In January 2017, D-Link Corporation together with its US subsidiary were sued by the TFC. In the lawsuit, TFC claimed that D-Link failed to take the necessary measures to secure its routers and IP cameras.
This led to the compromise of sensitive consumer information, like live audio and video feeds from D-Link IP cameras. Also, other IoT device manufacturers like TRENDnet and ASUS have been sued by the FTC.
This is a clear indication the IoT device manufacturers and other tech developers need to develop adequate security measures or face potential legal consequences.
The changing face of ransomware
Ransomware attacks will continue to gain popularity with cyber criminals as more data gets stored on mobile devices than ever before. Ransomware attackers encrypt data, making it inaccessible unless a ransom is paid.
As technology continues to evolve, ransomware also continues to evolve. And nowadays it can target almost any device. Researchers have been able to prove how hackers can breach Internet-connected thermostat and lock its controls until victims agree to pay the ransom demanded.
Another new trend to watch is in 2017 is where ransomware attackers are avoiding the common spam-based attacks, with the intention of conducting a more vicious ransomware attack. Targets of ransomware attacks often include company executives, people in authority who are more likely to pay to protect valuable corporate information.
Open season on IoT
Billions of IoT devices are getting connected to corporate networks now and then. Attacks on these devices will continue to increase as many of the devices will remain insecure. Hackers proved how they could wreak havoc on a wide scale after they last October’s Dyn attack.
The deployment of Mirai malware was very troubling, where hackers used IoT devices for the DDoS attacks. An attack template for copycats was also created in the process. Hackers can easily access the Mirai source code and other tools. These tools can be used to launch attacks or help them hook up with other cyber criminals who offer DDoS services for hire.
Cyber criminals are more likely to launch ransomware attacks on IoT devices following the successful DDoS attacks using IoT devices.
Mobile security threats everywhere
Nearly 4% of all mobile devices with internet connections have been infected with malware. Half of this number is at high risk or exposing sensitive corporate data. Many employees normally disregard protocols set by their companies and download mobile apps infected with malware. Most of these apps are downloaded from unauthorized app stores into these mobile devices which are normally connected to the corporate network.
Also, the employees are still at risk even if they follow the recommended practices. This is because rogue developers have fooled reputable app stores, thus creating malicious apps that hide malware.
Most of these apps appear to be normal and safe to use. Companies should be able to understand that as more employees continue accessing corporate data with their mobile devices, the more they become bigger targets for hackers in 2017.
Political hacking goes mainstream
For many years, many countries have conducted cyber espionage on a regular basis. However, industrial espionage will no longer be the only state-sponsored cyber-attacks. The Democratic National Convention hack is a perfect example of state-sponsored cyber attacks.
Hackers believed to be working on behalf of the government used stolen documents to spread disinformation, propaganda and sow discord. Businesses should update their threat assessments even though they are not involved directly with politics. The fact is, any business can be in the cross hairs of a rival nation.
Also, we should note that cyber espionage threats no longer come from nation states. Some political “hacktivists” use cyber-attacks to further their causes or promote an agenda. With this in mind, cyber security practitioners should be aware of such attacks.