY legitimate software
b) Use RELIABLE anti-virus from a REPUTED company
c) Regularly update / patch software
d) Monitor network to detect intrusion / infection
e) Take automatic backup of all important data
The challenges are grave. The threats are real. The repercussions can be devastating. It’s worth being extra careful.