The number of new ransomware families is to rise 25% in 2017 as attackers increasingly look to target industrial environments in the new year, according to Trend Micro.
The security giant’s year-end predictions report, The Next Tier, claimed that although 2016 was a tipping point in ransomware, cyber-criminals will diversify into next year to hit more victims and platforms.
Among these could be ATMs, POS systems and even industrial environments.
Industrial systems will also come under attack from malware like the BlackEnergy trojan which was used to devastating effect by hackers to shut down Ukrainian power stations in December 2015, the report claims.
With SCADA systems accounting for nearly a third (30%) of vulnerabilities discovered by Trend Micro business TippingPoint this year, there’ll be plenty of opportunity in this area for the black hats.
Another area to watch next year will be so-called cyber-propaganda – the use of the internet to spread wholly false news stories to smear political candidates and others. We’ve already seen presidential elections and key votes won on the back of such tactics and the lack of vetting on social media coupled with naïve netizens could make for a dangerous combination, the report warned.
Elsewhere, Business Email Compromise, or CEO fraud, will continue to grow in popularity among the hacking community – especially as the average scam nets the black hat around $140,000, versus just $722 for a ransomware infection, Trend Micro claimed.
It will be joined by what Trend Micro has named Business Process Compromise (BPC) attacks such as the $81 million cyber heist at Bangladesh Bank.
These attacks involve a higher degree of skill and more advanced planning and could include hacking into a purchase order or payment delivery system in order to add, modify, or delete entries or intercept and modify transactions. The end goal, like BEC, is to illegally transfer corporate funds to a third-party account owned by the hackers.
The report also claimed Apple and Adobe would overtake Microsoft in terms of platform vulnerability discoveries.
Trend Micro chief cybersecurity officer, Ed Cabrera, told Infosecurity that 2017 would see cyber-criminals cause enterprises more problems in trying to find new ways to obfuscate attacks.
“While machine learning has become a bit of a buzzword in the industry, it really is critical for combating both known and unknown threats. Coupled with customized sandboxing and behavior monitoring, machine learning deployed at the right place and at the right time provides maximum protection with minimal impact,” he added.
“Evolving threats will require evolving protection, and for 2017 and beyond a cross-generational approach of threat mitigation will be key for successful enterprise security.”