In January this year, when the New World Hacktivists (NWH) attacked and crippled the then US presidential candidate Donald J. Trump’s official election campaign website www.donaldjtrump.com , they were unaware that this will not hurt his campaign at all but will help him gain more popularity to an extent that he would become the new 2017 US President leaving all polls, experts, media and analysts in surprise. But all cyber attacks are not so rewarding.
The year 2015 broke all previous records by nine-mega breaches. 113 serious cyber attacks exposed the identities of 429 million people. Experts were of the view that more companies chose not to reveal the real magnitude of their data breaches and if calculated with precision the compromised records could cross the figure of half billion.
Cyber Attacks in 2016; Review
In terms of cyber attacks, 2016 was more horrible than 2015. Cyber Crimes including Malware, PoS Malware, Account Hijacking, Targeted Attack, DDoS, DNS Hijacking, Local File Inclusion, Email Harvesting, Defacement, and Malvertising topped the lists. In 2016, 60.7% of the total reported internet incidents were Cyber Crime, 28% Hacktivism, 7.4% Cyber Espionage and 4.3% of Cyber Warfare. Major targets that came under cyber attack were Governments 29.3% 17.0% Finance, Law Enforcement Agencies and Single Individuals 8%, Organizations 6.7%, Online Services 5.3% and Educational institutions 4.0% among others.
October 2016 witnessed a major DDoS attack, in which the hackers attacked Dyn, a major company that runs the Internet Domain Name System (DNS). This attack left many popular sites including Netflix, Twitter, Spotify, Reddit, CNN, PayPal, Pinterest and Fox News unresponsive– as well as newspapers including the Guardian, the New York Times and the Wall Street Journal.
This was a year when hackers bit millions. More than 3,000 major data breaches in response to cyber attacks were reported exposing 2.2 billion records, and still, we have few days to its end.
This was a year when hackers bit millions. More than 3,000 major data breaches in response to cyber attacks were reported exposing 2.2 billion records, and still, we have few days to its end. 427 million passwords are on sale after a successful hack of MySpace, another hacker is selling millions of Twitter accounts, 171 million www.vk.com accounts were stolen, 51 million file sharing accounts were presented for sale on dark web, data of 2 million users was hacked from Ubuntu, Oracle reported data breach at Micros point-of-sale division, thousands of logins were stolen from Epic’s forums, millions of Steam Game Keys and 43 million www.last.fm account details were stolen as well.
Earlier this month, Iran reportedly attacked and destroyed computers at six critical organizations in the Saudi Arabia. Including Saudi’s General Authority of Civil Aviation. Thousands of computers were destroyed in the Saudi air office. A “digital bomb” was detonated inside the systems of several agencies in KSA with the name of “Shamoon Virus.” This is the same virus that in 2012 wiped the hard drives of its state-run oil giant, Saudi Aramco. In this attack, it not only deleted the files but replaced them with an image of burning American flag. Earlier, a cyber attack on the central bank of Bangladesh resulted in losses of $81 Million and prevented another $850 Million in transactions from being processed.
Looking Forward: The 2017 Security Landscape
The security landscape is consistently changing, so is the focus of the security industry. As the year passes by towards its end, experts are now thinking what types of crimes would emerge in the internet world next year. Although, hackers are quite sharp, intelligent and innovative as compared to the experts designated to defend but still they are able to forecast some areas and types of threats that we will possibly experience next year.
As the organizations and workplaces are introducing virtual reality and IoT connected devices, and their data is available to everyone in the office by cloud applications and solutions the focus will be shifted from protecting end-point devices towards safeguarding users and information across all applications and services.
As Ford, Munich, BMW, NuTonomy, Delphi, MobilEye, Volkswagen, General Motors, Toyota, Tesla, Audi A8, Jaguar, Landrover, Daimler, Nissan, Continental and even Google have coined that they will be launching driverless cars from 2017 onwards, it is an understood fact that these cars will be highly dependent on remote access networking. So, these will be vulnerable to hacking and cyber crimes as well.
We can, therefore, expect a large number of automobile hacking incidents in coming years. This could possibly include hacking driverless cars for ransom, spying activities including tracking their location, hijacking or for intelligence collection activities. This will also pose serious threats to the relationship between software firms and car hardware manufacturers. Future of driverless cars will be heavily dependent on their safety against cyber-attacks.
In recent years, for the internetworking of physical devices, electronics, software, actuators, sensors, buildings and other things, Internet of Things (IoT) has emerged as a dominant technology area in 2016. Through IoT, objects are sensed and controlled remotely in the network infrastructure, hence connecting computers with people for better efficiency, economic benefit, and accuracy.
It is expected that in 2017, IoT operated computers, mobile devices, heating and cooling systems, thermostats, ACs, Washing Machines, printers, building control and security systems will come under attack. So it is expected that our IoT controlled household lives and devices will come under attack in the upcoming year. The next year will be more crucial for IoT device manufacturing companies as insecure devices can not only kick them out of business but also will bring serious financial repercussions when recalling of these devices will be done for security updates.
Money is valuable, but in today’s world data is more. With the countless hardware failures, governments, companies, organizations and individuals now prefer to place the data on clouds. It is expected that in 2017, hackers would be focusing these clouds not for power show but for ransom instead.
Think of a situation when the whole operational data, machine codes, financial logs and customer profiling of your company, placed on the cloud, is hacked and the hacker is demanding good money to give the access back. How would you respond? Clouds are not protected by firewalls or other such traditional security measures. These attacks in 2017 can amount multi-billion dollars loss of crucial data and a huge amount of ransom.
This year Wells Fargo, Indian, Bangladeshi and Russian banks came under serious cyber attacks that cost them billions of dollars along with a lost goodwill. Terrorists and Rogue organizations in 2017 will possibly launch more coordinated attacks to the financial systems. Financial Terrorism will become a new terminology that will make people forget all previous instances.
In 2016, a new type of attack was introduced, “Fileless Malware.” In this attack, the infection is written on the RAM without copying or using files of any kind. This is difficult to detect the attack and can dodge the antivirus or intrusion prevention programs very cleverly. Such PowerShell attacks will increase in 2017 as well.
Recently Google initiated to label HTTP-only sites as unsafe. Free Secure Sockets Layer (SSL) and Google’s recent act will weaken security standards, driving potential spear-phishing or malware programs due to malicious search engine optimization practices.
An Information Warfare is also about to intensify in 2017. With America, China, Japan and Russia blaming one another for cyber attacks, it is expected that if continued this can even result in a serious Information War. Rich countries are putting more resources in cyber hacking and spying tools. There is no expectation that this will end in 2017. The World seems to have played enough with high-tech arms and ammunition. Time is approaching when the countries will be destroyed, not physically, but their information, communication, finance, defense and management systems will be ruined by means of cyber attacks. The security blame game will heat up in the days to come.
Time is approaching when the countries will be destroyed, not physically, but their information, communication, finance, defense and management systems will be ruined by means of cyber attacks
Except for firing bullets and missiles, the world today is using “Drones” for search and rescue, inspections, security, surveillance, science and research, aerial photography, aerial video, surveying and unnamed cargo system. “DroneJacking” will be a new term in Cybercrime-17. Hackers are expected to intercept drone signals and redirect them for their own benefit. Anti-DroneJacking technology is a new area that might emerge for cyber security agencies to do business in.
Man has born to invent, A few in crime and others in defense.