Cybersecurity changes rapidly. Those with valuable insights can better prepare for the shifting risks and opportunities. McAfee has just released the McAfee Labs 2016 Threats Predictions, a report covering both cybersecurity predictions for the coming year as well as a five-year look forward at the changing security field. Collectively, the report paints a picture of a growing technology landscape and the attackers who are maneuvering for an unfair advantage at the expense of others.
I am honored to have contributed to this year’s exercise, collaborating with a stellar group of experienced security experts. Many of the predictions are logical extensions of current attacks, newsworthy events, or tied closely to the growth of technology.
One prediction in particular may surprise people. The growth of integrity attacks could be the unexpected shift that will fuel significant change in perspectives, expectations, and controls.
Unlike denial-of-service attacks, which undermine the availability of entire systems, or data breaches, which steal confidential data, integrity attacks maliciously modify data or transactions.
We have seen a number of cases in which attackers with financial motivations are undermining the integrity of data for their benefit. These types of attacks can be very selective and discrete, making them extremely difficult to detect, prevent, and correct. Perhaps most important, such maneuvers have generated an unexpectedly shocking amount of loss and victims angst.
Banking infrastructure malware Carbanak, which was discovered in 2015, infected banks and selectively modified systems to create a small number of fraudulent transactions that fleeced hundreds of millions of dollars in a single coordinated campaign.
In separate attacks, business victims have seen their email systems tampered with. Fraudulent messages crafted from executives’ accounts to accounts-payable departments instructed money transfers to be made immediately to a third party. These messages were not actually from the executives, but rather from attackers who were able to gain administrative access to the communication tools and use them to send funds to entities they controlled.
Crypto-based ransomware is another example of an integrity attack. Consumers, businesses, and even government agencies have been victimized, with selected files of infected systems encrypted by the attackers and held for ransom. The Cyber Threat Alliance, which includes McAfee, recently published a detailed analysis showing how one such ransomware, CryptoWall, is responsible for taking a staggering $325 million from its victims.
Attacks designed to undermine the integrity of systems and data tend to create emotional distress in victims as they suffer from being targeted in a very personal way. Their family pictures are held for ransom, emails with their addresses are forged, and select transactions from their companies are tampered with. From a security perspective, the current generation of tools is not designed or optimized to protect from such attacks. The resulting impacts may be enough to fundamentally change opinions and expectations of security.
Overall, we at McAfee believe integrity-based attacks will continue to rise in 2016 and beyond, as they are proving lucrative for attackers and troublesome for defenders.
To protect technology, users, data, and digital services, we all must understand the challenges we will face in the future. Download the free report and gain the insights of experts at McAfee.