The 2016 Outlook For Cybercrime: What To Do To Keep Data And Systems Safe

By Ian Trump, Security Lead, MAXfocus

Peering forward into 2016 and knowing something about the murky cybercrime underworld behavior of 2015, it’s fairly simple to throw down some predictions as to what the Internet will look like over the coming year. If you have been following the information security pace for a while, you know that just as we approach and eclipse the holiday season it’s time for all the security and IT companies to prognosticate with sensationalized headlines such as “The Top 10 IT Security Nightmares for 2016” Or “2016 the year hackers spy on your business, your kids, your house and even your pet!”

Realistically, from a pragmatic view of information security, 2016 will look a lot like 2015; however, I believe we may actually make some progress in securing data against the bad guys. I don’t say this lightly, but many of us working for security companies have spent much of the past few years writing about how to counter the threat of cybercriminals, and we know what actually works. We also know there are many cost-effective and simple things that can be done to make your customer or business #hard2hack.

According to a 2015 Juniper Research report, cybercrime will become a $2.1 trillion problem by 2019. What is unfortunately not mentioned in the report is what the entire online economy will be worth, let’s just hope it’s more than $2.1 trillion, or there probably won’t be an Internet left for anyone.

Although I am somewhat reluctant to unleash my top predictions for 2016, I will add to the yearly body of literature on the subject, but I’m going to take a different approach. I’m simply more interested in presenting an area of focus and providing the reason why it needs to be on everyone’s agenda, as opposed to listing off a bunch of really bad stuff with no solution to the situation. So, here is my list of the IT security technology focus for 2016 and a little about the threats I think we will see in 2016.

1. Pro Tip For 2016: Focus On Detective Technologies

A recent paper sponsored by the RAND suggested the increasing size and complexity of cybercrime black markets is due to the emergence of criminal organizations as financially driven and highly organized teams capable of developing sophisticated software. Given the success of Carbanak, Dyre Wolf, Shifu, Dridex, and Rovnix Trojans we will see continued, persistent criminal malware attacks. Clearly preventive technologies such as antivirus are not enough; you need to have layered defences that include preventive, reactive and detective technologies.
Given that most of, if not all of, these attacks, were delivered by some sort of phishing email that bypassed, disabled, or modified antivirus software as part of the attack, businesses need to turn to technology and techniques to detect the presence of malware in their systems. Removal of administrative privileges, mail protection, Web protection, and aggressive patch management are key elements to prevent the arrival and infection of malware.

The best defensive systems, try to knock out the threat before it even reaches the end-points — in this case using removal of administrative privileges, mail protection, and Web protection — and if the threat makes it past those measures it will be mopped up by the second layer of defenses — in this case patch management, which means that there will be no vulnerability available for the malware to exploit. Keeping systems up-to-date and maintaining a small attack surface raises the cost for cybercriminals, forcing them to resort to rare and expensive zero-day attacks.

Event log checks, network monitoring and vulnerability scanning will play a vital part in giving you situational awareness and detective capabilities of suspicious behavior inside the network. It’s time to add those to your defensive layers.

And if you’re struggling with how to justify the spend on this further up the chain then this blog post will provide you with all the ammunition you need: Are you set for the war on your data in 2016?

2. Pro Tip For 2016: Focus On Business Resilience Technologies

Cyber extortion, in the form of ransomware and data “hostage takings” will form much of the unsophisticated cybercriminal threat moving forward. Cryptolocker malware reportedly made $30 million last year, proving that even the simple malware is working. I wrote a lot about Cryptolocker defenses in 2015, and it will remain a scourge for small and medium business in 2016.

Many organizations re-image machines if any indications of compromise are detected. In a well-managed network environment, a machine exhibiting activity such as transmission to foreign IP address(es) is identified and investigated. In the case of a ransomware attack, disinfection of the infected end-point and restoration of the encrypted files from backup is the best outcome. Having to pay a ransom means you are not doing a good enough job for your customer or business. 

“Data Hostage” takings were big news last year with Ashley Madison and the TalkTalk breach. After criminals pilfered the personal and financial details of up to 4 million customers. The criminal group demanded a ransom of £80,000. The ensuing damage to TalkTalk, including customer impact and lawsuits, could cost the company up to £35 million. Clearly not letting bad folks into the network is the best defense (see point 1).

3. Pro Tip For 2016: Stay Positive

I know this sounds like some L.A. self help, personal growth nonsense, but I am not breaking out crystals to align your IT chakra. There is a trend that gives me a lot of positivity in IT security started in 2015 and looks to be “winning” against cybercriminals. Law enforcement has stacked up some big wins, including successful prosecutions against DD4BC, Typukin, and MegalodonHTTP in far flung Norway, not to mention the DOJ’s continued success against the highly controversial “Silk Road 2.” All of which suggest things appear to be looking better

Unfortunately, for the small to medium business or managed services provider (MSP), law enforcement is unlikely to descend on the cybercriminals plaguing your networks anytime soon, but things are looking up for you too. The arrival of simple to deploy and manage, yet extremely capable layered security products form cloud services providers has changed the cyber game. More layers will give you a better chance of avoiding cyber pain. If you think that in 2016 antivirus is going to be good enough, you are sadly be mistaken.

Ian Trump is security lead at LogicNow. You can follow Ian on Twitter at @phat_hobbit