
2016
SECURITY PREDICTION
The security threat landscape is constantly changing, as cyber criminals deploy old and new methods to expand their reach, exploit users and gain access to valuable data. To play better defense, WatchGuard recommends following security best practices; training employees about threats and targeted social engineering techniques; and deploying the latest network security technologies so organizations identify security issues in real time to address the majority of attacks we anticipate in 2016
|
1. RANSOMWARE COMES LOOKING FOR YOUR DROIDS
Cyber Criminals Reach New Platforms:
Ransomware has grown up, with new strains of file encrypting malware being so good that many victims have paid ransoms. To date, ransomware primarily targets Windows. Next year, we expect cyber criminals to make very effective ransomware for alternate platforms, including Android mobile devices and Mac laptops.
|
2. IT’S A TRAP!
Social Engineering Keeps People as Your Biggest Threat:
Recent advanced network breaches have one thing in common, they all started with spear phishing the user. Cyber criminals target specific users with customized social engineering tactics to trick trusting users into giving up their access privileges. We recommend dedicat-ing budget each year to provide employees with security awareness training that includes the latest social engineering techniques.
|
|
3. THE IOS MENACE
Malware on iOS Will Rise:

Google’s open platform strategy has translated into more threats against Android devices than Apple’s iOS. Last year, cyber criminals infected Apple’s development platform. We believe criminals will continue to exploit this attack vector to sneak malware onto Apple’s official marketplace. Criminals will launch more targeted attacks against iOS.
|
4. JAR JAR CAN’T RESIST ADS FROM THE DARK SIDE
Malvertising Increases by Leveraging Encryption:

Malvertising, a combination of the words malware and advertising, is an attack where criminals booby-trap a trusted website with a malicious code by sneaking it in through advertising. Some services and products are getting better at detecting malicious advertise- ments, however, the criminals are fighting back. In 2016, we expect malvertising attempts to triple, and to succeed more regularly through the use of HTTPS. If your organization does not have security controls that can monitor HTTPS, plan to update as soon as possible.
|
|
5. SMBs CAN’T LET BASIC SHIELDS DOWN
Security Breaches Go Back to Basics:

A majority of successful security attacks –especially ones against smaller targets– still rely on the basics. Despite some threat actors using sophisticated techniques, most Small to-Medium Business (SMB) security breaches will come back to basic security best practice failures. There is a silver-lining. If you concentrate on following basic security best practices, you will avoid a majority of the attacks in 2016.
|
6. JANGO FETT AND THE CLONE ARMY ARE COMING
Automation Brings Security to the Next Level:

Today’s automated attacks constantly evade reactive defenses. Signature-based protection is no longer effective. While human analysts can identify new threats by monitoring for suspicious behaviors, cyber criminals release such a volume of new threats that humans cannot keep up. The solution? Artificial Intelligence (AI) and machine learning that can automatically recognize and help track malicious behavior.
|
|
7. STARFLEET ACADEMY TARGETED
Cyber Criminals Go Back to School to Get Data:

Information security is all about protecting data, so the personally identifying information (PII) required to steal data that provides a full identity is valuable. The amount of data collected about children while they are students in school is staggering and health records represent one of the richest PII datasets. This, combined with open network environments found in educational facilities, is why we expect cyber criminals to target student data systems. If you run IT for an educational facility, be on the lookout for hackers next year. |
8. BREACHES COME TO THE IOT FRONTIER
Hijacked Firmware Attacks the Internet of Things:

When a hacker hijacks a computer, making sure malicious code stays on the device is the plan. However, hijacking the Internet of Things (IoT) is a different story. Most IoT devices don’t have local storage and have few resources, so getting code to stick involves modifying the firmware. Next year, we expect to see proof-of-concept attacks that permanently modify and hijack the firmware of IoT devices. In response, we expect to see vendors start to harden and security IoT devices by implementing secure boot mechanisms that make it more difficult for attackers to modify firmware. We recommend vendors get in front of this learning curve. |
|
9. SPIES SLIP INTO WIRELESS ALLIANCES
Wireless “Ease-of-Use” Features Expose the Next Big Wireless Flaw:

The next big wireless security vulnerability will involve “ease-of-use” features that clash with real world security. For example, the Wi-Fi Protected Setup (WPS) standard is designed to make it easier for new users to join a secure wireless network without having to remember a complex password. Unfortunately, it suffers from a flaw that makes it easy for attackers to gain quick access to the wireless network. We expect the next wireless vulnerability will involve an ease of use feature that enables users, and hackers, to join a network. |
10. ALIEN ATTACKERS HIJACK OUR BROADCAST SIGNAL FROM SPACE
Hacktivists Hijack Broadcast Media:

Unlike cyber criminals, who stay under the radar, hacktivists like to make big, splashy messages designed to get attention. The whole point of “cyber” activism is to use technology to get as many people as possible to notice your message, whatever it may be. Anonymous is a great example of this with well-known videos. Next year, we predict hacktivists will do something big that broadcasts their revolution to the world live. |