(Page 2 of 3)
"Strike back," which refers to launching a counter-offensive against cyber hackers will receive a lot of attention but won't be implemented in most organizations according to WatchGuard. "Strike backs" can include filing lawsuits, launching cyber espionage campaigns, or even launching counter cyber-attacks against attackers. WatchGuard anticipates most organizations won't implement these measures given the jurisdictional challenges of digital attacks which bounce through several countries. Plus, criminals have the ability to plant "false flags" in malware, tricking victims and authorities into thinking someone else is behind the attack.
We'll Pay for Our Lack of IPv6 Expertise
Next year, WatchGuard expects to see an increase in IPv6-based attacks and IPv6 attack tools. While the IT industry continues to be slow at adopting IPv6 into their networks, most new devices ship IPv6-aware and can create IPv6 networks on their own. Many IT professionals don't have a deep understanding of IPv6's technicalities, yet they have IPv6 traffic and devices on their networks. This also means most administrators haven't implemented any IPv6 security controls, opening the door to attackers looking to exploit unprotected weaknesses.
Android Pick Pockets Try to Empty Mobile Wallets
Based on the following three factors, WatchGuard expects to see at least one vulnerability, even if just a proof-of-concept, that allows attackers to steal money from Android devices.
1. Mobile malware is skyrocketing.
2. Cyber criminals are targeting Android devices more than any other because of the platform's openness.
3. People are increasingly using mobile devices for online payments. Plus, many vendors, including Google, are starting to launch Mobile Wallets, which attaches credit cards to mobile devices.
An Exploit Sold on the "Vulnerability Market" Becomes the Next APT
WatchGuard expects that at least one auctioned-off zero day exploit will emerge as a major targeted attack this year. Vulnerability markets or auctions are a new trend in information security, allowing so-called "security" companies to sell zero day software vulnerabilities to the highest bidder. While they claim to "vet" their customers and only sell to NATO governments and legitimate companies, there are few safeguards in place to prevent nefarious entities to take advantage.
Important Cyber Security-Related Legislation Finally Becomes Law