Intel identifies IoT as major threat risk in 2017
December 1, 2016
The most critical threats to watch for next year will be in cloud and the IoT security, according to Intel subsidiary McAfee Labs in its 2017 threats predictions report. The publication identifies 14 threat trends to watch in 2017 and the six most difficult-to-solve problems facing the cyber-security industry.
The report reflects the opinions of 31 Intel security experts. It examines current trends in cybercrime and makes predictions about what the future may hold for organisations working to take advantage of new technologies to advance their businesses and provide better security protection.
"To change the rules of the game between attackers and defenders, we need to neutralise our adversaries' greatest advantages," said Vincent Weafer, vice president of McAfee Labs. "As a new defensive technique is developed, its effectiveness increases until attackers are compelled to develop countermeasures to evade it. To overcome the designs of our adversaries, we need to go beyond understanding the threat landscape to changing the defender-attacker dynamics in six key areas: information asymmetry, making attacks more expensive, improving visibility, better identifying exploitation of legitimacy, improving protection for decentralised data, and detecting and protecting in agentless environments."
The 2017 threats predictions run the gamut, including threats around ransomware, sophisticated hardware and firmware attacks, attacks on smart home IoT devices, the use of machine learning to enhance social engineering attacks, and an increase in cooperation between industry and law enforcement.
Ransomware attacks, it says, will decrease in volume and effectiveness in the second half of 2017. Windows vulnerability exploits will continue to decline, while those targeting infrastructure software and virtualisation software will increase.
Hardware and firmware will be increasingly targeted by sophisticated attackers, it says. Hackers using software running on laptops will attempt drone jackings for a variety of criminal or hacktivist purposes.
Mobile attacks, it says, will combine mobile device locks with credential theft, allowing cyber thieves to access such things as banks accounts and credit cards.
And it predicts that IoT malware will open backdoors into the connected home that could go undetected for years.
Machine learning, Intel believes, will accelerate the proliferation of and increase the sophistication of social engineering attacks.
Fake ads and purchased "likes" will continue to proliferate and erode trust. Ad wars will escalate and new techniques used by advertisers to deliver ads will be copied by attackers to boost malware delivery capabilities.
Hacktivists, it says, will play an important role in exposing privacy issues. Leveraging increased cooperation between law enforcement and industry, law enforcement takedown operations will put a dent in cybercrime. And threat intelligence sharing will make great developmental strides in 2017.
Cyber espionage, it believes, will become as common in the private sector and criminal underworld as it is among nation states. Physical and cyber-security industry players will collaborate to harden products against digital threats.
McAfee Labs provided predictions for IoT and cloud security during the next two to four years, including threat, economic, policy and regional trends likely to shape each area. Gathering insights from Intel security researchers, it anticipates the responses expected from device manufacturers, cloud service providers and security vendors.
The cloud predictions touched on topics such as trust in the cloud, storage of intellectual property, antiquated authentication, east-west and north-south attack vectors, gaps in coverage between service layers, for-hire hackers in the cloud, denial of service for ransom attacks, IoT implications for cloud security models, laws and litigation versus innovation, movement of data across borders, biometrics as cloud enablers, cloud access security brokers, protection of data at rest and in motion, machine learning, cyber insurance, and on-going conflicts pitting speed, efficiency and cost against control, visibility and security in cloud offerings.
The IoT predictions focused on cybercrime economics, ransomware, hacktivism, nation-state attacks on criminal infrastructure, challenges for device makers, privacy threats and opportunities, encryption, behavioural monitoring, and cyber insurance and risk management.
The difficult-to-solve problems section of the report challenges the industry to improve threat defence effectiveness by reducing information asymmetry between defenders and attackers, making attacks more expensive or less profitable, improving visibility into cyber events, better identifying exploitation of legitimacy, improving protection for decentralised data, and detecting and protecting in agentless environments.
• Tom Lantzsch has joined Intel's executive leadership team as senior vice president and general manager of the IoT Group. He comes to Intel with more than 30 years of experience in Fortune 500 and early-stage start-up companies. Most recently, he was the executive vice president of strategy at ARM, where he spent the past ten years of his career.