Cybersecurity trends 2017: malicious machine learning, state-sponsored attacks, ransomware and malware

Vendors, hackers, banks, businesses, countries and shadowy state actors all seem locked in a perpetual game of cat and mouse

By Tamlin Magee
Jan. 4, 2017

Machine learning

Intel Security's McAfee Threat Predictions for 2017 (PDF) notes that advances in technology are a neutral tool, and so while incredible developments in emerging technologies like machine learning should be welcomed, increasing accessibility will also make them available to cybercriminals. And for machine learning in particular,

Intel Security's Eric Peterson cites the Business Email Compromise scam - where individuals in companies are targeted through social engineering, and directed to fraudulently transfer money to bank accounts. There have been instances where the attacks have coincided with business travel dates for executives to increase the odds of the scam's success, Peterson says. Combine reams of publicly available data with already-available complex analysis tools and it is entirely possible, the company warns, that criminals could build malicious machine learning algorithms to pick targets more precisely and with greater levels of success.

"Looking to 2017 and beyond, we might even see purveyors of data theft offering 'Target Acquisition as a Service' built on machine learning algorithms," Peterson says. "We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017."


One strain of attack organisations have struggled to deal with over the last few years is ransomware - that hackers gain access to a business or individual's servers and encrypt the data. The hackers demand a ransom, typically something affordable enough for it to be less of a headache that an organisation pays, rather than going through the potentially arduous and more expensive processes of recovering the data through infrastructure safeguards.

Most security vendors say that the only way these attacks will stop is when organisations refuse to pay - but it's easy to understand from a company's perspective why coughing up the change might be the more appealing option. There are no guarantees, of course, that they will actually get the data back after the ransoms are paid - and there have been recorded incidents where law enforcement has permanently removed data dumps online, meaning it's lost forever,

Intel Security expects that ransomware will increasingly move into mobile.

"In 2017, we expect that mobile ransomware will continue to grow but the focus of malware authors will change," says Intel Security's Fernando Ruiz. "Because mobile devices are usually backed up to the cloud, the success of direct ransom payments to unlock devices is often limited."

This means that malware authors are likely to combine mobile device locks with other attacks, like credential theft. Android/Svpeng, for example, targeted banking credentials - and in 2017, trojans will probably turn towards mobile devices, mixing up device locks and other ransomware attacks with more typical man in the middle attacks, to steal primary and secondary authentication factors, Ruiz says, enabling access to bank accounts and credit cards.

Previous Page  1  2  3  4  Next Page