20. December 2016

G DATA Security outlook on 2017: Ransomware attacks to rise

SME, critical infrastructure and IoT devices are at the center of attention for attackers.

12/20/2016 | Bochum  Locky, Petya, TeslaCrypt, GoldenEye – ransomware was one of the main topics in IT security in 2016. At the beginning of the year several hospitals made the headlines after being hit with ransomware. There is no reason to sound the “all clear” in 2017. Using this type of malware has proven exceptionally profitable for criminals. As a result of this, more and more advanced ransomware variants are surfacing. G DATA expects to see a rise in those numbers in 2017. Securing critical infrastructure and IoT devices are seen as one of the major IT security challenges for the year. The problem is that many devices which are connected to the web were never designed with internet connections in mind and connectivity was retrofitted later. In the product development cycle of those devices IT security did not play a defining role. Currently, attacks against routers of Deutsche Telekom and against the global company network of ThyssenKrupp have cause major waves in the media.

„Small and medium-sized enterprises need to be on their guard in 2017. The data of those organizations is of special interest to attackers. In many cases, criminals are only noticed when the damage is already done. With the increased need for privacy on one side and the increased demand for IoT devices on the other, the discussion about data protection will be heating up further“, says Tim Berghoff, G DATA Security Evangelist. “Targeted attacks against routers and IoT devices will increase in the future. What we have seen so far is only the tip of the iceberg. We also expect a substantial rise of ransomware cases for 2017. The use of file-encrypting ransomware has proven exceptionally lucrative.”

IT security forecast for 2017

  • Smartphones in the crosshairs: Mobile operating systems will be a target of increased interest. Hardware-based exploits (such as Drammer) have demonstrated that the lack of a transparent update policy in the Android as well as the iOS ecosystem may turn out to be their Achilles heel.
  • Cyber attacks against critical infrastructure: Numerous parts of what we consider to be critical infrastructure was built at a time when threats from cyber attacks were not a matter of concern. The ongoing digitalization leaves those environments vulnerable. Legacy systems are connected to the web, even though there are either no updates available for them anymore or the updates cannot be installed. We expect attackers to devote more attention to those potentially vulnerable systems.
  • Cloud providers: As more processes and products are becoming available „as a Service“, criminal are expected to be more active in this field, too. By now, “Crimeware as a Service” is a reality. Providers of cloud services are going to take on a more prominent role as targets of online criminals.
  • IoT threats: The Internet of Things will increasingly become a viable attack tool. The first reports of scenarios relying on IoT devices have already been circulated in the media. We can draw a connection here back to smartphones. After all, many of the devices that make up the Internet of Things are controlled or configured using a smartphone or a tablet. For many manufacturers, Security By Design has yet to become a reality in many product development cycles.
  • Health Care under Fire: After some spectacular cases of ransomware attacks against hospitals, things are going to remain interesting for the health care industry in 2017. Apart from malware-based attacks, data protection and privacy is taking center stage. Prevention of data leaks will constitute a major part of the industry’s security efforts.
  • Small and Medium Businesses: attacks against SME are going to remain a major topic for 2017. However, the chances are high that intruders are going to remain undetected. One possible reason for this is the false assumption that one’s own company may be too small or insignificant to be an interesting target.
  • Privacy legislation: On May 25th, 2018 the new EU GDPA will come into effect. It presents some challenges for companies and it will have global ramifications as well. Some consider the GDPA a counter concept to the Safe harbor successor „EU Provacy Shield“. According to GDPA, the confidentiality of data cannot be automatically assumed if they are stored & processed in a US-based cloud infrastructure.
  • Payment systems & Instant Payment: NFC-based payment systems are on the rise. New providers appear constantly and are under tremendous pressure to secure a leading market position. Security is not always the prime concern in this process. From November 10 on, SEPA transactions are going to be performed within 10 seconds of being triggered. This does not leave a lot of room for security checks. Criminals could try and exploit this to get quick access to illegally gained money.
  • Automotive: There have been successful attacks against the on-board systems of vehicles. We expect to see more reports emerging in 2017. While we do not expect those attacks to be performed with criminal intent, some of the findings will make the headlines. 

Media:

Files: