Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn’t mince words.

Rubber Ducky, You Make Bot Time Lots Of Fun In light of the rise of the Mirai botnet this year, we weren't surprised to see many industry insiders predicting a ramp-up in weaponization of the Internet of Things (IoT) to carry out widescale DDoS attacks in 2017. This isn't a brand new phenomenon, just a burgeoning one; in fact it was one of the boldest predictions we made for 2016 that actually came true. One security fortune teller, however, was extremely specific with his IoT botnet predictions. 'We expect to see hackers continue to exploit IoT device vulnerabilities to launch attacks, and they will likely use Edwin, the app-connected smart duck who will be the biggest security threat of the year,' says Jeff Harris, vice president of solutions for Ixia. 'Hackers will leverage Edwin to launch the 'Rubber Ducky Botnet Army' of 2017, making it critical for organizations to better defend their networks to prevent the strong DDoS attacks made possible through a yellow ducky.' Image Source: Adobe Stock

Rubber Ducky, You Make Bot Time Lots Of Fun

In light of the rise of the Mirai botnet this year, we weren’t surprised to see many industry insiders predicting a ramp-up in weaponization of the Internet of Things (IoT) to carry out widescale DDoS attacks in 2017. This isn’t a brand new phenomenon, just a burgeoning one; in fact it was one of the boldest predictions we made for 2016 that actually came true.

One security fortune teller, however, was extremely specific with his IoT botnet predictions.

“We expect to see hackers continue to exploit IoT device vulnerabilities to launch attacks, and they will likely use Edwin, the app-connected smart duck who will be the biggest security threat of the year,” says Jeff Harris, vice president of solutions for Ixia. “Hackers will leverage Edwin to launch the “Rubber Ducky Botnet Army” of 2017, making it critical for organizations to better defend their networks to prevent the strong DDoS attacks made possible through a yellow ducky.”

Image Source: Adobe Stock

Drone Jacking Reaches New Heights Speaking of IoT security, some of the most interesting expectations for attacks in this field involved unmanned aerial vehicles. Namely, that as drones become more widely used by businesses for deliveries, filming, surveillance, and more, attackers are going to see them as a prime hijacking candidate. 'Drones have their own unique identity but they could be considered mobile as well as IoT devices as they start connecting with other devices,' says Mandeep Khera, CMO of Arxan. 'As drones start getting more used for deliveries of goods, expect dronejacking and other attacks. Hackers can also cause drones to malfunction with malware, resulting in injuries.' Image Source: Adobe Stock

Drone Jacking Reaches New Heights

Speaking of IoT security, some of the most interesting expectations for attacks in this field involved unmanned aerial vehicles. Namely, that as drones become more widely used by businesses for deliveries, filming, surveillance, and more, attackers are going to see them as a prime hijacking candidate.

“Drones have their own unique identity but they could be considered mobile as well as IoT devices as they start connecting with other devices,” says Mandeep Khera, CMO of Arxan. “As drones start getting more used for deliveries of goods, expect dronejacking and other attacks. Hackers can also cause drones to malfunction with malware, resulting in injuries.”

Image Source: Adobe Stock

The Internet Takes An Unscheduled Sick Day No, if you type Google into Google you cannot shut down the Internet. But with the right kind of attack against DNS, attackers might be able to do some real damage. This year saw some unprecedented DDoS attacks when it came to the size, scope and target of attacks. DNS providers were hit hard by some epic floods of traffic, and attackers used methods like reflective attacks to barrage victim networks with some of the biggest attacks on record, tipping the scales at over 1 Tbps of traffic. Given that, maybe it's not so crazy for James Carder, CISO of LogRhythm, to predict that in 2017 we could be in for a total shut down of the Internet for up to 24 hours. 'We'll see a rise in attacks on fundamental protocols of Internet communications. We already started seeing it with DNS,' Carder says. 'In 2017, we're going to see it hit big sometime, somewhere. If the Internet goes down, financial markets will tank.' Image Source: Adobe Stock

The Internet Takes An Unscheduled Sick Day

No, if you type Google into Google you cannot shut down the Internet. But with the right kind of attack against DNS, attackers might be able to do some real damage.

This year saw some unprecedented DDoS attacks when it came to the size, scope and target of attacks. DNS providers were hit hard by some epic floods of traffic, and attackers used methods like reflective attacks to barrage victim networks with some of the biggest attacks on record, tipping the scales at over 1 Tbps of traffic.

Given that, maybe it’s not so crazy for James Carder, CISO of LogRhythm, to predict that in 2017 we could be in for a total shut down of the Internet for up to 24 hours.

“We’ll see a rise in attacks on fundamental protocols of Internet communications. We already started seeing it with DNS,” Carder says. “In 2017, we’re going to see it hit big sometime, somewhere. If the Internet goes down, financial markets will tank.”

Image Source: Adobe Stock

Ransomware At Your Service Without a doubt, 2016 will be known by many in the cybersecurity world as the year of ransomware. We saw a number of predictions around the continued commoditization of ransomware and some further refinement of an already pretty mature ransomware value chain. One of the more interesting forecasts was that ransomware is likely to grow even more user-friendly - or should we say victim-friendly? 'As awareness around ransomware grows and fewer people click on links, ransomware operators will need to take steps to improve their ransomware conversation rate by making it easier for ransomware victims to pay up. In 2017, we'll see the widespread availability of ransomware customer support with more attackers offering FAQs, tech support forums, and even call centers to walk victims through paying and restoring their data,' says Todd O'Boyle, co-founder and CTO of Percipient Networks. 'And to increase their chances of being paid, many ransomware operators will lower their prices, be open to negotiation, and offer discounts.' Image Source: Adobe Stock

Ransomware At Your Service

Without a doubt, 2016 will be known by many in the cybersecurity world as the year of ransomware. We saw a number of predictions around the continued commoditization of ransomware and some further refinement of an already pretty mature ransomware value chain. One of the more interesting forecasts was that ransomware is likely to grow even more user-friendly – or should we say victim-friendly?

“As awareness around ransomware grows and fewer people click on links, ransomware operators will need to take steps to improve their ransomware conversation rate by making it easier for ransomware victims to pay up. In 2017, we’ll see the widespread availability of ransomware customer support with more attackers offering FAQs, tech support forums, and even call centers to walk victims through paying and restoring their data,” says Todd O’Boyle, co-founder and CTO of Percipient Networks. “And to increase their chances of being paid, many ransomware operators will lower their prices, be open to negotiation, and offer discounts.”

Image Source: Adobe Stock

Not A Movie Title: Return Of The Worm A number of prognosticators weighed in on new possibilities for the resurgence of worm attacks in various guises. '2017 will be the return of the worm,' says Lamar Bailey, senior director of security R&D at Tripwire, specifically pointing to IoT applications as prime targets. 'The inherent insecurity in the majority [of] IoT devices, due to the fact vendors are valuing time to market over security, makes them ripe for exploit. Consumers are buying and installing these devices in record numbers to make their life easier but in many cases they are opening up their homes to complete external surveillance and control.' Most recently, academic researchers showed how smart lighting fixtures in large cities could be attacked by a worm to essentially create a chain reaction attack against a smart city's infrastructure. In a similar vein, one forecaster believes that 2017 will see a potential rise of the Wi-Fi worm, something that was first proof-of-concepted in 2014. 'Basically, an infected device would contain code that attempts to copy itself to routers via Wi-Fi connections. Once a router becomes infected, the worm then attempts to find and replicate itself to more routers,' says Sean Sullivan, security advisor for F-Secure. 'A Wi-Fi worm is a logical extension of what we've seen with Mirai, and I think current technologies and tactics have put this within reach.' Image Source: Adobe Stock

Not A Movie Title: Return Of The Worm

A number of prognosticators weighed in on new possibilities for the resurgence of worm attacks in various guises.

“2017 will be the return of the worm,” says Lamar Bailey, senior director of security R&D at Tripwire, specifically pointing to IoT applications as prime targets. “The inherent insecurity in the majority [of] IoT devices, due to the fact vendors are valuing time to market over security, makes them ripe for exploit. Consumers are buying and installing these devices in record numbers to make their life easier but in many cases they are opening up their homes to complete external surveillance and control.”

Most recently, academic researchers showed how smart lighting fixtures in large cities could be attacked by a worm to essentially create a chain reaction attack against a smart city’s infrastructure.

In a similar vein, one forecaster believes that 2017 will see a potential rise of the Wi-Fi worm, something that was first proof-of-concepted in 2014.

“Basically, an infected device would contain code that attempts to copy itself to routers via Wi-Fi connections. Once a router becomes infected, the worm then attempts to find and replicate itself to more routers,” says Sean Sullivan, security advisor for F-Secure. “A Wi-Fi worm is a logical extension of what we’ve seen with Mirai, and I think current technologies and tactics have put this within reach.”

Image Source: Adobe Stock

Containerization Can't Contain Breaches With the rise of DevOps and increasingly automated IT provisioning, containerization has rocketed into the limelight within developer circles. But for the most part, containerization has been contained to development and test environments. That is going to change, says Rick Fitz, senior vice president of IT markets for Splunk. 'The reluctance to run containers in production environments will stop meeting resistance next year thanks to the maturation of tools such as Mesos container management and Kubernetes orchestration,' Fitz says. 'Running container-based apps in production will move the benefits of microservices from promise to actualization.' With that change, expect containerization to grow as an attack vector. 2017 will likely bear that out, says Tyler Reguly, manager of software development at Tripwire, who predicts that at least one major breach will be caused due to some kind of containerization problem. 'Container software like Docker is skyrocketing in popularity right now. However, the ability to manage and secure those containers isn't progressing at the same pace. One of the big issues is that software in containers doesn't get updated or managed via most traditional processes. This can lead to out-dated containerized software and, in cases where server software is utilized, they could ultimately lead to a major compromise.' Image Source: Adobe Stock

Containerization Can’t Contain Breaches

With the rise of DevOps and increasingly automated IT provisioning, containerization has rocketed into the limelight within developer circles. But for the most part, containerization has been contained to development and test environments. That is going to change, says Rick Fitz, senior vice president of IT markets for Splunk.

“The reluctance to run containers in production environments will stop meeting resistance next year thanks to the maturation of tools such as Mesos container management and Kubernetes orchestration,” Fitz says. “Running container-based apps in production will move the benefits of microservices from promise to actualization.”

With that change, expect containerization to grow as an attack vector. 2017 will likely bear that out, says Tyler Reguly, manager of software development at Tripwire, who predicts that at least one major breach will be caused due to some kind of containerization problem.

“Container software like Docker is skyrocketing in popularity right now. However, the ability to manage and secure those containers isn’t progressing at the same pace. One of the big issues is that software in containers doesn’t get updated or managed via most traditional processes. This can lead to out-dated containerized software and, in cases where server software is utilized, they could ultimately lead to a major compromise.”

Image Source: Adobe Stock

Minority Report: Infosec Edition Machine learning and behavioral analytics have been the holy grail of detection and prevention technologies over the past five years. According to some, the capabilities in this arena have greatly advanced lately. Chase Cunningham with A10 Networks believes the technology suitors will make honest women out of their prospective customers in 2017 with significant capability gains --including new features that can not only detect attacks but predict them. 'Math, machine learning and artificial intelligence will be baked more into security solutions. Security solutions will learn from the past, and essentially predict attack vectors and behavior based on that historical data,' says Cunningham, who is director of cyber operations for A10. 'This means security solutions will be able to more accurately and intelligently identify and predict attacks by using event data and marrying it to real-world attacks.' Image Source: Adobe Stock

Minority Report: Infosec Edition

Machine learning and behavioral analytics have been the holy grail of detection and prevention technologies over the past five years. According to some, the capabilities in this arena have greatly advanced lately. Chase Cunningham with A10 Networks believes the technology suitors will make honest women out of their prospective customers in 2017 with significant capability gains –including new features that can not only detect attacks but predict them.

“Math, machine learning and artificial intelligence will be baked more into security solutions. Security solutions will learn from the past, and essentially predict attack vectors and behavior based on that historical data,” says Cunningham, who is director of cyber operations for A10. “This means security solutions will be able to more accurately and intelligently identify and predict attacks by using event data and marrying it to real-world attacks.”

Image Source: Adobe Stock

JScript Takes The Most Attacked Mantle From Flash The more things change, the more they stay the same. And according to at least one expert, a drift away from Flash could put JScript in the spotlight for all the wrong reasons. 'As Flash phases out, JScript will take its place as the leading browser-exploitation vector. Attackers will continue to use browsers as their first choice of attack vehicle. After all, browser exploitation is still the most convenient attack vector since it requires less manual intervention and easily hits the masses,' says Udi Yavo, CTO and founder of enSilo. Image Source: Adobe Stock

JScript Takes The Most Attacked Mantle From Flash

The more things change, the more they stay the same. And according to at least one expert, a drift away from Flash could put JScript in the spotlight for all the wrong reasons.

“As Flash phases out, JScript will take its place as the leading browser-exploitation vector. Attackers will continue to use browsers as their first choice of attack vehicle. After all, browser exploitation is still the most convenient attack vector since it requires less manual intervention and easily hits the masses,” says Udi Yavo, CTO and founder of enSilo.

Image Source: Adobe Stock

Source: http://www.darkreading.com/endpoint/8-boldest-security-predictions-for-2017/d/d-id/1327759?_mc=RSS%5FDR%5FEDT&image_number=9

Find out how to protect yourself and business at: http://cyber.aspida.org