2017: More Apple Security Flaws, Cyberattacks, Hacktivisim
Dec 28, 2016 6:00 AM PT
More security vulnerabilities will appear in the software of Adobe and Apple than in Microsoft's, more attacks on the Internet's infrastructure will occur, and cybersecurity events will stoke international tensions. Those are a few of the predictions for 2017 that security experts shared with TechNewsWorld.
Users of Apple desktops and laptops for years have been relatively insulated from the kinds of malicious activity that has besieged those in the Windows world, but that's going to change next year, warned Trend Micro.
More software flaws will affect Adobe and Apple in 2017, compared to Microsoft, the company noted in a security predictions report.
Declining PC sales and an exodus to mobile platforms have dampened interest in targeting devices running Windows, Trend Micro explained. Microsoft also has upped its security game in recent times, which has made it more difficult for attackers to find vulnerabilities in Windows.
Follow the Money
Signs of hackers' increased interest in Adobe and Apple started appearing in 2016, Trend Micro noted. Zero day vulnerabilities -- flaws unknown to researchers until malicious actors exploit them -- numbered 135 for Adobe compared to 76 for Microsoft.
Meanwhile, Apple's vulnerability count during the same period increased to 50, shooting up from 25 in 2015.
The increased attention Apple has drawn from criminals can be associated with its growing success in the desktop and laptop market.
"There's a much broader use of Apple products now," said Ed Cabrera, vice president of cybersecurity strategy at Trend Micro.
"The criminals go where consumers and enterprises are," he told TechNewsWorld. "If consumers and enterprises are utilizing more Apple products, then that's where they're going to focus their activity, because that's where the money is going to be."
Distributed denial of service attacks long have functioned as a cyberweapon against websites, but their use reached a new level in 2016, when they disrupted Internet service in parts of North America and Europe by choking an important piece of Net infrastructure: the domain name system.
The DNS converts domain names into corresponding IP addresses. If a domain name can't be paired with its IP address, then a browser becomes lost on the Net.
More "upstream" attacks on the Internet will take place in 2017, said Chase Cunningham, director of cyberoperations at A10 Networks.
"If you're an enemy of someone who depends on the Internet for business or commerce, last year it was shown that if you upstream a little bit and launch a crafted Denial of Service attack, you can bring down large provider websites and infrastructure," he told TechNewsWorld.
"In 2017, we're going to see more upstream attacks, and DDoS is going to make a comeback as a cyberweapon," Cunningham said. "We're going to see a powerful denial of service attack on something that will cause problems for a national infrastructure."
Geopolitics Feeding Cyberattacks
Simmering tensions over nations hacking nations will come to a boil in 2017, predicted Tom Kellermann, CEO of Strategic Cyber Ventures.
"Geopolitics will be the harbinger for cyberattacks in 2017," he told TechNewsWorld.
Those cyberattacks will be fostered by both old and new presidents of the United States.
"Due to the president elect's rhetoric against China, Chinese hacking will begin again with increased vigor," Kellermann said. "North Korea will leverage IoT for more denial of service attacks against the West."
In addition, he continued, Trump's anti-Muslim statements during the presidential campaign have increased the membership of cyberterrorist organizations -- like al-Qaida and the Cyber Caliphate -- that will use their new resources to dismantle and destroy U.S. infrastructure in the coming year.
Russian cyberattacks also will increase.
"Once President Obama takes revenge upon Putin for the hacking of the election and other things, you will see increased cybermilitia activity via Russian proxies in Eastern Europe against the U.S.," Kellermann said.
A cyberhangover from a divisive and inconclusive presidential election also can be expected in 2017.
"Disillusioned American voters will become more inclined toward hacktivism," Kellermann predicted.
That hacktivism will be more destructive than it has been in the past, he said. For example, ransomware will be used to encrypt data solely for denying access to that data and not for ransom. Malicious software delivering "wiper" payloads, which destroy data, also will increase.
Voter disillusionment could give old line hactivist groups, like Anonymous, a new reason for being.
"Anonymous has been fractured for some time," Kellermann noted. "On Jan. 20, you could see a consolidation of Anonymous once again, for the cause of acting out against the incoming administration."
- Dec. 12. Quest Diagnoistics, a medical lab operator based in New Jersey, says it's investigating data breach in November that placed at risk the personal health information of some 34,000 people.
- Dec. 13. KFC in the UK advises some 1.2 million members of its Colonel's Club loyalty program to reset their passwords because of an intrusion at program's website.
- Dec. 13. Data for more than 200 million people allegedly from credit agency Experian is being offered on sale on the Dark Web for US$600, CSO Online reports.
- Dec. 13. A 17-year-old youth who previously admitted to cyberattack costing UK telecom company TalkTalk $75 million is sentenced to 12-month rehabilitation order in British court.
- Dec. 13. October data breach at Peachtree Orthopedics in Atlanta put 531,000 people at risk of identity theft, WSB-TV reports.
- Dec. 13. Frederick County Public Schools in Maryland says some 1,000 students who attended public schools between November 2005 and November 2006 are affected by data breach discovered in September.
- Dec. 14. Owner of adultery website Ashley Madison agrees to pay $1.65 million to settle state and federal cases stemming from 2015 data theft of personal information of 37 million users.
- Dec. 14. Yahoo says it's discovered data breach from August 2013 exposing accounts of more than 1 billion users.
- Dec. 14. Joshua Samuel Aaron, 32, arrested in New York City by federal authorities and charged with stealing contact information for more than 100 million customers of American financial institutions, brokerage firms and financial news publishers.
- Dec. 15. Threat intelligence firm Recordfed Future says it's discovered evidence that Russian-speaking hacker may have compromised more than 100 access credentials at U.S. Election Assistance Commission.
- Dec. 15. Protenus reports that the number of healthcare data breaches in November reached an annual high of 57 but records exposed during the month declined from October to 458,639 from 776,533.
- Dec. 15. Prosecutors in Los Angeles issue arrest warrant for Austin Kelvin Onaghinor, 37, for launching cyberattack on county that placed at risk confidential information of 750,000 people.
- Dec. 16. President Barack Obama vows to retaliate against Russia for interfering with U.S. elections by stealing information from computer systems of the Democratic Party.
- Dec. 16. Bleacher Report alerts its online and mobile users it is resetting their passwords in 72 hours due to a data breach of its systems.
Upcoming Security Events
- Dec. 20. Insiders Are the New Malware. 1 p.m. ET. Webinar by Presidio. Free with registration.
- Dec. 22. Part 2: How Is This Yahoo! Breach Different from Their Other Breach? 1 p.m. ET. Webinar by Fidelis Cybersecurity. Free with registration.
- Jan. 6. The 2017 Threatscape. 10 a.m. Webinar by Cyber Management Alliance. Free with registration.
- Jan. 9. 2017 Predictions: Authentication, Identity & Biometrics in a Connected World. 11 a.m. ET. Webinar by BioConnect.
- Jan. 12. 2017 Trends in Information Security. 11 a.m. ET. Webinar by 451 Research. Free with registration.
- Jan. 12. The Rise of Malware-Less Attacks: How Can Endpoint Security Keep Up? 1 p.m. ET. Webinar by Carbon Black. Free with registration.
- Jan. 12. FTC PrivacyCon. Constitution Center, 400 7th St. SW, Washington, D.C. Free.
- Jan. 13. I Heart Security: Developing Enterprise Security Programs for Millennials. 5 p.m. ET. Webinar by NCC Group. Free with registration.
- Jan. 13-14. BSides San Diego. National University, Spectrum Business Park Campus, 9388 Lightwave Ave., San Diego. Tickets: $30 (includes T-shirt).
- Jan. 16. You CAN Measure Your Cyber Security After All. 1 p.m. ET. Webinar by Allure Security Technology. Free with registration.
- Jan. 26. The True State of Security in DevOps and Expert Advice On How to Bridge the Gap. 1 p.m. ET. Webinar by HPE and Coveros. Free with registration.
- Jan. 31. Using GDPR To Your Advantage To Drive Customer Centricity and Trust. 5 a.m. ET. Webinar by Cognizant. Free with registration.
- Feb. 4. BSides Huntsville. Solutions Complex building, Dynetics, 1004 Explorer Blvd.,Huntsville, Alabama. Tickets: $10.
- Feb. 13-17. RSA USA Conference. Moscone Center, San Francisco. Full Conference Pass: before Nov. 11, $1,695; before Jan. 14, $1,995; before Feb. 11, $2,395; after Feb. 10, $2,695.
- Feb. 21. Top Trends That Will Shape Your Cybersecurity Strategy in 2017. 11 a.m. ET. Webinar by vArmour, American University, TruSTAR and Cryptzone.
- Feb. 25. BSides NoVa. CIT Building, 2214 Rock Hill Rd.#600, Herndon, Virginia. Tickets: conference, $25; workshops, $10.
- Feb. 28. Key Steps to Implement & Maintain PCI DSS Compliance in 2017. 1 p.m. ET. Webinar by HPE Security.
- March 28-31. Black Hat Asia. Marinia Bay Sands, Singapore. Registration: before Jan. 28, S$1,375; before March 25, S$1,850; after March 24, S$2,050.