Everything from wearables and smart homes to drones and ad blockers could be increasingly susceptible to hackers in 2016, according to cybersecurity expert James Michael Stewart. In this white paper, Stewart predicts that a wide range of disastrous data breaches will occur this year as hackers have adapted to the latest technologies to automate attacks on today's devices and software. Stewart issues a call to action for organizations and individuals to work toward avoiding these unwanted events, minimizing their effect, or preventing their materialization altogether. Pay attention. Be proactive. Stay secure.
The many security breaches over the last year have taught us new lessons or clarified ones we should have already known. But history is doomed to repeat itself. By failing to learn from the mistakes or misfortunes of others, our digital world remains vulnerable. The onslaught of new, developing threats coupled with already well-known persisting ones will continue to bombard our information infrastructure with potentially disastrous results. In this white paper, I discuss my 10 security predictions for 2016.
1. Digital Extortion Will Become Fully Automated
Since 2013, there has been an increase in a new form of malware, called ransomware which takes over a computer system, often using encryption to hold files hostage, then demands payment in order to release the data back to the user. Ransomware is just one example of a “modern” malicious code. Other forms include fake or rogue anti-virus programs, law enforcement Trojans, and elaborate phishing scams aimed at taking over an account or stealing an identity.
Doxing is another growing trend in malicious activity. The general concept of doxing is researching someone to learn embarrassing secrets, discover illegal activities, or simply reveal private or sensitive information about that person to the public. Doxing is often performed to discredit or devalue someone. It can be devastating to the victim’s personal and professional life.
Unfortunately, I foresee these two malicious activities combining into a new form of attack called digital extortion. Rather than simply taking a system hostage, such malware could gather documents, images, etc., from a system, then transfer them to a botnet cloud, then present the victim with some form of ransom demand, blackmail request, or other form of extortion. The victim may be given a period of time during which the hackers promise to keep the victim’s secrets secured. But hackers could return in a few months to make yet another demand and threaten to release the data. By failing to meet the demands of the hackers, the victim’s stolen information could be posted across the Internet on social networks, discussion forums, and file servers.
This type of extortion has always occurred, even before the Internet existed, but in a manual form against targeted victims. However, I anticipate that an automated form of this contemptuous activity will be discovered in 2016, fully automating the process to be used against anyone unlucky enough to encounter the infection vector.
2. A Digital Payment System Will Be Compromised
Digital payment systems have been springing up like weeds. With the popularity of near field communication (NFC) and radio frequency identification (RFID) payment systems, such as Apple Pay and Android Pay, many other groups have attempted to roll out their own systems. Banks, credit card groups, specialty vendors, mobile device manufacturers, retail conglomerates, and others have announced their own digital payment system hoping to catch some of the tidal wave of potential future profits.
While the world might be shifting to a mobile device–based payment solution eventually, the idea is still not widely adopted. Few retailers support one, much less all, of the available payment systems. Most consumers do not have a device that supports mobile payments. Generally, when a retailer supports a payment system that a consumer has the ability to use, the equipment is often malfunctioning or the cashier is unfamiliar with how to accept the payment. I personally have yet to have a single successful digital payment with my mobile device. Each time, I’ve had to take out my wallet to complete the transaction.
However, the inability to use mobile payment systems everywhere is not my prediction. I actually think the systems will become more widely available and more consumers will prefer to use a mobile device for transactions in the next few years. My 2016 prediction is that one of these mobile payment systems will be breached. It seems that too many groups are attempting to craft their own mobile payment solutions, while racing to beat other competitors in winning over the marketplace. This creates a fertile environment for multiple groups to fail to address security properly. Thus, it is highly likely that hackers will uncover a serious flaw that will be exploited to the detriment of the payment system and the corresponding banks and merchants, as well as the consumers themselves. A mobile payment system breach would cause significant loss of revenue, loss of privacy, unauthorized charges or money extractions, identity theft, and other related casualties.