Intel Security: 2016 Cybercrime Predictions And What VARs Can Do For Their Clients

By Christine Kern, contributing writer

Intel Security’s McAfee Labs released predictions for cybercrime next year and beyond to 2020 in the McAfee Labs Threat Predictions Report.

Among the predictions for 2016 is a new target for cybercriminals: wearable devices. Bruce Snell, Intel Security cybersecurity and privacy director, tells Business Solutions, “There have been proof of concept [POC] hacks against fitness trackers and typically we see malware in the wild about six to 12 months later. Once a POC is released, it sparks others to look into the vulnerable device and find out how they can reproduce, and sometimes improve, the results.”

The report also states that experts expect automotive security attacks to increase; cybercriminals will identify and exploit zero-day vulnerabilities that could impact road safety and create transportation deadlocks. Snell adds, “The Jeep hack over the summer required the attacker to know specific information about the vehicle in order to eventually connect to its IP address. For the typical driver, this information would be difficult to obtain without direct access to the vehicle. However, if you’re a logistics company with a large fleet of vehicles that you monitor and track, this does make you a more attractive target.”

The report also warns that as your clients improve security, criminals could shift their focus to your clients’ employees to gain access to corporate networks. They could also look for inadequately protected cloud services as a way to steal data. According to the report, a significant new attack strategy will be integrity attacks — in which a criminal modifies transactions or data. McAfee Labs is predicting an integrity attack on the financial sector in the coming year.

The report also states 2016 will likely see the continuation of attacks on hardware and firmware and ransomware attacks and a “more robust” dark market for stolen data sets of personally identifiable information. McAfee Labs expects enterprises, security vendors, and perhaps even governments increasingly to share threat intelligence in response.

Long-range predictions through 2020 include an increase in firmware and hardware attacks and cybercriminals trying to avoid detection by targeting new attack surfaces and new strategies such as fileless threats, encrypted infiltration, sandbox evasion malware, and exploits of remote shell and remote control protocols.

With a multitude of attack strategies to combat, Snell says IT solutions providers can focus on three general types of preventative measures to help protect their clients:

1. Establish good procedure around updating and patching. A large percentage of exploits can be prevented by simply having the operating system and applications up to date.
2. Deploy a layered security architecture within the network. Snell explains, “This should at the very least consist of a network security device (IPS or Web gateway) and antimalware on the desktop computers. Larger organizations with greater security needs will also add in elements like data loss prevention (DLP), encryption, and others. The key is to push the threat as far away from your valuable assets and make sure that you don’t have a single point of failure.”
3. Educate everyone in your organization about security. Snell advises teaching employees what a phishing email looks like and what makes a URL suspicious. “The more people think before they click, the lower the overall security risk to your organization. People tend to be the weakest link in security,” he says.

“As a services provider, it’s so important that your customers look to you as a security partner,” Snell comments. “As you take steps to educate your customers on security and work with them to develop a strategy, they will see you less as someone who is trying to just sell them a product and more as someone they can trust. Many organizations don’t know what they need for security and that’s why it’s so important to build that trust relationship. Be the trusted advisor, because trust is in short supply when it comes to security.”

Bernadette Wilson, Business Solutions’ associate editor, contributed to this article.