Last week we recapped the big happenings of 2015 for CSID. This week, we’re switching gears to look ahead to 2016 and the trends we expect to dominate in the year to come.
All eyes on mobile
The rise of mobile payments (and recent participation from major players like Apple, Android and financial institutions like Chase), has made mobile a more attractive target than ever for cyber criminals. We expect that fragmentation, especially within the Android ecosystem, will exacerbate the problem, as different manufacturers are running multiple versions with no agreed-upon update system. This is an increasing problem particularly in the developing world where consumers are using older devices that are no longer supported by the manufacturer and as a result, no longer receive the critical patches and updates to address security flaws.
Additionally, as we look to the future, mobile attacks will be simpler than ever to implement. Just one example of this that we saw in 2015: the iOS text crash, where victims were infected just by opening a multimedia message (MMS). In 2016, we’ll see a rise in these simply orchestrated, yet impactful attacks on mobile devices.
Macs no longer immune to attack
While once seemingly impossible to penetrate, Macs will become the victim of increased focus from cyber criminals as they continue to gain popularity.
A recent report from Bit9 and Carbon Black states that 2015 was the most “prolific year for Mac malware in history.” Specifically, the report suggests that the OSX malware during this past year was a staggering five times more prevalent than the past five years combined.
It’s clear that Mac OSX is now a platform that we need to be concerned about. We’re no longer living in days where we can opt out of OSX updates and not worry about the materials we download. We’ll need to exercise increased caution across all of our devices in 2016.
The dark web as marketplace of ideas will exacerbate attack reach and impact
More than ever, we’ll see cyber criminals using the dark web to share tips and tricks amongst each other, making advanced threats and attacks more accessible to general users. With this, we’ll also see a rise in younger, less experienced, and non-traditional cyber criminals orchestrating attacks. The National Crime Agency recently reported that the average age of a cyber criminal has dropped to just 17 years old.
Malvertising and drive-by downloads will increasingly deceive users
We’ll see a rise in malvertising on legitimate, credible sites – like Forbes, BBC, and other top tier sites – that are sourced by external adware networks.
Malvertising, which takes the shape of seemingly innocuous ads on the internet, will infect users’ devices if clicked. What’s more, drive-by-downloads, which require a user to just visit a website to infect their device, will grow in popularity and be spread through MMS.
Internet of Things players will need to prioritize security
We’re seeing the Internet of Things (IoT) continue to gain momentum as more and more connected devices are brought to market. In 2016, developers will need to make security a priority. Even seemingly benign devices (like your connected refrigerator or thermostat) can serve as a pathway into your most sensitive information.
Vulnerabilities in in-car entertainment systems earlier this year demonstrated how hackers could, somewhat easily, take control of the car’s steering, brakes, and other vital features. In 2016, we’ll see an increasing focus on the security of the IoT, which may cause a shift in priorities at the product development level.