In the ever changing and increasingly complex landscape of cyber security, Chester Wisniewski, senior security consultant and other experts at Sophos, a global security software and hardware company, offer their top predictions for 2016.

Android threats will become more than just headline-grabbers

Next year will see an increase in the number of Android exploits becoming weaponized (as opposed to bugs like Stage fright which was heavily reported earlier in 2015 but was never fully exploited).

There are significant vulnerabilities on the Android platform which can take months to patch. Although Google claims that nobody has actually exploited these vulnerabilities to date, it will ultimately be an invitation too tempting for hackers to ignore.

Sophos Labs has already seen samples that go to extreme lengths to avoid App Store detection and filtering—giving Apps a better chance of surviving on App stores.

For example, some hackers will design an App that loads harmless games if it thinks it is being tested, but then loads the malicious payload when it detects it is ‘safe’ to do so. And more recently, we saw mobile users using third- party app markets, being tricked into granting malicious apps from the adware family Shedun with control over the Android Accessibility Service.

Once they’ve handed over control the app has the ability to display popups that install highly intrusive adware, even if a user has rejected the invitation to install it. Because the apps root the device and embed themselves into the system partition they can’t easily be uninstalled. Android malware can be complicated and consumers cannot necessarily trust the App Store to detect these vulnerabilities in every instance.

Will 2016 be the year iOS malware goes mainstream?

“We’ve already seen the Apple App Store get hit a few times this year, once with the InstaAgent app, which snuck through the vetting processes and which both Google and Apple pulled from their respective app stores, and before that, with XcodeGhost, which tricked Apple app developers into incorporating the code into their apps, thereby infecting them but cleverly hidden behind what looked like Apple code,” said Wisniewski.

With more and more apps coming onto the market (both Apple and Google have more than a million apps each in their official marketplaces to date), it is not hard to imagine more criminals trying their hand at getting past the existing vetting processes.

“Nevertheless, the nature of Android, in particular support for the flexibility of third party markets will continue to contribute towards Android being an easier target than iOS,” Wisniewski noted.

IoT platforms

Every day, more and more technology is being incorporated into our lives. Internet of Things devices are connecting everything around us and interesting new use cases are appearing constantly. IoT will continue to produce endless scary stories based on the fact that these devices are insecure (early 2015 saw many stories focusing on webcams, baby monitors and children’s toys and latterly cars have become a hot topic – researchers hacked a jeep in July).

“However, we won’t see widespread examples of attackers getting IoT devices to run arbitrary code any time soon. Because they are not general purpose computing devices with the same broad suite of interfaces that we have on desktops/mobiles, IoT devices are relatively protected. What we will see is more research and PoCs demonstrating that non-vendor code can be installed on these devices because of insufficient validations (lack of code-signing, susceptibility to MitM-class exploitations) by the IoT vendors,” said Wisniewski.

“We can expect an increase in data-harvesting/leakage attacks against IoT devices, wherein they are coaxed to disclose information that they have access to, e.g. video/audio feeds, stored files, credential information for logging into cloud services, etc.”

And as IoT devices evolve in their utility and ability to interact with their surrounding, i.e. as they become “roboticized” – an app-controlled Roomba for example – the set of security concerns around IoT will start becoming very similar to the set of security concerns around SCADA/ICS, and the industry should look toward the best guidance that NIST, ICS-CERT and others have formulated.

SMBs will become a bigger target for cybercriminals

Throughout 2015, the focus has been on the big glamorous hacking stories like Talk and Ashley Maddison, but it’s not just big businesses that are being targeted. A recent PwC report revealed that 74 per cent of SMBs experienced a security issue in the last 12 months, and this number will only increase due to SMBs being perceived as ‘easy targets’.

Ransomware is one area where criminals have been monetizing small businesses in a more visible way this year. Previously, payloads  – such as sending spam, stealing data, infecting websites to host malware – were far less visible so that small businesses often didn’t even realize they had been infected. Ransomware is highly visible and has the potential to make or break an SMB if they do not pay the ransom.  This is why, of course, criminals are targeting SMBs. Expect to see this ramp in 2016, says Sophos Labs.

Lacking the security budgets of large enterprises, SMBs often apply a best-effort approach to security investments, including equipment, services, and staffing. This makes them vulnerable as hackers can easily find security gaps and infiltrate the network. On average, a security breach can cost a small business anywhere up to GBP75,000 ($11,300) – a significant loss for any business. It’s important therefore that SMBs take a consolidated approach to security.

This requires a thoughtfully planned out IT strategy to prevent attacks before they happen. Installing software that connects the endpoint and the network will mean a comprehensive security system is in place where all components communicate, and ensure there are no gaps for hackers. – TradeArabia News Service