1. Expect more ransomware
You know how you can be taken hostage by a gang until your family or employer pays a sum of money for you to be released? The same has been happening in the cyberspace for a while now and we can expect even more cases to be reported in the coming year as well. In the cyberspace, computer systems are illegally accessed by unauthorized parties who then go ahead to block access to those systems by the authorized parties until a certain amount of money is paid or some other demand they have is met. The software used in the process of illegally accessing the computer system is what is called ransonmware.
Marcus Hutchins, popularly known by his Twitter pseudonym @malwaretechblog, rose to international prominence after he stopped the further spread of a ransomware that had paralysed the United Kingdom’s public health system. The ransomware, which we now know as WannaCry, worked by encrypting various file types and then adding a queer .WCRY extension at the end of the file name. In order for anyone who needs access to the files encrypted by WannaCry to access them, they would need to pay at least the equivalent of Kshs 30,000 failure of which the ransom money would be tripled. The amount was to be paid in Bitcoin, no less.
WannaCry spread like bushfire around the world and on that fateful weekend in May, it captured the entire world’s organizations. It’s not just the UK’s public health system that felt the heat. Big ad agencies and foreign governments were affected as well, as if to pass a message that no one is being spared in this brave new world where systems run the show.
That is the world we live in now and it’s scary as hell. The future is even scarier thanks in large part to our use of the smartphone. We practically do anything personal and work-related on the smartphone today. The more data we store on these small computers, the more they become better targets for cybercriminals who can either steal the data or any information stored on those devices for sale or to just hold on to it until the victim and/or their organization pays up.
2. IoT-driven attacks will be on the rise
Last year (2016), internet infrastructure company Dyn was attacked by an army of botnets (networks consisting of computers that have been compromised and are being run by someone else who is not their owner, mostly to perform illegal things). Dyn’s attack led to major internet services and applications like Spotify, Reddit, Twitter, Amazon, Tumblr and major websites like the New York Times, the Verge etc being inaccessible for hours. This is because most of websites, apps and services rely on Dyn for their domain name resolution. However with just one blow on the source, the internet, as we know it, was brought on its knees and even the man on the street who may not be really interested in what’s up with cybersecurity, was affected as they couldn’t access some services.
The attack on Dyn, which was a DDoS (distributed denial of service) attack, was largely driven by Internet of Things devices (things like CCTV cameras).
Early this year, IT research firm Gartner forecast that this year alone, 8.4 billion connected things would be in use, an increase of 31% from last year (2016). Over the next two years, that number is expected to balloon to 20.4 billion! Now, imagine just a fraction of those connected devices being compromised and used to attack your company network. Scary, right? Yet that is a reality we have to live with. The more we make everything we use, from the light bulbs in our houses to fridges to door handles, connected to the internet, the more we become vulnerable to those with malicious intent.
And, for what it’s worth, botnets are not limited to just IoT devices (even though these ones bolster the chances thanks to their huge volumes and ease of compromising), just remember that 2017 is the year when a whole botnet on the Android platform was uncovered with 20 applications being culprits.
3. More and more phishing attacks
Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.
In 2017, the world’s most popular email service, Gmail, was the subject of a major phishing scheme that involved the use of Google Docs. That caught many unawares and Google had to move with speed to patch things up. Going into the new year, expect more and more reported instances of similar scams since this is a tried and tested method and people always fall for it.
4. Mobile security threats everywhere
We are not about to throw away our mobile devices for good. In fact, if anything, we are just getting started. That means that the risk of cybercrime landing on our doors is just going to keep increasing. It’s even worse when you think of the corporate environment (we looked at that in detail last time).
5. Cyber risk insurance will become common
With cyber threats looming and drawing lessons from 2017, organizations are likely to be in the market for solutions that ensure business continuity in the event the worst happens. At this moment in the country, that means turning to very few quarters for help. AON Kenya’s Cyber Enterprise Solution, an insurance cover that absorbs the cost that comes with (cyber) security breaches will be hoping that more and more companies see the sense to seek for cyber risk cover for the services they offer in the new year and beyond.