McAfee: Cyber Criminals to Target Cloud Technology, IoT Systems
Hackers are expected to take advantage of vulnerabilities associated with cloud technology and the Internet of Things, according to McAfee Labs 2017 Threat Predictions report, released late last year.
Other predictions, including a major advancement in threat intelligence sharing, hacktivists targeting consumer privacy and a decline in mobile app vulnerabilities are outlined in the report.
According to the report, an area of vulnerability is data contained in cloud technology. With more businesses reliant on storing information in the cloud, the report predicts that cloud breaches will increase. This is the result of more sensitive data being stored in the cloud and hackers’ growing interest in obtaining stored information deemed valuable to them.
According to the report, there will be continued conflicts surrounding speed, efficiency and cost that are pitted against control, visibility and security.
Credential theft will be the initial focus of cyber attacks, according to the report, as people and their passwords “remain the biggest weakness throughout most technologies for the foreseeable future.”
The McAfee report outlined how hackers will attack, explaining the current north-south attack pattern, which is a way to move up or down systems to gain access through a system vulnerability, will continue to be used. In addition, hackers will explore east-west attacks, meaning they will try to jump from machine to machine or between the cloud and a server. Multiple organizations within a cloud service provider will be targeted. In addition, the growth of the Internet of Things devices will cause vulnerability in cloud security models. According to the report, “attackers, including for-hire attackers, will use clouds for scale, speed and anonymity.”
There is a significant threat of IoT attacks; however, the financial gains from such attacks are not completely known. The report predicts ransomware will migrate to this area of cyber security vulnerability. Consumer privacy will be impacted negatively by IoT, according to the report. In addition, the lack of appropriate security of these devices will likely lead to cyber criminals using IoT devices as a gateway to more comprehensive attacks on intellectual property and infrastructure disruption.
Another significant area of concern, are the aggregation points where data is collected within IoT systems. Hackers could get a big payday by attacking the data storage for all of the information derived from a particular company’s IoT device, the report stated.
Medical devices continue to be targeted as hackers seek medical data.
Despite the risk, IoT adoption will remain high, the report stated, the result of its benefits outweighing its disadvantages.
As hackers continue to get creative in obtaining cyber data, security vendors and IoT providers will be working to develop better security controls through new encryption options, device control systems and behavioral monitoring.