Ransomware, hacktivism, dronejacking and other threat predictions from McAfee

Once again, it’s time for Intel/McAfee to scare us with its annual report on computer security threats.

The 2017 report comes after a high-profile security breach close to home: San Francisco’s Muni transit system was hacked over Thanksgiving weekend, leading it to suspend the collection of light-rail fares for a couple of days.

While security experts said the ransomware attack didn’t pose a threat to public safety because transit agencies’ critical systems are usually separate from networks used by employees, the hackers are threatening to publish employee and customer information, Erin Baldassari wrote for the Bay Area News Group.

McAfee Labs predicts that ransomware attacks — which typically lock computer users out of their own networks until they pay a ransom — will continue, peak midyear, then drop off at the end of 2017.

“Ransomware was one of 2016’s major stories,” Vincent Weafer, vice president for McAfee Labs, said in a phone interview.

McAfee said in its most recent quarterly report that there were more than 7 million ransomware samples in the second quarter of 2016. And ransomware attacks grew 128 percent year over year, McAfee found. They included healthcare-related attacks, such as when a Los Angeles hospital paid $17,000 in ransom in February, plus subsequent attacks on other such facilities.

Wafer said the ransomware growth rate probably peaked this year, that the volume of attacks may peak in the middle of 2017, and that the attacks will probably fall toward the end of next year as companies catch on and take advantage of better tools and identification and prevention techniques.

The Muni hack also touches on another prediction in McAfee’s threat report: that hacktivists will continue to wreak havoc to bring attention to security concerns. The Muni hacker/s — who reportedly asked for $70,000 in bitcoins — also said the attack was meant to expose weaknesses in the agency’s computer systems.

Other examples of hacktivist attacks this year included attacks on banks, the Democratic National Committee, the World Anti-Doping Agency.

The McAfee report notes that hacktivists will help open consumers’ eyes about the data that we’re giving away, and that the ensuing public outrage could force changes in laws and policies.

Among the other security issues to watch in the coming year, according to the report:

  • Internet of things. Weafer cited recent attacks on the IOT, such as the Mirai malware that has affected routers, and also was a factor (it infected webcams) in the attack on internet-traffic management company Dyn that disrupted Twitter, Netflix and other popular websites and services earlier this month. “The underlying vulnerabilities are real,” Weafer said. “The sheer volume of these devices is real.”
  • Dronejacking. Possibilities include people using software to create electronic no-fly zones; intercepting or interfering with deliveries by drone; stealing expensive cameras attached to drones; and fighting government surveillance. Again, those darn hacktivists likely stirring things up. It’s early yet, but the risks are similar to those being faced by the internet of things, Weafer said, “because of commercialization and the sheer volume of these things out there.”
  • Fake ads and likes. The report warns that fake ads, paid likes and reviews are here to stay. That means it’ll be hard to trust what we read and see online. The report also warns about fake security warnings such as bogus Windows installation alerts.


Photo from Associated Press 


Tags: , , , , ,


Share this Post