As we find new ways to defend ourselves from hackers, they find new ways to either break through our barriers or bypass them. According to Derek Manky, Fortinet global security strategist, “Every minute, we are seeing about half a million attack attempts that are happening in cyber space.” Every year it is important to be up-to-date and aware of the threats hackers are using to attack your systems, in order to be prepared to continue to fight back and defend your business. Here is a look at some of the threats we can expect from hackers this year:
Research company Gartner predicts there will be 6.8 billion connected devices in use in 2016, which is a 30% increase from 2015. By 2020, that number will jump to more than 20 billion connected devices, which means that for every human being on the planet, there will be between two to three connected devices. This rise in the “IoT” leaves many open opportunities for attacks. As companies race to get their “connected” devices on the market, security will often take a backseat.
The headless worm
In 2016 we can expect to see the first “headless worms”—a malicious code that targets headless devices, a device that lacks a graphical user interface, such as smartphones, smartwatches and medical hardware. These threats can multiply when billions of devices are connected across a system. FortiGuard researchers and others have already demonstrated that it is possible to infect headless devices with small amounts of code that can propagate and persist.
Attacks on the cloud
This year we can expect a large number of attacks on the cloud and cloud infrastructure. Our continued to reliance on virtualization, as well as private and hybrid clouds will motivate cyber criminals to make these attacks on the cloud. In addition, mobile apps rely on the cloud, which means that devices running with compromised apps will open the door for cyber hackers to access corporate networks and attack public and private clouds.
After the Sony Hack in 2014, extortion attacks, where attackers threaten to release sensitive data if the victim doesn’t pay meet another demand, were expected to grow in 2015. Last year, the Ashley Madison extortion attack hit the headlines, leading many experts to believe we can expect even more of these extortion attacks in 2016 as well.
Chip/Pin payment attacks
Retailers and hackers have been going in circles when it comes to customer’s payment data. Retailers stopped storing customer credit card numbers and transactions in databases, so hackers learned to grab the unencrypted data live as it went to banks for authentication. Then retailers encrypted that live data, but attackers installed malware on point-of-sale readers to grab data as the card was swiped. Now banks and retailers have put new chip-and-PIN cards in place to stop hackers, but we can only assume these attackers will find ways around the chip-and-pin systems as well.
These are just a few of the threats we can expect and prepare ourselves for in 2016. Often, cybersecurity seems to be a vicious, never-ending cycle of the “good guys” stepping up their security and training to prevent attacks, only to be followed by the “bad guys” discovering new methods to infiltrate systems. The good news is companies are continuing to educate themselves on cyber attacks and prepare themselves to defend against attacks.