Además de detectar y eliminar los ataques maliciosos, los investigadores de seguridad y analistas tienen otro trabajo importante. Para predecir el futuro.
McAfee Labs han acaba de publicar un informe de predicción que se ve 5 years ahead and outlines the changes in the threat landscape by 2020. What are the types of attacks McAfee researchers predict to prevail in the next several years. The report emphasizes on 14 crucial sectors of cyber crime and its prevention:
Hardware, El ransomware, Vulnerabilidades, Payment systems, Attacks through employee systems, Cloud services, Wearables, Automobiles, Warehouses of stolen data, Integridad, Espionaje cibernético, Hacktivism, Critical infrastructure, Sharing threat intelligence.
Let’s have a look at what concerns us the most, being malware researchers ourselves.
Hardware Attacks are immensely magnified by the emergence of commercial attack tools. En 2015, McAfee researchers discovered the first commercial UEFI rootkit, including source code.The rootkit’s authors – the infamous – Equipo de Hacking, offer a platform called Remote Control. Parts of the tool have already been adapted for attacks observed in the wild. Providing source code has made things very easy for malicious coders to customize the threat for their own purposes.
What experts at the Labs believe is that copycat code and similar tools will be released in 2016.
Los investigadores de seguridad (incluidos nosotros) all agree that ransomware will continue to be a prevalent threat. We have already seen ransomware become a service available to whomever is interested to participate in its multiple affiliate programs. Besides the new versions of the well-known ransomware such as CryptoWall and CTB-Locker, McAfee believes new families will emerge in the next couple of years or so. Ransomware will continue to target victims for quick cash. Sin embargo, attacks on governments and financial institutions are expected to grow notably.
What experts expect to happen is vulnerabilities being exploited in areas beyond Windows – embedded systems, Internet de las Cosas, and infrastructure software will be the new targets for advanced threats and zero-day attacks. Ser más preciso, variants of Unix, popular smartphone platforms, IoT specific systems like Tizen and Project Brillo, and libraries (Glibc, OpenSSL, etc). The report also emphasizes on the fact that foundation libraries and components, especially open-source framework tools, are not as secure as they should be.
Attacks through Employee Systems
Attackers will continue to think of new ways to steal companies’ data. Researchers expect attacks on employees to increases while they are at home or travelling. When attackers are continuously blocked when attempting to breach the corporate data center, it’s only logical they will start targeting the insecure home systems of the employees. Respectivamente, en 2016 and beyond experts expect to see organizations think ahead and provide advanced security technology for employees to install on their personal systems.
Echar un vistazo a la totalidad McAfee report.
Más sobre el tema:
Cyber Crime Predictions for 2016