Cybercriminals are poised for more sophisticated attacks in 2017. What risks do these cyberthreats pose to your network security?

Proactive measures and vigilance are the keys to staying ahead of the threat curve. With that in mind, these are three major risks to be aware of in 2017.

Social engineering

Would you click on anything in an email with this message?

“Your card was used at ATM in United Kingdom. You must fill out cardholder information form, click here.”

If not, you’re ready for last year’s cybercriminal. The latest version, however, is much more sophisticated. One of the most frequent techniques employed is social engineering, where an attacker will obtain personal information about their target to execute an attack.

Phishers can use information on social media to further their intrusion efforts.

In the cases examined in Verizon’s 2016 Data Breach Investigations Report, nearly 10,000 breaches were phishing attempts – a form of social engineering where a target is tricked into clicking on a malicious link in a specifically targeted email.

This method of cyberattack is likely to intensify in the new year. According to McAfee Labs’ 2017 Threats Predictions, increased machine learning capabilities could be leveraged for social engineering attacks. With large enough data sets to study, cybercriminals could train predictive bots to identify high-value and susceptible targets.

Ransomware and the IoT

Other intrusion methods, such as ransomware, can be far more direct than social engineering. In this technique, malware like CryptoLocker infects a system and encrypts key files or software, preventing the owner from accessing them. The attacker then demands a ransom to restore access.

According to Verizon, ransomware saw the largest increase in frequency among data breach types in 2016.

A growing internet of things (IoT) – the network of connected smart devices – has presented cybercriminals with a new field of ransomware opportunity: locking owners out of their own technology. McAfee notes that recent IoT ransomware attacks in healthcare and infrastructure are indicators that the wider IoT is at risk.

DDoS attacks against the Cloud

Similar to ransomware, a distributed denial of service (DDoS) extortion involves locking a target out of a particular file, system or device. Rather than sneaking in malware, this attack overwhelms a website or server with countless attempts to access it, leading to a shutdown. Denial of service attacks were the reason Australian census servers crashed in 2016, leaving millions unable to lodge their forms.

Verizon and McAfee both predict that attackers will look to employ this type of extortion against cloud-service providers and the organisations that make use of them.

Staying vigilant and working with a trusted security services partner are essential strategies for 2017. Contact Telarus today to learn how we can help your organisation.