Software security firm Kaspersky Lab is holding the APAC Cyber Security Summit in Malaysia, where it is talking about the current security trends and threats faced by individuals and businesses in the region and across the world.
Gadgets 360 spoke to Vitaly Kamluk, Principal Security Researcher at Kaspersky Lab, who discussed Kaspersky's predictions for the global security landscape in 2016. Here they are:
Ransomware is a relative new online phenomenon, where the victims are locked out of their devices, unless they pay a ransom to the attacker. Since most users don't back up their devices, many agree to pay to get access to their important data. It a lot more appealing to attackers as well, since the payout is immediate, especially when compared to traditional attacks where they had to steal financial information and then use it to gain access to the money.
According to Kamluk, the amounts involved in ransomware attacks are usually not too huge, and users are also less likely to report such cases, which decreases the possibility of attracting attention from government authorities. As a result, he sees ransomware attacks getting really popular in 2016.
Mobile ransomware is already a reality and Kamluk believes it will be one of the biggest trends in 2016, with users being locked out of their mobiles unless they pay up the ransom. According to Sergey Lozhkin, Senior Security Researcher at Kaspersky, 98 percent of all current mobile malware targets Android, which should tell you which set of users needs to worry the most about this trend.
OS X could also be another target in 2016, and Kamluk believes attackers see Mac users as more affluent, so they could be asked to pay bigger ransoms than their PC counterparts. IoT ransomware will also be on the rise, and it's hard to disagree with Kamluk on this one - we'd hate to be locked out of our Internet-connected refrigerator, and will happily pay up whatever is necessary to get our hands on the pizza inside come meal time.
2) Attacks on researchers and developers
Kamluk believes researchers will be one of the top targets in 2016, as attackers will try to compromise popular tools used for reverse engineering, virtualisation, debugging, and even various PGP implementation themselves. Code repositories like Github and other channels frequented by developers could be another popular target as a way of injecting code into the entire ecosystem. This means we could see more XcodeGhost-like incidents in 2016.
3) Financial attacks
Kamluk hinted that payment systems like Apple Pay and Android Pay are on the radar of hackers and the next big attack could be used to exploit one of more of these systems. He admitted that the company predicated the same for 2015, and as these systems become deployed in more markets, the probability of such an attack increases.
4) Abuse of trust
One of the biggest threats in 2016 will come from the comprise of websites that consumers implicitly trust, for example the Intranet or Sharepoint, which are used to share information within a company.
5) Extortion and shaming
According to Kamluk, 2016 will see more cyber-extortion and shaming attacks similar to this year's Ashley Madison case.
6) The end of APT
This one is for those who track security trends rather closely. Kamluk believes the Advance Persistent Threats - or ATPs as they are known in the security world - will see a decline in 2016. However, don't go celebrating just yet, as Kaspersky sees newer memory-resident or file-less malware replacing them, which will be even harder to detect.
Disclosure: Kaspersky Lab sponsored the correspondent's flights and accommodation for the event in Malaysia.